Last updated: May 2026
Reference: Personal Data Protection Act (PDPA) 2019
Data you provide directly: name, phone, email, property details, tenant data entered into the system, payment slips | Data collected automatically: IP address, browser/device info, usage logs, cookies
Providing and improving IslandDorm | Sending service-related notifications (billing alerts, subscription reminders) | Identity verification and fraud prevention | Legal compliance
Contract performance: to provide IslandDorm services | Legitimate interests: fraud prevention, service improvement, usage analytics | Legal compliance: when disclosure is required by law
IslandDorm does not sell personal data. We may share with: Supabase (database/auth/storage) and Vercel (hosting) under DPA agreements for processing on our behalf only | Google Analytics is used only on public pages (home, help, terms, privacy, refund, cookies) for anonymous visitor counts — never on logged-in app pages | Disclosure to authorities only when legally required.
Data may be processed abroad (Supabase/Vercel in US/Singapore). All providers maintain appropriate safeguards under ISO 27001 and SOC 2 standards.
For the duration of your subscription | After cancellation: retained 90 days then permanently deleted | Usage logs: 90 days | Payment documents: per Thai accounting law (5 years)
Right of Access | Right of Rectification | Right to Erasure | Right to Object | Right to Data Portability | Exercise rights by contacting: islandgroupth@gmail.com
SSL/TLS encryption for all data in transit | Critical data encrypted in database | Least-privilege access controls | Audit logs for data access | Annual penetration testing (planned)
Contact DPO: islandgroupth@gmail.com | You have the right to lodge a complaint with Thailand's PDPC if you believe your rights have been violated.
At least 30 days' advance notice before new policy takes effect, via email and in-app notification.