Information We Collect
We collect various types of information to provide and improve our expense tracking services. Understanding what data we gather helps you make informed decisions about using our platform.
Personal Information
Name, email address, phone number, and billing address that you provide during account registration and profile setup.
Financial Data
Expense records, transaction details, budget information, and financial categories you create within our platform.
Technical Information
Device information, IP address, browser type, operating system, and usage patterns when you interact with our services.
Communication Data
Messages, support tickets, feedback, and any correspondence you have with our customer service team.
Important: We never store your actual bank account passwords or sensitive financial credentials. Our platform uses secure, read-only connections when you choose to link external accounts.
How We Use Your Data
Your information serves specific purposes that directly benefit your experience with our expense tracking platform. We believe in transparency about how your data works for you.
Primary Uses
We process your personal information to operate our expense tracking services, including creating and managing your account, processing your financial data, generating expense reports, and providing personalized budgeting insights. Your financial information helps us categorize transactions, identify spending patterns, and offer relevant recommendations for better money management.
Service Improvement
Aggregated and anonymized data helps us understand how users interact with our platform. This information guides feature development, performance optimization, and user interface improvements. We analyze usage patterns to identify which tools are most valuable and where we can enhance the user experience.
| Data Type | Purpose | Legal Basis |
|---|---|---|
| Account Information | Service delivery and user authentication | Contract performance |
| Financial Data | Expense tracking and budget analysis | Contract performance |
| Usage Analytics | Platform improvement and optimization | Legitimate interest |
| Communication Records | Customer support and service quality | Legitimate interest |
Data Sharing and Third Parties
We maintain strict controls over when and how your information is shared. Your trust is fundamental to our service, and we only share data when necessary for legitimate business purposes or when required by law.
Service Providers
We work with carefully selected third-party service providers who help us deliver our platform. These include cloud hosting services, payment processors, customer support tools, and analytics providers. All service providers are bound by strict confidentiality agreements and are only authorized to use your data for the specific services they provide to us.
Legal Requirements
Under Thailand's Personal Data Protection Act (PDPA) and other applicable laws, we may disclose your information when required by legal process, court orders, or government requests. We also reserve the right to share information when we believe it's necessary to protect our rights, prevent fraud, or ensure user safety.
Business Transfers
In the event of a merger, acquisition, or sale of assets, your personal information may be transferred as part of that transaction. We would notify you via email and prominent notice on our website before your information becomes subject to a different privacy policy.
Your Privacy Rights
You have significant control over your personal information. These rights ensure you can manage your data according to your preferences and legal protections under Thailand's PDPA and international privacy standards.
Access and Portability
You can request a copy of all personal data we hold about you. We'll provide this information in a structured, commonly used format within 30 days of your request.
Correction and Updates
If any of your personal information is inaccurate or incomplete, you can request corrections through your account settings or by contacting our support team.
Deletion Rights
You may request deletion of your personal data, subject to certain legal and contractual obligations. We'll process deletion requests within 30 days unless we have legitimate grounds for retention.
Processing Restrictions
You can object to certain types of data processing or request that we limit how we use your information while maintaining your account access.
Withdraw Consent
For data processing based on your consent, you can withdraw that consent at any time through your account settings or by contacting us directly.
To exercise any of these rights, please contact us at info@swordflashspot.com with your request and proper identification. We'll respond within 30 days and guide you through the process.
Security Measures
Protecting your financial information is our highest priority. We implement multiple layers of security controls designed to safeguard your data against unauthorized access, disclosure, alteration, and destruction.
Technical Safeguards
All data transmission occurs over encrypted HTTPS connections using TLS 1.3 protocol. Your information is stored in encrypted databases with advanced encryption standards (AES-256). We employ secure authentication mechanisms, including two-factor authentication options, and maintain strict access controls limiting employee access to customer data based on job requirements.
Operational Security
Our security team conducts regular vulnerability assessments and penetration testing. We maintain 24/7 monitoring systems that detect and respond to potential security threats. All employees undergo security training and background checks, and we maintain incident response procedures to address any potential data breaches quickly and effectively.
Physical Protection
Our servers are housed in certified data centers with biometric access controls, surveillance systems, and environmental monitoring. These facilities maintain redundant power systems and network connections to ensure continuous availability while protecting against physical threats.
Data Retention and Deletion
We retain your personal information only as long as necessary to provide our services and fulfill the purposes outlined in this privacy policy. Our retention practices comply with legal requirements while respecting your privacy preferences.
Retention Periods
Active account data is retained while your account remains active and for up to 24 months after account closure to handle any support issues or legal requirements. Financial transaction data may be retained for up to 7 years as required by applicable financial record-keeping laws. Communication records and support tickets are typically retained for 3 years to maintain service quality and resolve ongoing issues.
Automated Deletion
Our systems automatically delete expired data according to predetermined schedules. You'll receive notifications before significant data deletions, giving you opportunities to download your information or extend retention periods if needed.
Manual Deletion Requests
You can request immediate deletion of your account and associated data at any time. We'll process these requests within 30 days, though some information may be retained for legal compliance purposes. We'll provide confirmation once deletion is complete and explain any data that must be retained for legal reasons.