Privacy Policyนโยบายความเป็นส่วนตัว

Thearavich.com Co., Ltd. ("Company", "we", "us") respects the privacy of users of the SalesPacer platform and related products. This Policy explains how we collect, use, disclose, and protect your personal data under Thailand's Personal Data Protection Act B.E. 2562 (2019) ("PDPA") and applicable laws.

Because SalesPacer is a Software-as-a-Service (SaaS) product, our legal status differs depending on the type of data involved:

2.1 We act as a "Data Controller"

For data relating to service registration, user accounts, billing, and support — such as your organization's contact details and the accounts of your users.

2.2 We act as a "Data Processor"

For data that customer organizations enter or upload into the system — such as your customers'/partners' information, contacts, deals, quotations, and related documents. In this case, the customer organization is the Data Controller and is responsible for having a lawful basis to collect and use that third-party data. We process such data only on your instructions and for your purposes.

We do not intend to collect sensitive personal data under Section 26 (e.g., race, religion, health, or biometric data), and we ask that you not record such data in the system unnecessarily.

We process personal data under the legal bases set out in Section 24 of the PDPA, as follows:

We do not sell your personal data. We disclose data only as necessary to service providers acting as data processors under contract and with appropriate data protection measures, namely:

We may also disclose data where required by law, court order, or the order of a competent government authority.

Some of our service providers may store or process data on servers located outside Thailand. In such cases, we comply with Sections 28 and 29 of the PDPA by ensuring appropriate and legally enforceable data protection measures are in place.

• We retain account and usage data for as long as you use the service.
• Upon cancellation, we retain data during a grace period of 30 days before deleting or anonymizing it.
• Accounting, tax, and financial records are retained for the period required by law (generally not less than 5 years).
• Audit logs may be retained for security and legal compliance purposes.

• Tenant isolation between organizations (multi-tenant isolation) via Row Level Security and JWT-based authorization
• Encryption of data in transit via HTTPS/TLS
• Role-based access control
• Administrator privilege management and access logging for audit

Under the PDPA, you have the following rights:

• Right of access and to obtain a copy of your personal data (s.30)
• Right to data portability to another data controller (s.31)
• Right to object to collection, use, or disclosure (s.32)
• Right to erasure or destruction, or anonymization (s.33)
• Right to restrict the use of data (s.34)
• Right to rectification to keep data accurate and up to date (s.35, 36)
• Right to withdraw consent previously given, at any time (s.19)
• Right to lodge a complaint with the Personal Data Protection Committee (PDPC) if you believe a violation has occurred

You may exercise these rights by contacting us via the channels in Section 13. We will act within the period required by law. Some rights may be limited by law or contractual obligations.

We use cookies and browser storage (e.g., session tokens and the "remember me" option) solely to provide authentication and maintain login state. We do not use cookies for cross-site advertising tracking. You can manage or delete cookies through your browser settings, though this may affect some functionality.

This service is intended for business use. We do not intend to collect data of minors. If you become aware that a minor's data has been provided without proper consent, please contact us so we can delete it.

We may update this Policy from time to time, with the latest effective date shown above. If there are material changes, we will notify you through appropriate channels.