Privacy Policy

Last Updated: April 2026

Our Commitment to Your Privacy

At Ausculta Cor, operated by Winter Shand Inc., protecting your personal information is fundamental to the trust you place in us. This Privacy Policy explains what information we collect, how we use it, who we share it with, and the rights you have over your data. It is designed to comply with the Philippine Data Privacy Act of 2012 (R.A. 10173), the California Consumer Privacy Act (CCPA), the Children's Online Privacy Protection Act (COPPA), the general principles of the EU General Data Protection Regulation (GDPR), and the Google API Services User Data Policy, including the Limited Use requirements.

1. WHO WE ARE

Ausculta Cor is a service brand of Winter Shand Inc., a corporation organized and existing under the laws of the Republic of the Philippines, with its principal office at 40th Floor, PBCOM Tower, 6795 Ayala Avenue corner V.A. Rufino Street, Salcedo Village, Bel-Air, Makati City 1209, Metro Manila, Philippines.

For all privacy-related inquiries, data-access requests, and complaints, you may contact our Data Protection Officer at support@auscultacor.com with the subject line "Privacy Request".

2. INFORMATION WE COLLECT

We collect the minimum information necessary to provide our services, process payments, verify client age, and maintain the safety of our agents and clients.

Category Examples
Account Information Name, email address, password (stored encrypted), account creation date, language preference.
Age & Identity Verification Self-declared age (18+ confirmation) at registration. We do not collect government IDs from clients.
Billing & Transaction Data Credit package purchased, transaction amount (USD), transaction reference number, billing country. We do not store full credit card numbers, CVVs, or bank account numbers — these are processed directly by our licensed payment partner.
Session Data Session start/end timestamps, session duration, credits consumed, agent assigned, session rating (if provided).
Communication Content Video and audio streams are routed in real time via our video-infrastructure partner (Agora.io). Sessions are not recorded or stored by default. Randomized quality-assurance sampling may occur with prior disclosure. Text chat messages sent during sessions are retained for up to 30 days for safety and dispute-resolution purposes.
Technical & Device Data IP address, browser type, operating system, device identifiers, access timestamps, referring pages. Used for security, fraud prevention, and service performance.
Support Correspondence Messages you send to support@auscultacor.com and our replies.
Google Sign-In Data If you choose to sign in with Google, we receive your Google Account email address, basic profile information (name and profile picture), and a unique Google Account identifier (OpenID subject). See Section 12 for full details on our use of Google user data.

3. HOW WE USE YOUR INFORMATION

We process personal information only for specific, legitimate purposes:

  • Service delivery — creating your account, authenticating logins, routing your calls to agents, tracking credit balances.
  • Payment processing — securely completing transactions through our licensed payment partner and preventing fraud.
  • Safety and policy enforcement — investigating reports of misconduct, protecting agents from harassment, enforcing our Terms of Conduct.
  • Communications — responding to support requests, sending transactional notices (receipts, account alerts). We do not send marketing email without explicit opt-in.
  • Legal compliance — meeting tax, anti-money-laundering, and regulatory obligations under Philippine and applicable foreign law.
  • Service improvement — aggregate, de-identified analytics to improve platform reliability.

4. HOW WE SHARE INFORMATION

We do not sell your personal information. We share information only with the following categories of service providers, each bound by confidentiality and data-processing agreements:

  • Payment processors — our licensed payment partner processes card and wallet transactions. They receive billing details necessary to complete payments but do not receive session content.
  • Video infrastructure — Agora.io provides real-time video and audio routing. They do not store session content.
  • Hosting and infrastructure — cloud hosting and database providers store account and transaction records in encrypted form.
  • Email delivery — a transactional email provider sends receipts and support replies.
  • Legal authorities — we disclose information only when required by valid legal process (subpoena, court order, lawful regulatory request) or to protect the rights, safety, or property of our users, agents, or company.

Agents do not have access to your billing information, contact details, or payment data. Agents only see your chosen display name during a session.

