1. Information We Collect

Account Information

When you create an account, we need basic details to set things up properly. This includes your name, email address, company name, and contact phone number. If you're subscribing to a paid plan, we also collect billing information – though payment processing happens through secure third-party providers who maintain their own PCI compliance standards.

Financial Data You Upload

Our platform analyzes financial statements, so naturally you'll be uploading sensitive documents. This might include balance sheets, income statements, cash flow reports, and related financial records. We only process this data to provide the analysis services you've requested. The data stays encrypted both when it's stored and when it's moving through our systems.

Usage Information

Like most web services, we collect information about how you interact with our platform. This includes your IP address, browser type, which features you use most often, and when you access the system. We use this to improve the service and catch potential security issues early.

Communications

If you contact our support team or exchange emails with us, we keep those records. It helps us provide better assistance and track any technical issues you've reported.

2. How We Use Your Information

We're not in the business of selling data or using your financial information for anything beyond what you've asked us to do. Here's what we actually use your information for:

• Running the analysis tools you've requested on your financial statements
• Maintaining your account and providing customer support when you need it
• Processing billing and managing your subscription
• Sending important updates about service changes or security matters
• Improving our platform based on how people actually use it
• Detecting and preventing fraud or unauthorized access
• Complying with legal obligations under Thai law and international standards

3. Data Storage and Security

Security isn't just a checkbox for us. Your financial data is encrypted using AES-256 encryption when stored and TLS 1.3 for all data transmission. Our servers are located in secure data centers with physical access controls, redundant systems, and regular security audits.

Our Security Measures Include:

• Multi-factor authentication for all user accounts
• Regular security testing and vulnerability assessments
• Encrypted database storage with separate encryption keys
• Access logging and monitoring for unusual activity
• Regular backups stored in geographically separate locations
• Employee access restrictions on a need-to-know basis

Our team receives regular security training, and we maintain incident response procedures. If we ever detect a breach that affects your data, we'll notify you within 72 hours as required under Thai PDPA regulations.

4. Data Sharing and Third Parties

We keep data sharing to an absolute minimum. We don't sell your information, rent it out, or share it for marketing purposes. The only times we share your data are:

Service Providers

We work with a small number of trusted service providers who help us run the platform. This includes cloud hosting providers, payment processors, and email service providers. These companies are bound by strict confidentiality agreements and can only use your data to provide their specific services to us.

Legal Requirements

If we receive a valid legal request from Thai authorities or international bodies with proper jurisdiction, we may need to disclose information. We'll notify you about such requests unless legally prohibited from doing so.

Business Transfers

If Flareknot is acquired or merged with another company, your data would transfer to the new entity. We'd notify you beforehand and you'd have the option to delete your account if you prefer.

5. Your Rights Under Thai PDPA

Thailand's Personal Data Protection Act gives you specific rights over your information. We take these seriously and have built tools to help you exercise them easily.

Right to Access

You can request a copy of all personal data we hold about you. We'll provide this in a readable electronic format within 30 days. Log into your account and visit the Data Export section, or contact us directly at [email protected].

Right to Correction

If any of your personal information is incorrect or outdated, you can update it directly through your account settings. For information you can't change yourself, send us a correction request and we'll update it within 10 business days.

Right to Deletion

You can delete your account and all associated data at any time. Go to Account Settings and select "Delete Account," or contact our support team. We'll remove your data within 30 days, though we may retain certain information if required by law for accounting or legal purposes.

Right to Data Portability

You can download your financial data in standard formats (CSV, JSON, PDF) directly from the platform. This makes it easy to move to another service if you choose.

Right to Object

If you believe we're processing your data inappropriately, you can object. We'll review your concern and stop the processing unless we have legitimate legal grounds to continue.

Right to Restrict Processing

In certain situations, you can ask us to temporarily pause processing your data. For example, if you're disputing the accuracy of information or questioning whether we have a legal basis for processing it.

6. Data Retention

We don't keep your data longer than necessary. Here's our retention approach:

• Active account data is retained as long as your account remains open and active
• After account closure, we delete most data within 30 days
• Financial records required for accounting purposes are kept for 7 years as mandated by Thai accounting regulations
• Support communications are retained for 3 years to help with any follow-up issues
• Anonymized usage analytics may be retained indefinitely since they can't identify you
• Security logs are kept for 2 years for fraud prevention and investigation purposes

If you need specific data deleted sooner due to particular circumstances, contact us and we'll work with you on what's legally possible.

7. International Data Transfers

Our primary servers are located in Thailand, but some service providers we work with operate internationally. When data leaves Thailand, we ensure it's protected through:

• Standard contractual clauses approved by Thai data protection authorities
• Transfers only to countries with adequate data protection laws
• Additional encryption and security measures during transfer
• Regular audits of international partners' security practices

If you're concerned about where your data physically resides, contact us and we can provide specific details about our infrastructure.

8. Cookies and Tracking

Our platform uses cookies to function properly and improve your experience. Here's what we use:

Essential Cookies

These are necessary for the platform to work. They handle your login session, remember your preferences, and keep your account secure. You can't disable these without breaking the service.

Analytics Cookies

We use these to understand how people use different features. This helps us decide what to improve. These are optional and you can disable them in your account settings.

Preference Cookies

These remember settings like your dashboard layout, chart preferences, and notification choices. They make the platform more convenient but aren't required.

We don't use advertising cookies or third-party tracking cookies. Your browser settings give you control over cookies, though disabling essential ones will prevent you from using the platform.

9. Children's Privacy

Our service is designed for business use and isn't intended for anyone under 18. We don't knowingly collect information from minors. If you're a parent and believe your child has provided us with personal information, contact us immediately and we'll delete it.

10. Changes to This Policy

We update this policy occasionally to reflect new features, legal requirements, or operational changes. When we make significant changes, we'll notify you by email and display a notice in the platform for 30 days. The "Last Updated" date at the top shows when we last modified anything.

Continuing to use Flareknot after changes take effect means you accept the updated policy. If you disagree with changes, you can close your account before they take effect.

11. Your Responsibilities

While we work hard to protect your data, security is a shared responsibility:

• Keep your password secure and don't share account credentials
• Enable multi-factor authentication on your account
• Log out when using shared or public computers
• Review your account activity regularly for anything suspicious
• Keep your contact email current so we can reach you about security matters
• Report any suspected security issues immediately

12. Data Protection Officer

As required under Thai PDPA, we've appointed a Data Protection Officer to oversee compliance with privacy regulations and handle your data protection concerns. You can reach our DPO directly for privacy-specific questions or complaints that you'd prefer not to send to general support.

DPO Contact: [email protected]