Information We Collect
Account and Registration Data
When you create an account with clickon-taply, we collect your name, email address, company name, job title, and phone number. We need this to set up your account and verify you're authorized to access financial analysis tools on behalf of your organization.
Financial Analysis Data
Our platform processes financial data you upload for analysis. This might include balance sheets, income statements, cash flow data, and other corporate financial information. We store this data securely on servers located in Singapore, which provides strong data protection frameworks for financial services.
Usage Information
We track how you interact with our platform, including which features you use, reports you generate, and time spent on different sections. This helps us understand what works well and what needs improvement. We collect IP addresses, browser types, device information, and access times.
Communication Records
When you contact our support team or participate in training sessions, we keep records of those interactions. This includes email correspondence, chat logs, and notes from phone conversations.
How We Use Your Information
Your data serves specific purposes related to providing financial analysis services:
- Running financial models and generating analysis reports based on data you provide
- Managing your account access and authenticating your identity
- Sending you analysis results, system notifications, and important updates about the service
- Improving our algorithms and analytical tools based on aggregate usage patterns
- Providing technical support and responding to your questions
- Meeting legal and regulatory requirements in Thailand and jurisdictions where you operate
- Detecting and preventing fraudulent account usage or security breaches
We don't sell your financial data to third parties. Period. Our business model depends on you trusting us with sensitive information, and we've structured everything around maintaining that trust.
Data Storage and Security
Financial data requires serious protection. Here's what we've put in place:
Encryption
All data transfers use TLS 1.3 encryption. Stored data gets encrypted using AES-256 standards. We encrypt database backups and log files that might contain sensitive information.
Access Controls
Only authorized team members can access your data, and only when necessary for providing support or maintaining the system. We maintain detailed logs of who accesses what data and when. Our staff in Thailand undergo background checks and sign confidentiality agreements.
Infrastructure Security
Our infrastructure uses industry-standard firewalls, intrusion detection systems, and regular security audits. We work with AWS Singapore region for data hosting, which provides SOC 2 Type II certified facilities.
Backup and Recovery
We maintain encrypted backups with 30-day retention. If something goes wrong, we can restore your data quickly while maintaining security throughout the recovery process.
Data Retention
We keep different types of information for different periods:
| Data Type | Retention Period | Reason |
|---|---|---|
| Active account data | Duration of subscription plus 90 days | Service provision and transition period |
| Financial analysis data | 3 years after account closure | Thai accounting standards compliance |
| Transaction records | 7 years | Tax and audit requirements |
| Support communications | 2 years | Quality assurance and dispute resolution |
| Usage logs | 18 months | Security monitoring and service improvement |
You can request earlier deletion of your data, though we might need to keep some records to meet legal obligations. Contact us to discuss specific retention needs for your situation.
Sharing Your Information
We limit data sharing to situations where it's necessary:
Service Providers
We work with specific vendors who help run the platform. AWS hosts our infrastructure. SendGrid handles transactional emails. Stripe processes payments. These companies can only use your data to provide their specific services to us, and they're bound by strict confidentiality agreements.
Legal Requirements
Sometimes Thai authorities or courts require us to disclose information. We'll only share what's legally required and will notify you when possible, unless prohibited by law. In six years of operation, we've received four such requests.
Business Transfers
If clickon-taply gets acquired or merges with another company, your data would transfer to the new entity. We'd notify you beforehand and ensure the new owner maintains equivalent privacy protections.
With Your Consent
We might share data in other situations if you explicitly agree. For example, if you want us to share analysis results directly with your auditors or board members.
Your Rights and Controls
Thai data protection law gives you several rights regarding your personal information:
Access and Portability
You can request copies of your personal data at any time. We'll provide it in CSV or JSON format within 30 days. There's no charge for your first request in a calendar year; subsequent requests might incur a reasonable administrative fee.
Correction
If your personal information is inaccurate or incomplete, you can update most of it directly through your account settings. For data you can't change yourself, email us and we'll make corrections within 15 business days.
Deletion
You can request deletion of your account and associated data. We'll process this within 45 days, though we might retain some information to meet legal obligations or resolve disputes. We'll explain what we're keeping and why.
Objection and Restriction
You can object to certain data processing activities or ask us to restrict how we use your information. This might limit which features you can access, depending on what restrictions you request.
Withdrawal of Consent
For processing based on your consent rather than legal obligation, you can withdraw that consent anytime. This won't affect the lawfulness of processing before withdrawal.
To exercise any of these rights, email [email protected] with "Privacy Rights Request" in the subject line. We'll verify your identity and respond within the timeframes required by Thai law.
International Data Transfers
While our company operates from Thailand, we store data in Singapore and some of our service providers operate from other countries. This means your information might be processed outside Thailand.
We ensure appropriate safeguards for these transfers through standard contractual clauses approved for international data transfers, selection of providers in jurisdictions with adequate data protection frameworks, and technical measures like encryption that protect data regardless of location.
Singapore maintains data protection standards comparable to Thai PDPA requirements, which is why we selected it for our primary data center location.
Cookies and Tracking
Our platform uses cookies and similar technologies for functionality and analysis:
Essential Cookies
These keep you logged in and remember your preferences. You can't opt out of these without losing core functionality.
Analytics Cookies
We use these to understand how people use the platform. You can disable them through your account settings. We'll still collect some basic usage data for security monitoring.
Session Management
For security reasons, sessions expire after 4 hours of inactivity. This prevents unauthorized access if you leave your computer unattended.
We don't use advertising cookies or tracking pixels from third-party advertising networks. Our business doesn't involve advertising.
Changes to This Policy
We update this policy occasionally to reflect changes in our practices, legal requirements, or service features. When we make significant changes, we'll email you at least 30 days before they take effect.
Minor clarifications or updates that don't materially change your rights might happen without notification, though we'll always update the effective date at the top of this policy.
You can find previous versions of this policy by requesting them from our support team. We maintain an archive going back to our launch in 2019.
Children's Privacy
Our service is designed for corporate finance professionals. We don't knowingly collect information from anyone under 18 years old. If you're under 18, please don't use this platform or provide any personal information.
If we discover we've accidentally collected data from someone under 18, we'll delete it promptly.
Thai PDPA Compliance
We comply with Thailand's Personal Data Protection Act (PDPA) which went into full effect in 2022. Our legal basis for processing your data includes:
- Contractual necessity: Processing required to provide the services you've subscribed to
- Legal obligations: Compliance with Thai accounting, tax, and business regulations
- Legitimate interests: Fraud prevention, security monitoring, and service improvement where balanced against your rights
- Consent: For optional features and communications you've explicitly agreed to
You can file complaints about our data handling with Thailand's Personal Data Protection Committee. We prefer you contact us first so we can address concerns directly, but you have the right to go straight to the regulator.
Contact Us About Privacy
For questions about this privacy policy or how we handle your data:
Email: [email protected]
Phone: +66 2 980 0633
Mail: clickon-taply
204/419 Bang Sao Thong
Bang Sao Thong District
Samut Prakan, Thailand
Our data protection officer typically responds to privacy inquiries within 3 business days. For urgent security concerns, call us directly during business hours (Monday-Friday, 9:00-17:00 ICT).