5. INTERNATIONAL DATA TRANSFERS

Because our clients are primarily located in the United States and our company is registered in the Philippines, your information will be transferred across borders. By using Ausculta Cor, you consent to the transfer of your information to the Philippines and to any other country where our service providers operate. Where required, we rely on Standard Contractual Clauses or equivalent safeguards to protect your data during international transfer.

6. DATA RETENTION

  • Account records: retained while your account is active, plus up to five (5) years after closure for tax, accounting, and legal-compliance purposes.
  • Transaction records: retained for ten (10) years as required by Philippine BIR and AML regulations.
  • Session metadata (duration, timestamps, credits used): retained for two (2) years.
  • Text chat content: retained for 30 days, then permanently deleted.
  • Video and audio streams: not recorded or stored by default.
  • Technical logs: retained for 90 days for security and troubleshooting.

7. YOUR RIGHTS

Depending on your jurisdiction, you have the right to:

  • Access — request a copy of the personal information we hold about you.
  • Correction — ask us to fix inaccurate or incomplete data.
  • Deletion — request deletion of your account and associated personal information, subject to legal retention obligations.
  • Objection / Restriction — object to certain processing activities or ask us to restrict processing.
  • Portability — receive your data in a structured, machine-readable format.
  • Withdraw consent — at any time, without affecting the lawfulness of processing before withdrawal.
  • Lodge a complaint — with the Philippine National Privacy Commission (privacy.gov.ph) or your local data-protection authority.

To exercise any of these rights, email support@auscultacor.com. We will respond within thirty (30) calendar days.

8. CHILDREN'S PRIVACY

Ausculta Cor is strictly intended for adults aged eighteen (18) and above. We do not knowingly collect personal information from children under 18, and we do not market or direct our services to minors. In compliance with the U.S. Children's Online Privacy Protection Act (COPPA), if we learn that a person under the age of 13 has created an account, we will immediately delete the account and all associated information. If you believe a minor has provided us with personal information, please contact us at support@auscultacor.com.

9. COOKIES & SIMILAR TECHNOLOGIES

We use a minimal set of cookies:

  • Essential cookies — required to keep you logged in and maintain session state.
  • Security cookies — used to detect fraudulent activity and prevent unauthorized access.
  • Analytics cookies — used in aggregate only, never tied to individual identity.

We do not use advertising or tracking cookies. You may disable non-essential cookies through your browser settings without losing access to the service.

10. SECURITY MEASURES

We apply reasonable and appropriate technical, organizational, and physical safeguards to protect personal information, including:

  • Encryption in transit (HTTPS / TLS) on all pages.
  • Password hashing using industry-standard algorithms.
  • Payment card data handled exclusively by PCI-DSS-certified payment partners.
  • Role-based access controls for employees and contractors.
  • Regular security reviews and incident-response procedures.

No system is perfectly secure. In the unlikely event of a data breach affecting your personal information, we will notify you and the relevant regulators without undue delay, as required by applicable law.

11. CALIFORNIA RESIDENTS (CCPA NOTICE)

If you are a California resident, you have additional rights under the CCPA, including the right to know what categories of personal information we collect, the purposes for which they are used, and the right to request deletion. We do not sell personal information and have not sold personal information in the preceding twelve (12) months. To exercise your rights, contact support@auscultacor.com with the subject line "CCPA Request". We will not discriminate against you for exercising any of your CCPA rights.

12. GOOGLE USER DATA

Ausculta Cor offers Sign in with Google as an optional authentication method. This section specifically describes how we access, use, store, share, retain, and protect data obtained from Google APIs, in accordance with the Google API Services User Data Policy, including the Limited Use requirements.

12.1 Data We Access from Google

When you sign in with Google, we request only the following OAuth scopes, and access only the data those scopes grant:

Scope Data Accessed
openid A unique, stable Google Account identifier (OpenID subject claim) used to associate your Ausculta Cor account with your Google Account.
.../auth/userinfo.email Your primary Google Account email address and its verified status.
.../auth/userinfo.profile Basic profile information that you have made publicly available on your Google Account, including your name and profile picture.

