Last updated: May 2026
Reference: Personal Data Protection Act (PDPA) 2019
Data you provide directly: name, phone, email, property details, tenant data entered into the system, payment slips | Data collected automatically: IP address, browser/device info, usage logs, cookies
Providing and improving IslandDorm | Sending service-related notifications (billing alerts, subscription reminders) | Identity verification and fraud prevention | Legal compliance
Contract performance: to provide IslandDorm services | Legitimate interests: fraud prevention, service improvement, usage analytics | Legal compliance: when disclosure is required by law
IslandDorm does not sell personal data. We may share with service providers: Supabase (database/auth), Vercel (hosting), Resend/SendGrid (email) — under DPA agreements for processing on our behalf only. Disclosure to authorities only when legally required.
Data may be processed abroad (Supabase/Vercel in US/Singapore). All providers maintain appropriate safeguards under ISO 27001 and SOC 2 standards.
For the duration of your subscription | After cancellation: retained 30 days then permanently deleted | Usage logs: 90 days | Payment documents: per Thai accounting law (5 years)
Right of Access | Right of Rectification | Right to Erasure | Right to Object | Right to Data Portability | Exercise rights by contacting: privacy@islanddorm.com
SSL/TLS encryption for all data in transit | Critical data encrypted in database | Least-privilege access controls | Audit logs for data access | Annual penetration testing (planned)
Contact DPO: privacy@islanddorm.com | You have the right to lodge a complaint with Thailand's PDPC if you believe your rights have been violated.
At least 30 days' advance notice before new policy takes effect, via email and in-app notification.