Privacy Policy
Last Updated: March 15, 2025
At ProfileOnApp, we take your privacy seriously. This isn't just another legal document we threw together because we had to — it's an actual commitment to keeping your financial information safe and treating your data with respect.
We built this expense tracking tool because we wanted something better for ourselves, and now we're sharing it with you. This policy explains what happens with your information when you use our service, operating from Thailand and serving users who trust us with their financial data.
1. Information We Collect
Let's be straight about what we're collecting here. When you use ProfileOnApp for expense tracking, we need certain information to make the service actually work for you.
Personal Information You Provide
When you sign up, we ask for basic details: your name, email address, and password. If you choose to add payment methods, we'll store that information securely (more on security later). You can also add optional profile details like your preferred currency or spending categories.
Account Data
Name, email, password (encrypted), profile preferences, and account settings
Financial Data
Transaction records, expense categories, payment methods, and spending patterns
Usage Information
How you interact with features, which tools you use most, and general app behavior
Information We Collect Automatically
Like most apps, we automatically gather some technical information. This includes your device type, operating system, IP address, and how you navigate through the app. We use this to fix bugs, improve performance, and make sure everything runs smoothly across different devices.
We also track which features you use and how often. Not because we're nosy, but because it helps us understand what's working and what needs improvement.
2. How We Use Your Information
Your data isn't just sitting in a database doing nothing. Here's what we actually do with it:
- Provide the core expense tracking service — categorizing transactions, generating reports, and helping you understand your spending
- Send you important updates about your account, security alerts, or changes to our service
- Improve our features based on how people actually use the app (anonymized data only)
- Prevent fraud and keep your account secure from unauthorized access
- Comply with Thai laws and regulations, including data protection requirements under PDPA
- Respond to your support requests and help solve any issues you encounter
We do not sell your personal information to third parties. Period. That's not our business model and never will be.
Marketing Communications
We might occasionally send you emails about new features or improvements, but you can opt out anytime. We're not going to flood your inbox with promotional stuff — we have better things to do, and so do you.
3. Data Storage and Security
Your financial data deserves serious protection. We use industry-standard encryption both when data travels to our servers and when it's stored.
Security Measures
All data transmission happens over HTTPS. Passwords are hashed using bcrypt (they're never stored in plain text). We use encrypted database storage and regular security audits to identify vulnerabilities before they become problems.
Our servers are located in secure data centers with physical security controls. We implement access controls so only authorized personnel can access user data, and even then, only when absolutely necessary for legitimate business purposes.
| Data Type | Storage Location | Retention Period |
|---|---|---|
| Account Information | Encrypted cloud servers | Active account duration + 2 years |
| Transaction Records | Encrypted database | 7 years (tax compliance) |
| Usage Analytics | Anonymized data warehouse | 3 years |
| Support Communications | Secure ticket system | 5 years |
Data Breaches
If something goes wrong — and we really hope it doesn't — we'll notify affected users within 72 hours as required by Thai PDPA regulations. We'll also inform relevant authorities and take immediate steps to contain and resolve the issue.
4. Sharing Your Information
We keep your information to ourselves as much as possible, but there are some situations where we need to share it:
Service Providers
We work with third-party services for things like hosting, email delivery, and payment processing. These providers have access only to the information they need to perform their specific functions, and they're contractually obligated to protect your data.
Legal Requirements
If Thai authorities require us to provide information through proper legal channels, we'll comply. We might also share data if necessary to prevent fraud, protect our legal rights, or ensure user safety.
Business Transfers
If ProfileOnApp gets acquired or merges with another company (unlikely right now, but you never know), your information would transfer to the new entity. We'd notify you beforehand and ensure the new owner maintains the same privacy standards.
We never share your personal financial data with advertisers or marketing companies. Your spending habits are yours alone.
5. Your Rights Under Thai PDPA
Thailand's Personal Data Protection Act gives you specific rights regarding your information. We're based here, so we take these seriously:
Right to Access
You can request a copy of all personal data we hold about you. Just email us and we'll send it within 30 days.
Right to Correction
Found outdated or incorrect information? Let us know and we'll fix it. Most account details you can update directly in the app.
Right to Erasure
Want to delete your account and data? You can do this through app settings or by contacting support. We'll remove everything except what we legally need to keep for tax purposes.
Right to Data Portability
You can export your transaction data and take it elsewhere. We provide CSV and JSON formats for easy transfer.
Right to Object
Don't like how we're processing your data? You can object to certain types of processing, especially for marketing purposes.
Right to Restrict Processing
In some situations, you can ask us to temporarily stop processing your data while we address your concerns.
To exercise any of these rights, contact us at [email protected]. We'll respond within 30 days as required by law.
6. International Data Transfers
Our primary servers are located in Thailand, but we use some cloud services that might store data across different regions. When your data moves internationally, we ensure it's protected by appropriate safeguards like standard contractual clauses.
If you're using ProfileOnApp from outside Thailand, your information will be transferred to and processed in Thailand where our main operations are based.
7. Cookies and Tracking
We use cookies to keep you logged in and remember your preferences. Some analytics cookies help us understand how people use the app.
Types of Cookies We Use
- Essential Cookies: Required for the app to function properly. You can't disable these.
- Preference Cookies: Remember your settings like currency or language preferences.
- Analytics Cookies: Help us understand usage patterns. These are optional.
You can manage cookie preferences in your browser settings, though disabling essential cookies will break some features.
8. Data Retention
We don't keep your information forever. Here's our general approach:
Active account data stays as long as you're using the service. After you delete your account, we keep transaction records for seven years to comply with Thai tax laws. Everything else gets deleted within 90 days of account closure.
Anonymized analytics data (with no personal identifiers) might be retained longer for product improvement purposes.
9. Children's Privacy
ProfileOnApp isn't designed for anyone under 18. We don't knowingly collect information from minors. If we discover we've accidentally collected data from someone under 18, we'll delete it immediately.
10. Changes to This Policy
We'll update this policy occasionally as our service evolves or laws change. When we make significant changes, we'll notify you via email and update the "Last Updated" date at the top.
We recommend checking back periodically, especially if you're concerned about privacy practices. Material changes won't take effect for at least 30 days after notification.
11. Third-Party Services
Our app integrates with some external services to provide better functionality. These include payment processors, cloud storage providers, and analytics tools. Each has their own privacy policies that govern how they handle data.
We carefully vet these partners, but once data leaves our systems, their policies apply. We recommend reviewing their privacy practices if you're concerned.
Questions About Privacy?
If something in this policy isn't clear, or you have concerns about how we handle your data, reach out to us. We're real people and we'll actually respond.