FlashSpotForce

Information We Collect

FlashSpotForce collects various types of information to provide you with our IT platform services and improve your user experience. We believe in transparency about what information we gather and why we need it.

Account Information: When you create an account, we collect your name, email address, phone number, and profile details to establish your user profile and enable platform access.

Usage Data: We automatically collect information about how you interact with our platform, including pages visited, features used, time spent, and technical data like IP address and device information.

Communication Records: When you contact our support team or participate in platform discussions, we store these communications to provide better service and resolve issues effectively.

Payment Information: For premium features, we collect billing details through secure third-party processors. We never store complete credit card information on our servers.

We collect this information through direct input from users, automated tracking technologies, and legitimate third-party sources when necessary for service provision. All collection methods comply with Thailand's Personal Data Protection Act (PDPA) and international privacy standards.

How We Use Your Information

Your personal data serves specific purposes that directly benefit your experience on our platform. We don't use your information for purposes beyond what's necessary for service provision and platform improvement.

Service Delivery: We use your account information to provide access to platform features, maintain your user profile, and deliver the IT management tools you've requested. This includes personalizing your dashboard and ensuring you receive relevant platform notifications.

Communication: Your contact details allow us to send important account updates, security alerts, and respond to your support requests. We also use this information to notify you about platform changes that might affect your usage.

Platform Improvement: Usage data helps us understand which features are most valuable, identify areas for enhancement, and develop new tools that better serve our user community. This analysis is performed on aggregated, anonymized data whenever possible.

Security and Fraud Prevention: We analyze usage patterns and technical data to detect suspicious activities, prevent unauthorized access, and maintain the security of our platform for all users.

Under Thailand's PDPA, we maintain lawful basis for all data processing activities, primarily through legitimate interest for platform operation and your consent for optional features like marketing communications.

Information Sharing and Disclosure

We limit sharing of your personal information to specific circumstances that directly support our service delivery or legal compliance requirements.

Service Providers: We work with carefully selected third-party vendors who help us operate our platform, including cloud hosting services, payment processors, and customer support tools. These partners access only the minimum data necessary for their specific functions and are bound by strict confidentiality agreements.

Legal Requirements: We may disclose personal information when required by Thai law, court orders, or government regulations. This includes cooperation with law enforcement agencies when legally mandated and protection of our legal rights in formal proceedings.

Business Transfers: In the event of a merger, acquisition, or sale of assets, user information may be transferred as part of the transaction. We would notify users and ensure the receiving entity maintains equivalent privacy protections.

We never sell personal information to marketers, advertisers, or other third parties for commercial purposes. Any data sharing occurs only with your explicit consent or clear legal justification under applicable privacy laws.

Your Privacy Rights

Under Thailand's Personal Data Protection Act and international privacy frameworks, you have several rights regarding your personal information. We've designed our systems to make exercising these rights as straightforward as possible.

Access Your Data

Request a copy of all personal information we hold about you, including details about how it's processed and shared.

Correct Information

Update or correct any inaccurate personal data in your account. Most profile information can be edited directly through your account settings.

Delete Your Account

Request complete deletion of your account and associated personal data, subject to legal retention requirements.

Data Portability

Receive your personal data in a structured, commonly used format that allows transfer to another service provider.

Restrict Processing

Limit how we process your personal information for specific purposes while maintaining your account access.

Object to Processing

Opt out of certain data processing activities, particularly those based on legitimate interest rather than explicit consent.

To exercise any of these rights, contact our privacy team using the information provided below. We respond to all requests within 30 days and provide clear explanations if any limitations apply to your request.

Data Security Measures

Protecting your personal information is fundamental to our operations. We implement multiple layers of security controls to safeguard data against unauthorized access, modification, or disclosure.

1

Encryption Protection

All data transmissions use TLS 1.3 encryption, and sensitive information is encrypted at rest using AES-256 standards. Database connections and API communications maintain end-to-end encryption.

2

Access Controls

Employee access to personal data is strictly limited based on job requirements. We use multi-factor authentication, role-based permissions, and regular access reviews to prevent unauthorized internal access.

3

Infrastructure Security

Our servers operate in certified data centers with physical security controls, environmental monitoring, and redundant systems. Regular security audits ensure infrastructure meets industry standards.

4

Monitoring and Response

Automated systems monitor for suspicious activities 24/7. Our incident response team can quickly address potential security events and notify affected users when necessary.

Despite these protections, no system is completely immune to security risks. We continuously update our security measures and maintain insurance coverage for data protection incidents. Users should also protect their accounts by using strong passwords and reporting suspicious activities promptly.

Data Retention and International Transfers

We retain personal information only as long as necessary for the purposes outlined in this policy or as required by applicable laws. Different types of data have varying retention periods based on their purpose and legal requirements.

Account Information: Maintained while your account remains active and for up to two years after account closure to handle potential disputes or technical issues. Financial records are kept for seven years as required by Thai accounting regulations.

Usage Logs: Technical logs and analytics data are typically retained for 12-18 months for security monitoring and platform improvement purposes, then automatically purged or anonymized.

Communications: Support tickets and user communications are retained for three years to maintain service quality and handle follow-up requests.

International Data Transfers: Some of our service providers operate outside Thailand, particularly cloud infrastructure and security monitoring services. When personal data crosses borders, we ensure adequate protection through standard contractual clauses, adequacy decisions, or other approved transfer mechanisms under the PDPA.

Users can request early deletion of their personal data at any time, subject to our legitimate business needs and legal obligations. We provide clear timelines for different types of deletion requests and confirm completion of the process.

Privacy Policy