We do not request or access Gmail, Google Drive, Google Calendar, Google Contacts, YouTube data, or any other Google service data. We do not request any sensitive or restricted scopes.

12.2 How We Use Google User Data

Data obtained through Google Sign-In is used strictly for the following purposes:

  • Authentication — to verify your identity and sign you into your Ausculta Cor account.
  • Account creation and linking — to create a new Ausculta Cor account on your first Google Sign-In, or to link Google Sign-In to an existing account with a matching email.
  • Account identification — to display your name and profile picture inside your Ausculta Cor account area so you can confirm you are logged in to the correct account.
  • Account-related communication — to send transactional messages (e.g., login alerts, receipts, support replies) to your Google email address.

Limited Use commitment. We do not use Google user data for advertising or any advertising-related purpose. We do not sell or rent Google user data. We do not use Google user data to develop, improve, or train generalized or non-personalized artificial intelligence or machine-learning models. Human access to Google user data is restricted to the narrow cases permitted by the Google API Services User Data Policy (security, legal compliance, with your explicit consent, or for service operations performed by authorized personnel).

12.3 How We Share Google User Data

We do not share Google user data with third parties except in the following limited cases, each of which is consistent with the Google API Services User Data Policy:

  • Infrastructure sub-processors — our cloud hosting, database, and transactional email providers process this data solely on our behalf, under binding confidentiality and data-processing agreements, for the purpose of operating the Ausculta Cor service.
  • Legal compliance and safety — we may disclose Google user data to comply with applicable law, valid legal process (e.g., subpoena or court order), or to protect the rights, property, or safety of Ausculta Cor, our users, or the public.
  • With your explicit consent — in any other case only after providing you clear notice and obtaining your explicit consent.

We do not share Google user data with any third party for their independent marketing, analytics, or advertising purposes. Agents on our platform never receive Google user data.

12.4 Storage and Protection of Google User Data

Google user data is stored and protected using the following safeguards:

  • Encryption in transit using HTTPS/TLS 1.2 or higher for all exchanges with Google and with our clients.
  • Encryption at rest for databases and backups containing Google Account identifiers and profile fields.
  • OAuth token protection — access and refresh tokens are stored in encrypted form and are never exposed to end users or agents.
  • Role-based access controls — only authorized personnel with a documented business need may access Google user data, and all access is logged and auditable.
  • Regular security reviews and a formal incident-response procedure, including breach notification in accordance with applicable law.
12.5 Retention and Deletion of Google User Data
  • While your account is active, we retain your Google Account identifier, email, name, and profile picture so that you can continue to sign in.
  • Upon account deletion, all Google user data (Google Account identifier, email, name, profile picture, and OAuth tokens) is deleted from our active systems within thirty (30) days, except where a longer retention period is strictly required by law (e.g., financial records tied to completed transactions).
  • Upon OAuth revocation, if you revoke Ausculta Cor's access via your Google Account, we stop using Google user data immediately and delete any stored OAuth tokens within 30 days; your Ausculta Cor account itself remains unless you also request account deletion.

How to request deletion or revoke access.

  1. To delete your Ausculta Cor account and all associated Google user data, email support@auscultacor.com from the Google email linked to your account with the subject line "Delete My Account". We will verify the request and complete deletion within 30 days.
  2. To revoke Ausculta Cor's access to your Google Account at any time, visit https://myaccount.google.com/permissions and remove Ausculta Cor.

13. CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time. Material changes will be communicated via email to registered users at least thirty (30) days before taking effect, and the updated policy will be posted on this page with a revised "Last Updated" date. Your continued use of the service after the effective date constitutes acceptance of the revised policy.

14. CONTACT

Questions, concerns, or complaints regarding this Privacy Policy or our data-handling practices should be directed to:

Winter Shand Inc. — Data Protection Officer
40th Floor, PBCOM Tower
6795 Ayala Avenue corner V.A. Rufino Street
Salcedo Village, Bel-Air, Makati City 1209
Metro Manila, Philippines
Email: support@auscultacor.com

Go Back Contact Us