Praan Co., Ltd. ("Praan", "we", "us", or "our") is committed to protecting your personal information. This Privacy Policy explains what information we collect, how we use it, with whom we share it, and the rights you have over your information when using our mobile application, website and related services (the "Platform").

This Policy is intended to comply with the Personal Data Protection Act B.E. 2562 (2019) of Thailand ("PDPA") and other applicable data protection laws.

1. Information we collect

1.1 Information you provide to us

• Account information: full name, email address, password (stored hashed, never in clear text), phone number, language preference.
• Business information: company / business name, commercial name, Thai Tax Identification Number, business address, postal code, city, business category, service radius (for Suppliers).
• Verification documents: business licence, ID card, and any supporting documents we may request.
• Content: photos, descriptions, messages, reviews and other content you upload or submit through the Platform.

1.2 Information we collect automatically

• Device and usage information: device model, operating system, app version, IP address, language, time zone, crash logs and approximate location (only if you grant permission).
• Activity logs: actions you perform on the Platform (logins, bookings, messages, searches), used for security, analytics and dispute resolution.

1.3 Information from third parties

Where you choose to upload documents or photos, those files are stored with our infrastructure providers (see Section 4).

2. How we use your information

We use your information to:

• create and manage your account, including verifying your identity and business;
• operate the booking, quote, escrow and rating features of the Platform;
• facilitate communication between Buyers and Suppliers;
• send transactional notifications (account verification, booking updates, password resets);
• prevent fraud, abuse and unauthorised access;
• comply with legal obligations (tax, anti-money-laundering, court orders);
• improve the Platform through analytics and usage insights;
• send you service updates and (only with your consent) marketing communications.

3. Legal basis for processing (PDPA)

We process your personal information based on one or more of the following legal grounds:

• the performance of a contract to which you are a party (your use of the Platform);
• compliance with our legal obligations under Thai law;
• our legitimate interests in operating, securing and improving the Platform;
• your explicit consent, where required (for example, marketing communications).

4. Sharing your information

We do not sell your personal information. We share it only with:

• other Platform users when necessary to complete a transaction;
• infrastructure providers: Amazon Web Services (Singapore), Postmark (emails), Expo (push notifications);
• payment and escrow partners (when enabled);
• professional advisors bound by confidentiality;
• competent authorities, where required by law or court order.

5. Data retention

5.1. We keep your personal information for as long as your account is active and for a reasonable period thereafter.

5.2. When you close your account, we soft-delete your data for 30 days. After 30 days, deletion is permanent, except for legally required records.

5.3. Verification documents are retained for up to three (3) years after account closure.

6. Security

We implement appropriate technical and organisational measures including encryption in transit (HTTPS), password hashing (bcrypt), strict access controls, and regular security reviews.

7. Your rights under the PDPA

• Right to access — request a copy of the information we hold about you;
• Right to rectification — ask us to correct inaccurate or incomplete information;
• Right to erasure — request deletion, subject to legal retention requirements;
• Right to restrict processing — ask us to limit how we use your information;
• Right to data portability — receive your information in a structured format;
• Right to object — object to processing based on our legitimate interests;
• Right to withdraw consent — withdraw at any time.

Contact [email protected] to exercise your rights. We respond within 30 days.

8. International data transfers

Some providers are located outside Thailand (notably AWS in Singapore). Appropriate safeguards are in place per the PDPA.

9. Children

The Platform is not intended for individuals under 20. We do not knowingly collect personal information from minors.

10. Cookies and tracking

The mobile application does not use cookies. We use minimal local storage. No third-party advertising trackers.

11. Changes to this Policy

Material changes will be notified via email or in-app notification.

12. Contact

[email protected]
Praan Co., Ltd., Koh Samui, Surat Thani, Thailand