🔒 Privacy

Privacy Policy

Effective: March 21, 2026 • Last Updated: March 21, 2026

🇹🇭 PDPA🇪🇺 GDPR

1. Introduction

237 Solutions Group Co., Ltd. ("Company", "we", "us") is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and protect your personal data in compliance with the Thailand Personal Data Protection Act B.E. 2562 (PDPA) and the General Data Protection Regulation (GDPR).

2. Data We Collect

2.1 Data You Provide

Data TypeExamplesApplicable Users
Identity DataFull name, phone, emailAll users
Business DataStore name, address, licenseMerchants, Tenants
Rider DataDriver license, vehicle plate, photoRiders
Address DataDelivery addresses, GPS coordinatesCustomers
Financial DataBank accounts, PromptPayMerchants, Riders

2.2 Automatically Collected Data

  • Location Data (GPS) — For rider matching, real-time delivery tracking, and delivery fee calculation.
  • Device Data — Device model, OS, FCM Token for Push Notifications.
  • Usage Data — Order history, login records, IP Address.

3. How We Use Your Data

We use your data to:

  • 🛒 Provide Services — Process orders, match riders, manage deliveries.
  • 💳 Process Payments — Handle payments, digital wallets.
  • 📍 Tracking — Real-time location tracking for deliveries.
  • 🔔 Notifications — Push Notifications, SMS, email communications.
  • 📊 Analytics — Generate reports, improve service quality.
  • 🔒 Security — Fraud prevention, identity verification.
  • 📋 Legal Compliance — Fulfil regulatory obligations.

4. Data Disclosure

We may share your data with:

  • Tenants (Operators) — Data necessary for operations under your Tenant.
  • Merchants / Riders — Data required for delivery (name, address, phone).
  • Payment Gateways — Payment data via Omise, 2C2P, K-Bank.
  • Cloud Providers — DigitalOcean (Database, Storage), Firebase (Notifications).
  • Government Authorities — When required by court order or law.

We will never sell your personal data to third parties for marketing purposes.

5. Data Security

We employ industry-standard security measures:

  • 🔐 AES-256 Encryption — For sensitive data (payment keys, rider documents).
  • 🛡️ SSL/TLS — Encrypted data in transit.
  • 🔑 JWT Authentication — Secure identity verification.
  • 🏗️ Data Isolation — Strict tenant-level data separation.
  • 📝 Audit Logging — All access to sensitive data is logged.
  • 🔄 Data Backup — Automatic backups on DigitalOcean Managed Database.

6. Your Rights (PDPA & GDPR)

Under PDPA and GDPR, you have the following rights:

👁️

Right of Access

Request a copy of your personal data that we hold.

✏️

Right to Rectification

Request correction of inaccurate or incomplete data.

🗑️

Right to Erasure

Request deletion of your data (Right to be Forgotten).

⏸️

Right to Restriction

Request temporary suspension of data processing.

📦

Right to Portability

Receive your data in a machine-readable format.

🚫

Right to Object

Object to data processing for marketing purposes.

To exercise any of these rights, please contact us at contact@237solutions.tech. We will respond within 30 days.

7. Data Retention

  • User Account Data: For the duration of the account + 30 days after deletion.
  • Order Data: 3 years for accounting and tax purposes.
  • GPS/Location Data: 90 days (auto-purged).
  • Login/Audit Logs: 1 year.
  • Tenant Data: 30 days after service cancellation.

8. Cookies & Tracking Technologies

We use cookies necessary for Platform operation:

  • Essential Cookies: Session, Authentication Token — cannot be disabled.
  • Preference Cookies: Language, Theme — can be disabled.

We do not use third-party tracking cookies for cross-site tracking.

9. International Data Transfers

Your data is stored on servers in Singapore (SGP1) via DigitalOcean, which complies with international security standards. Cross-border data transfers are subject to appropriate safeguards as required by PDPA.

10. Children's Data

The Platform is not designed for individuals under 18 years of age. We do not intentionally collect data from minors. If such data is discovered, it will be deleted immediately.

11. Policy Changes

We may update this Policy from time to time. Significant changes will be communicated in advance via email or Platform announcement. We recommend reviewing this Policy periodically.

12. Data Protection Officer (DPO)

237 Solutions Group Co., Ltd.

📧 Email: contact@237solutions.tech

🌐 Website: https://www.237solutions.tech

📍 Bangkok, Thailand

Terms of Service →