About This Privacy Policy

At CloudenByteFlux, we understand that your privacy isn't just a legal requirement—it's fundamental to building the trust that makes our partnership possible. We've written this policy in plain language because you deserve to know exactly how we handle your information without needing a law degree to understand it.

This policy applies to all information we collect through our website, during consultations, throughout project development, and in ongoing client relationships. We operate under Thailand's Personal Data Protection Act (PDPA) and follow international best practices that often exceed local requirements.

Information We Collect

Information You Share Directly

When you reach out to us, whether through our contact form, phone calls, or meetings, we collect the information you choose to share:

• Contact Information: Name, email address, phone number, company name, and business address
• Project Details: Business requirements, technical specifications, timeline preferences, and budget considerations
• Business Context: Information about your industry, current systems, goals, and challenges
• Communication Preferences: How and when you prefer to receive updates and correspondence

Information We Collect Automatically

Our website collects standard technical information to improve your experience and ensure security:

• Usage Data: Pages visited, time spent on site, click patterns, and navigation paths
• Technical Information: IP address, browser type, device information, and operating system
• Performance Data: Site loading times, error messages, and technical issues

How We Use Your Information

Your information serves specific, practical purposes in our business relationship:

Your Rights and Control

Under Thailand's PDPA and our own commitment to transparency, you have comprehensive control over your personal information. Here's what you can do and how to do it:

To exercise these rights, simply contact us using the information below. We'll respond within 30 days and guide you through the process without unnecessary complications.

Data Security and Protection

Protecting your information isn't just good practice—it's essential to our business. We implement multiple layers of security that evolve with emerging threats and industry standards.

Technical Security Measures

• Encryption: All data transmission uses TLS 1.3 encryption, and sensitive data is encrypted at rest using AES-256 standards
• Access Controls: Multi-factor authentication, role-based access permissions, and regular access reviews ensure only authorized personnel can access your information
• Infrastructure Security: Our systems use enterprise-grade firewalls, intrusion detection, and automated security monitoring
• Regular Testing: Quarterly security assessments, vulnerability scanning, and penetration testing identify and address potential weaknesses

Operational Security

• Staff Training: Regular security awareness training for all team members who handle client information
• Incident Response: Established procedures for detecting, containing, and responding to any security incidents
• Data Backups: Encrypted, geographically distributed backups ensure data availability while maintaining security
• Vendor Management: All third-party services undergo security evaluation and maintain appropriate certifications

Information Sharing and Disclosure

We don't sell, rent, or trade your personal information. However, we do share information in specific, limited circumstances that support your service experience:

Service Providers

We work with carefully selected partners who help deliver our services:

• Cloud Infrastructure: Hosting providers who meet enterprise security standards and data residency requirements
• Communication Tools: Email services, project management platforms, and collaboration tools used in client work
• Payment Processing: Financial institutions and payment processors for invoicing and transactions
• Professional Services: Legal, accounting, and consulting services that support our business operations

All service providers sign confidentiality agreements and commit to data protection standards equivalent to our own.

Legal Requirements

We may disclose information when required by law, such as:

• Response to valid legal processes (court orders, subpoenas, or government requests)
• Protection of our rights, property, or safety, or that of our clients or the public
• Investigation of suspected fraud, security breaches, or other illegal activities
• Compliance with regulatory requirements in jurisdictions where we operate

Data Retention and Deletion

We keep your information only as long as necessary to provide services, meet legal obligations, and maintain our business relationship effectively.

Active Client Information

During active projects and ongoing service relationships, we maintain all relevant information to ensure continuity and quality of service. This includes project files, communication records, and technical documentation.

Post-Project Information

After project completion, we retain information according to these guidelines:

• Technical Documentation: Maintained for 3 years to support potential future work or troubleshooting
• Communication Records: Kept for 2 years for reference and to support any questions about completed work
• Financial Records: Retained for 7 years as required by Thai accounting and tax regulations
• Contact Information: Maintained indefinitely with your consent for occasional updates and future service opportunities

Deletion Process

When information reaches the end of its retention period, or when you request deletion, we:

1. Remove information from active systems within 30 days
2. Purge data from backup systems within 90 days
3. Provide confirmation of completed deletion upon request
4. Maintain deletion logs for audit purposes without retaining the deleted content

International Data Transfers

While we're based in Thailand and prefer to keep data within the region, some services require international data transfers. We ensure appropriate protections are in place:

Transfer Safeguards

• Adequacy Decisions: We prioritize transfers to countries recognized as providing adequate data protection
• Standard Contractual Clauses: When transferring to other jurisdictions, we use approved contractual protections
• Certification Programs: We work with providers who maintain recognized privacy certifications
• Additional Measures: Technical and organizational measures that enhance protection during international transfers

If you have concerns about international transfers, we can discuss data residency options that may be available for your specific requirements.

Updates to This Policy

We review and update this privacy policy regularly to reflect changes in our services, legal requirements, and industry best practices. We'll notify you of significant changes through:

• Email notification to active clients at least 30 days before changes take effect
• Prominent notice on our website for at least 60 days
• Direct communication during active projects if changes affect current work
• Updated effective date clearly displayed at the top of this policy

Continued use of our services after changes take effect indicates acceptance of the updated policy. If you disagree with changes, please contact us to discuss your options.