How does TAVARA ERP pricing work?

TAVARA ERP uses flexible per-user subscription pricing. Choose the modules you need and pay per active user. Plans start at $35/user/month with a 14-day free trial.

What industries does TAVARA ERP support?

TAVARA ERP is industry-agnostic. It works for retail, manufacturing, distribution, logistics, trading, pharmaceuticals, pharmacy, convenience stores, furniture shops, restaurants, hotels, resorts, travel agencies, construction, consulting, utilities, and any business type.

Can I use TAVARA ERP on my phone?

Yes. TAVARA ERP is a Progressive Web App that works on any device and can be installed like a native app.

What makes TAVARA ERP different?

TAVARA ERP delivers 27+ enterprise-grade modules with modern technology for faster performance, easier setup, and a fraction of traditional ERP costs. No consultants needed.

Enterprise-grade security with row-level security, encryption, rate limiting, audit logs, and automatic security headers.

How do I migrate my existing data?

TAVARA ERP includes a built-in self-service migration tool supporting CSV, Excel, and JSON files with automatic field mapping.

Privacy Policy

Last updated: June 2, 2026

This Privacy Policy applies to TAVARA ERP, operated by TAVARA HOLDINGS OPC (SEC Registration No. 2026050252208-01), and governs the collection, use, and protection of personal data in compliance with the Philippine Data Privacy Act of 2012 (RA 10173), the EU General Data Protection Regulation (GDPR), the Singapore Personal Data Protection Act 2012 (SG PDPA), the Thailand Personal Data Protection Act B.E. 2562 (TH PDPA), and the Malaysia Personal Data Protection Act 2010 (MY PDPA).

1. Data Controller & Data Protection Officer

Data Controller / Personal Information Controller (PIC):
TAVARA HOLDINGS OPC · SEC Registration No. 2026050252208-01

Data Protection Officer (DPO):
Designated per NPC Advisory Opinion 2017-049, GDPR Art. 37, and equivalent ASEAN regulations. The DPO is your point of contact for all data privacy inquiries, rights requests, and complaints.

Contact: care@tavaraholdings.com · tavaraerp.com/contact

2. Data Collection

We collect information you provide when you create an account, subscribe to a plan, or use our platform. This includes your name, email address, company name, billing information, and usage data generated through interaction with our services.

3. Lawful Basis for Processing

We process personal data only when a lawful basis exists under RA 10173 §12, GDPR Art. 6, and equivalent provisions under SG/TH/MY PDPA:

Consent — collected at sign-up (checkbox, timestamped, recorded). Applies to marketing communications and analytics cookies.
Contract performance — processing necessary to provide the TAVARA ERP service you subscribed to (account creation, billing, service delivery).
Legal obligation — compliance with BIR, SSS, PhilHealth, Pag-IBIG reporting requirements; NPC, GDPR, and ASEAN PDPA compliance obligations.
Legitimate interests — security monitoring, fraud prevention, abuse detection, and platform integrity. Interests are balanced against data subject rights; processing is limited to what is strictly necessary.

4. How We Use Your Data

We use collected data to provide, maintain, and improve TAVARA ERP services; process transactions and send related communications; personalize your experience; enforce our terms; and comply with legal obligations. We do not sell or rent your personal data to third parties.

5. Cookies & Tracking

Our platform uses essential cookies required for authentication and session management. We may also use analytics cookies to understand usage patterns and improve performance. You can manage cookie preferences through your browser settings.

6. Data Security

We implement industry-standard security measures including encryption at rest and in transit, row-level security for data isolation, regular security reviews, and access controls. Data is hosted on reputable cloud infrastructure providers with their own security certifications.

7. Data Retention

We retain your data for as long as your account is active or as needed to provide services. After account termination, data is retained for the period required by applicable laws (including BIR 10-year retention for financial records) and then securely deleted.

8. Sub-Processors & Cross-Border Transfers

Your data may be processed by the following sub-processors in the course of providing TAVARA ERP services:

Supabase (Database & Auth) — Singapore
Vercel (Hosting & Edge Functions) — United States
Resend (Transactional Email) — United States
Cloudflare (CDN & DNS) — Global

Data Processing Agreements (DPAs) are in place with each sub-processor. For transfers from the EU/EEA, Standard Contractual Clauses (SCCs) apply. For cross-border transfers governed by RA 10173, we ensure all recipients maintain adequate security measures per NPC Circular 2016-02. For transfers involving Singapore, Thailand, and Malaysia residents, we apply equivalent contractual safeguards as required by SG PDPA §26, TH PDPA §28, and MY PDPA §129 respectively.

9. Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

Notify the National Privacy Commission (Philippines) within 72 hours per NPC Circular 2016-03
Notify the Singapore PDPC within 3 calendar days if Singapore residents are affected (SG PDPA §26D)
Notify the Thailand PDPC within 72 hours if Thailand residents are affected (TH PDPA §37)
Notify the Malaysia JPDP as soon as practicable if Malaysia residents are affected (MY PDPA 2010 — no statutory deadline; we notify as best practice)
Notify the relevant EU/EEA supervisory authority within 72 hours if EU/EEA residents are affected (GDPR Art. 33)
Notify affected data subjects without undue delay when the breach is likely to result in high risk to their rights

We maintain an internal breach register and conduct root-cause analysis for every incident.

10. Your Rights

Under RA 10173, GDPR, SG PDPA, TH PDPA, and MY PDPA (as applicable), you have the right to:

Access — request a copy of all personal data we hold about you
Correction — request correction of inaccurate or incomplete data
Erasure / Deletion — request deletion of your personal data (subject to legal retention requirements)
Objection — object to processing based on legitimate interests
Portability — receive your data in a machine-readable format (JSON/CSV)
Withdraw consent — withdraw consent at any time without affecting the lawfulness of prior processing
Restriction — request restriction of processing while a complaint is being resolved

To exercise any of these rights, email care@tavaraholdings.com. We will respond within 30 days (NPC / MY PDPA), 1 month (GDPR), or 30 days (SG/TH PDPA).

11. Complaints

If you believe your data privacy rights have been violated, you may file a complaint with the relevant authority in your jurisdiction:

Philippines — National Privacy Commission (NPC): privacy.gov.ph
Singapore — Personal Data Protection Commission (PDPC): pdpc.gov.sg
Thailand — Personal Data Protection Committee (PDPC Thailand): pdpc.or.th
Malaysia — Department of Personal Data Protection (JPDP): pdp.gov.my
EU/EEA: The supervisory authority in the EU member state where you reside

12. Contact

For all privacy-related inquiries, contact our Data Protection Officer at care@tavaraholdings.com or visit tavaraerp.com/contact.