Information We Collect

When you interact with our platform, we gather several types of information to provide you with better financial management tools. Some data you provide directly, while other information is collected automatically.

Personal Information You Provide

When you register for an account or use our services, you might share:

• Your name and email address for account creation
• Phone number if you choose to enable two-factor authentication
• Financial goals and budget categories you set up
• Payment information when subscribing to premium features
• Communication preferences and feedback you submit

Automatically Collected Data

Our systems collect certain technical information to improve your experience:

• Device information including browser type and operating system
• IP address and general location data
• Usage patterns like features you access most often
• Session duration and interaction timestamps
• Cookie data and similar tracking technologies

How We Use Your Information

We don't sell your data to third parties. Everything we collect serves specific purposes that benefit your budgeting experience or helps us maintain the platform.

Data Sharing and Third Parties

We work with select service providers who help us operate the platform. Each has signed strict data protection agreements and can only access information necessary for their specific function.

When We Share Your Data

• Payment Processors: Secure payment handlers process subscription fees but never see your full financial picture
• Cloud Infrastructure: Hosting providers store encrypted data but cannot access the contents
• Analytics Services: We use privacy-focused analytics that don't track individual users
• Customer Support Tools: Support staff access only the information needed to resolve your specific inquiry
• Legal Requirements: We may disclose information when required by Thai courts or law enforcement with proper authorization

We never sell, rent, or trade your personal information to marketers or data brokers. If our business structure changes through merger or acquisition, we'll notify you before your data is transferred and becomes subject to different privacy practices.

Your Privacy Rights

Under the PDPA and our commitment to data protection, you have substantial control over your personal information. Here's what you can do:

Data Security Measures

Protecting your financial information isn't optional for us. We've implemented multiple layers of security to keep your data safe from unauthorized access.

Technical Protections

• End-to-end encryption for data transmission using TLS 1.3 protocol
• AES-256 encryption for data at rest on our servers
• Regular security audits and penetration testing by independent firms
• Automated backup systems with encrypted storage in geographically separate locations
• Multi-factor authentication options for account access

Organizational Safeguards

Our team follows strict internal protocols. Staff access to user data is limited based on job requirements and logged for audit purposes. All employees sign confidentiality agreements and receive regular privacy training. We maintain an incident response plan that's tested quarterly to ensure quick action if security issues arise.

While we employ industry-standard security measures, no system is completely invulnerable. If a data breach affects your account, we'll notify you within 72 hours as required by Thai law and provide guidance on protective steps you can take.

Data Retention and Deletion

We don't keep your information longer than necessary. Different types of data have different retention periods based on their purpose and legal requirements.

Active Account Data

While your account remains active, we maintain your profile information, budget entries, and usage history to provide continuous service. You can delete individual budget entries at any time through the platform interface.

After Account Closure

When you close your account, we begin a deletion process that completes within 90 days. Some information may be retained longer for specific reasons:

• Transaction records kept for 7 years to comply with Thai accounting regulations
• Support correspondence retained for 3 years to resolve potential disputes
• Anonymized usage statistics kept indefinitely for product improvement
• Legal hold data preserved when required by court order or ongoing investigations

You can request immediate deletion of most data by emailing our privacy team. We'll process urgent requests within 5 business days, though some information subject to legal requirements may remain in our systems.

Cookies and Tracking Technologies

Like most websites, we use cookies to remember your preferences and understand how you use our platform. You have control over these technologies.

Types of Cookies We Use

• Essential Cookies: Required for login, security, and basic platform functionality. These cannot be disabled.
• Preference Cookies: Remember your settings like language choice and dashboard layout.
• Analytics Cookies: Help us understand which features get used most and where users encounter problems.
• Security Cookies: Detect suspicious activity and prevent unauthorized access attempts.

You can manage cookie preferences through your browser settings. Blocking certain cookies might affect platform functionality. We don't use advertising cookies or allow third-party tracking for marketing purposes on our platform.

International Data Transfers

Your data is primarily stored on servers located in Thailand. However, some of our service providers operate infrastructure in other countries, which means your information might be processed outside Thailand.

When we transfer data internationally, we ensure adequate protection through:

• Standard contractual clauses approved by Thai data protection authorities
• Verification that recipient countries provide adequate privacy protections
• Additional encryption during transfer and storage abroad
• Regular audits of international partners' security practices

If you have concerns about international transfers, contact us to learn more about the specific safeguards in place for your data.

Children's Privacy

Our platform is designed for adults managing personal or household finances. We don't knowingly collect information from anyone under 18 years old. If you're a parent who discovers your child has created an account, please contact us immediately so we can delete their information.

Educational accounts for financial literacy programs must be set up by teachers or guardians with appropriate consent documentation. These accounts have additional privacy protections and limited data collection.

Changes to This Policy

We update this privacy policy occasionally to reflect new features, legal requirements, or improvements to our data practices. When we make significant changes, we'll notify you through email and a prominent notice on the platform at least 30 days before the new terms take effect.

Minor clarifications or updates that don't affect how we handle your data might be made without individual notification. We recommend reviewing this policy every few months to stay informed about our current practices.

Continued use of the platform after policy changes take effect means you accept the updated terms. If you disagree with new policies, you can close your account before they become effective.

Compliance and Regulatory Information

NovonRebootOn complies with Thailand's Personal Data Protection Act (PDPA) B.E. 2562 and related regulations. We've registered as a data controller with the Personal Data Protection Committee and maintain documentation of our processing activities as required by law.

Our Data Protection Officer oversees privacy compliance and serves as your point of contact for concerns. You can reach them directly at [email protected] with any questions about how we handle your information.

If you believe we've mishandled your data, you have the right to file a complaint with the Personal Data Protection Committee in Thailand. We'd appreciate the opportunity to address your concerns directly first, but you're free to contact regulators at any time.