Privacy Policy

Last Updated: March 15, 2025

At DriveHub, we take your privacy seriously. This policy explains how we collect, use, and protect your personal information when you use our financial reporting platform.

We operate in Thailand and comply with the Personal Data Protection Act B.E. 2562 (2019), which is Thailand's primary data protection legislation. But honestly, we'd protect your data carefully regardless of what the law says — it's just the right thing to do.

Questions about your data? Reach us at [email protected] or call +6632337265. We're based in Chiang Rak Noi, Phra Nakhon Si Ayutthaya.

Section 1

Information We Collect

Running a financial reporting platform means we need certain information to provide you with accurate, useful services. Here's what we collect and why it matters.

Information You Provide Directly

Account registration details (name, email, phone number, company information)
Financial data you upload or connect through banking integrations
Profile settings and communication preferences
Support requests and correspondence with our team
Payment information for subscription management

Information Collected Automatically

Like most online platforms, we collect technical information when you use DriveHub:

Device information (IP address, browser type, operating system)
Usage patterns (features accessed, time spent, interaction patterns)
Session data and authentication logs
Performance metrics to improve our service reliability

Thailand-Specific Data Collection

For users operating in Thailand, we may collect additional information required for tax reporting and regulatory compliance under Thai revenue law. This includes business registration numbers and VAT-related documentation.

Section 2

How We Use Your Information

We don't believe in collecting data just because we can. Every piece of information serves a specific purpose that benefits you directly.

Purpose	Data Used	Legal Basis
Provide financial reporting services	Account info, financial data	Contract performance
Process payments and subscriptions	Payment details, billing info	Contract performance
Customer support and assistance	Contact info, correspondence	Legitimate interest
Platform improvement and development	Usage data, feedback	Legitimate interest
Security and fraud prevention	Device info, session logs	Legitimate interest
Regulatory compliance	Financial records, business info	Legal obligation

We never sell your personal information to third parties. That's a hard line we won't cross.

Section 3

Data Sharing and Third Parties

Sometimes we need to share information with service providers who help us run DriveHub. But we're selective about who we work with.

Service Providers We Work With

Cloud hosting providers for secure data storage and platform infrastructure
Payment processors to handle subscription billing and financial transactions
Email service providers for account notifications and support communications
Analytics tools to understand platform performance and user experience
Banking integration partners for secure financial data connections

All third-party providers sign data processing agreements that require them to protect your information with the same standards we maintain.

When We Must Share Information

There are limited situations where we're legally required to disclose information:

Responding to valid legal requests from Thai authorities
Complying with court orders or legal processes
Protecting against fraud or security threats
Enforcing our terms of service when necessary

Section 4

Your Privacy Rights

Under Thailand's Personal Data Protection Act, you have substantial control over your personal information. These aren't just theoretical rights — we've built systems to make them practical.

Access Your Data

Request a complete copy of all personal information we hold about you, delivered in a readable format within 30 days.

️

Correct Inaccuracies

Update or correct any incorrect or incomplete personal information directly in your account settings or by contacting support.

️

Delete Your Data

Request deletion of your account and associated data, subject to legal retention requirements for financial records.

⏸️

Restrict Processing

Limit how we use your information while keeping your account active, useful when you're verifying data accuracy.

Data Portability

Receive your data in a structured, machine-readable format to transfer to another service provider if you choose.

Object to Processing

Withdraw consent for specific data processing activities, though this may limit certain platform features.

How to Exercise Your Rights

Email your request to [email protected] with "Privacy Request" in the subject line. We'll verify your identity and respond within 30 days. Most requests are handled within a week, but complex cases might take longer.

Section 5

Data Security Measures

Financial data security isn't optional — it's the foundation of everything we do. We've invested heavily in protecting your information.

Technical Security

256-bit SSL/TLS encryption for all data transmission
AES-256 encryption for data at rest in our databases
Regular security audits and penetration testing
Multi-factor authentication for account access
Automated threat detection and monitoring systems
Regular security patches and system updates

Organizational Security

Technology alone isn't enough. We maintain strict internal policies:

Limited employee access to personal data on a need-to-know basis
Comprehensive background checks for all team members
Regular security training and awareness programs
Strict confidentiality agreements with all staff
Incident response procedures for potential breaches

Despite our precautions, no system is completely impenetrable. If a security incident occurs, we'll notify affected users within 72 hours as required by Thai law.

Section 6

Data Retention and Deletion

We keep your information only as long as necessary for legitimate business purposes or legal requirements.

Retention Periods

Data Type	Retention Period	Reason
Account information	Active account + 2 years	Service provision and support
Financial records	7 years from creation	Thai tax law requirement
Transaction logs	5 years	Audit and compliance
Support correspondence	3 years	Service improvement
Usage analytics	2 years	Platform optimization
Marketing preferences	Until withdrawal	Communication consent

When you close your account, we begin the deletion process immediately for non-essential data. Financial records must be retained for tax compliance, but they're moved to secure archived storage with restricted access.

Section 7

International Data Transfers

Our primary servers are located within Thailand, but some service providers operate infrastructure in other countries.

Cross-Border Data Handling

When data leaves Thailand, we ensure adequate protection through:

Standard contractual clauses approved by Thai data protection authorities
Verification that destination countries have adequate data protection laws
Additional security measures for sensitive financial information
Regular compliance reviews of international partners

You can request specific details about where your data is stored by contacting our support team.

Section 8

Cookies and Tracking Technologies

We use cookies and similar technologies to make DriveHub work properly and improve your experience. Here's what we use and why.

Types of Cookies We Use

Essential cookies: Required for login, security, and core platform functionality. These can't be disabled.
Performance cookies: Help us understand how users interact with features so we can make improvements.
Preference cookies: Remember your settings and customization choices.
Security cookies: Protect against unauthorized access and fraudulent activity.

You can manage cookie preferences through your browser settings, though disabling certain cookies may limit platform functionality.

Section 9

Changes to This Policy

Privacy regulations evolve, and so does our platform. We may update this policy periodically to reflect changes in our practices or legal requirements.

When we make significant changes, we'll notify you via email and display a prominent notice in the platform. The "Last Updated" date at the top of this policy shows when the most recent changes took effect.

We recommend reviewing this policy occasionally to stay informed about how we protect your information. Continued use of DriveHub after policy updates constitutes acceptance of the changes.

Section 10

Thailand-Specific Provisions

Operating in Thailand means we comply with specific local requirements that may differ from other jurisdictions.

Personal Data Protection Act Compliance

The PDPA grants Thai residents specific rights and imposes obligations on data controllers like DriveHub. Key provisions include:

Explicit consent requirements for sensitive data processing
Mandatory data breach notification within 72 hours
Right to file complaints with the Personal Data Protection Committee
Requirements for data protection impact assessments for high-risk processing
Designation of a local data protection officer

Filing a Complaint

If you believe we've mishandled your personal data, you can file a complaint with Thailand's Personal Data Protection Committee. Contact details and procedures are available at www.mdes.go.th. You can also reach out to us first — we're committed to resolving concerns directly when possible.

Questions About Your Privacy?

We're here to help. Reach out anytime with privacy concerns, data requests, or questions about how we handle your information.

Email: [email protected]

Phone: +6632337265

Address: Chiang Rak Noi, อำเภอบางปะอิน Phra Nakhon Si Ayutthaya 13180, Thailand