Information We Collect

Data You Give Us Directly

When you work with us or reach out through our website, you share certain information. This typically includes:

• Your name, email address, and phone number when you contact us
• Company details and job title for business communications
• Technical specifications and API documentation you provide for testing projects
• Payment information processed through secure third-party providers
• Messages and attachments you send through our contact forms or email

Technical Data We Collect Automatically

Like most websites, ours collects some technical information when you visit. This helps us understand how people use our site and spot potential issues:

• IP address and general location (city/country level, not your exact address)
• Browser type, device information, and operating system
• Pages you visit and how long you spend on them
• Where you came from (referring website or search engine)
• Date and time of your visit

Testing and Project Data

During active projects, we process the technical data you provide specifically for testing purposes. This might include API endpoints, authentication credentials (handled with extra security), test scenarios, and integration specifications.

How We Use Your Information

We're not in the business of collecting data for its own sake. Everything we gather serves a specific purpose:

Data Retention and Storage

We don't keep information longer than necessary. Here's our approach to data retention:

Active Project Data

While we're working together, we maintain all project-related information needed to deliver quality testing services. This includes technical documentation, test results, and communication records.

After Project Completion

• Test results and reports: Kept for 2 years to support potential follow-up work or reference needs
• API credentials and sensitive technical data: Securely deleted within 90 days after project completion
• Contact information: Retained for 3 years to maintain business relationships and support future inquiries
• Financial records: Kept for 7 years as required by Thailand tax regulations
• Website analytics: Aggregated and anonymized after 26 months

Where We Store Your Data

Our primary servers are located in secure data centers with industry-standard protections. We use cloud services from reputable providers who maintain strict security standards. All sensitive data is encrypted both in transit and at rest.

Sharing Your Information

We limit data sharing to what's genuinely necessary. Here's who might see your information:

Service Providers

We work with carefully selected vendors who help us run our business. These might include:

• Cloud hosting providers for secure data storage
• Email service providers for business communications
• Payment processors for handling transactions (they never share full payment details with us)
• Analytics platforms to understand website usage patterns

All service providers are contractually bound to protect your data and can only use it for the specific purposes we've authorized.

Legal Requirements

Sometimes we're legally required to share information. This happens rarely, but we'll disclose data when:

• Required by Thailand law or legal process
• Necessary to protect our legal rights or property
• Needed to prevent fraud or security threats
• Requested by government authorities with proper legal authorization

Business Transfers

If Brighton-Flareon is acquired or merges with another company, your information would transfer to the new entity. We'd notify you beforehand and ensure the new owner honors this privacy policy.

Your Rights and Choices

Your data belongs to you. Under Thailand's Personal Data Protection Act (PDPA) and international privacy standards, you have several rights:

Access Your Data

You can request a copy of all personal information we hold about you. We'll provide this in a readable format within 30 days of your request.

Correct Inaccuracies

If any information we have is wrong or outdated, let us know. We'll update our records promptly.

Delete Your Information

You can ask us to delete your personal data. We'll comply unless we have a legitimate reason to keep it (like completing an active project or meeting legal obligations). We'll explain our reasoning if we can't delete everything immediately.

Restrict Processing

You can ask us to limit how we use your data in certain situations—for example, if you're questioning its accuracy or need to establish legal claims.

Data Portability

Want to take your data to another service provider? We'll give you a copy in a commonly used, machine-readable format when technically feasible.

Object to Processing

You can object to our use of your information for certain purposes, particularly for marketing communications. We'll stop unless we have compelling legitimate grounds to continue.

Withdraw Consent

If we're processing your data based on your consent, you can withdraw that consent at any time. This won't affect processing that happened before you withdrew consent.

Security Measures

Given the technical nature of our work, security isn't optional—it's fundamental. Here's how we protect your information:

Technical Safeguards

• 256-bit SSL/TLS encryption for all data transmitted to and from our servers
• AES-256 encryption for sensitive data at rest
• Regular security audits and vulnerability assessments
• Firewalls and intrusion detection systems monitoring our infrastructure
• Secure development practices following OWASP guidelines

Access Controls

Only authorized team members can access client data, and access is limited to what's necessary for their role. We use multi-factor authentication, strong password policies, and regular access reviews.

Employee Training

Everyone on our team receives ongoing security and privacy training. We take data protection seriously at every level of the organization.

Incident Response

Despite our best efforts, no system is completely immune to breaches. If a security incident affects your data, we'll notify you within 72 hours and explain what happened, what data was involved, and what steps we're taking to address it.

Cookies and Tracking Technologies

Our website uses cookies—small text files stored on your device that help the site function properly and give us insights into how people use it.

Types of Cookies We Use

• Essential Cookies: Required for the website to function. These handle things like security and basic navigation.
• Analytics Cookies: Help us understand visitor behavior so we can improve the site. These are anonymized and aggregated.
• Preference Cookies: Remember your choices (like language settings) to personalize your experience.

Managing Cookies

Most browsers let you control cookies through their settings. You can block cookies entirely, though this might affect how our website works. Check your browser's help section for specific instructions.

Third-Party Links

Our website might link to external sites—documentation platforms, industry resources, or partner services. We don't control these sites and aren't responsible for their privacy practices. When you click away from brighton-flareon.com, check that site's privacy policy.

International Data Transfers

We're based in Thailand, but we use some services hosted in other countries. When your data crosses borders, we ensure it's protected through:

• Contracts with service providers that include data protection obligations
• Use of providers certified under recognized privacy frameworks
• Implementation of appropriate technical and organizational safeguards
• Compliance with Thailand's PDPA requirements for international transfers

Children's Privacy

Our services are designed for businesses, not children. We don't knowingly collect information from anyone under 18. If we discover we've inadvertently gathered data from a minor, we'll delete it immediately.

Changes to This Policy

Privacy practices evolve, and we might update this policy from time to time. When we make significant changes, we'll notify you via email or through a prominent notice on our website. The "Last Updated" date at the top tells you when we last revised this document.

We encourage you to review this policy periodically. Continued use of our services after changes indicates your acceptance of the updated terms.

Supervisory Authority

If you're not satisfied with how we've handled your privacy concerns, you have the right to file a complaint with Thailand's Personal Data Protection Committee (PDPC) or the relevant data protection authority in your jurisdiction.