Privacy Policy

SyncEdge Solution Co., Ltd. is the data controller responsible for personal data collected through this website (syncedge.tech) and any associated communication channels.

We collect only the minimum data necessary to operate our website, respond to enquiries, and improve our services. We do not sell or rent personal data.

We use the personal data we collect for the following purposes:

• Responding to enquiries — to reply to messages sent through our contact form and to discuss potential project engagements
• Project scoping and proposals — to prepare customised project proposals where you have requested one
• Website analytics — to understand how visitors interact with our website and to improve its content and usability
• Security and fraud prevention — to detect and prevent malicious activity, spam, and abuse
• Legal compliance — to comply with applicable Thai law, including the PDPA and related regulations
• Communications — to send you information you have requested, such as confirmation of receipt of your enquiry (no unsolicited marketing without your explicit consent)

We will not use your personal data for any purpose that is incompatible with the purposes listed above without first obtaining your consent.

Under the PDPA, we rely on the following legal bases to process your personal data:

• Consent (PDPA Section 19) — where you have freely and explicitly agreed to the processing, for example by submitting our contact form or accepting non-essential cookies
• Contractual necessity (PDPA Section 24(3)) — where processing is necessary to perform a contract with you or to take steps at your request prior to entering into a contract
• Legitimate interests (PDPA Section 24(5)) — where processing is necessary for our legitimate interests (such as website security and analytics) and those interests are not overridden by your rights
• Legal obligation (PDPA Section 24(6)) — where processing is necessary for compliance with a legal obligation under Thai law

We do not sell, trade, or rent your personal data to third parties. We may share your data only in the following limited circumstances:

We retain personal data only for as long as necessary to fulfil the purposes described in this policy, or as required by law.

• Contact form submissions — retained for up to 3 yearsfrom the date of last contact, or until the enquiry is resolved and no further engagement is anticipated
• Analytics data — aggregate, non-identifiable analytics data may be retained indefinitely; identifiable components (e.g. IP addresses) are anonymised within 24 hours of collection
• Legal and compliance records — retained for the periods required by Thai law (typically 5–10 years for business and tax records)

Upon expiry of the applicable retention period, personal data is securely deleted or anonymised so that it can no longer be attributed to any individual.

We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, disclosure, alteration, or destruction. Our measures include:

• Encryption in transit — all data transmitted between your browser and our website is encrypted using TLS 1.2 or higher
• Access controls — personal data is accessible only to team members with a legitimate need to access it, protected by role-based access controls and multi-factor authentication
• Secure infrastructure — we host on reputable cloud platforms with industry-standard physical and network security certifications
• Regular review — our security practices are periodically reviewed and updated in response to emerging threats and regulatory guidance

Cookies are small text files placed on your device when you visit a website. We use cookies to provide essential website functionality and to understand how our site is used.

Under Thailand's Personal Data Protection Act B.E. 2562 (PDPA), you have the following rights regarding your personal data:

• Right to be informed (Section 23) — to be informed about how your data is being collected and used, as set out in this policy
• Right of access (Section 30) — to request a copy of the personal data we hold about you and to verify how it is being processed
• Right to rectification (Section 35) — to request correction of inaccurate, incomplete, or out-of-date personal data
• Right to erasure (Section 33) — to request deletion of your personal data where there is no legitimate reason for us to continue processing it
• Right to restriction (Section 34) — to request that we temporarily stop processing your data in certain circumstances
• Right to data portability (Section 31) — to receive your personal data in a structured, commonly used, machine-readable format and to transfer it to another controller, where technically feasible
• Right to object (Section 32) — to object to processing based on legitimate interests, including profiling
• Right to withdraw consent (Section 19) — to withdraw consent at any time where processing is based on your consent; withdrawal does not affect the lawfulness of processing carried out before withdrawal

To exercise any of these rights, please contact us using the details in Section 13. We will respond to all requests within 30 days of receipt. In complex cases, we may extend this period by a further 60 days, and we will notify you of any extension.

Our primary operations and data storage are based in Thailand. However, some of our service providers (e.g. cloud hosting and analytics platforms) may process data on servers located outside Thailand.

When we transfer personal data outside Thailand, we ensure that an adequate level of protection is in place, either by:

• Transferring to countries or organisations recognised as providing adequate protection under PDPA Section 28
• Implementing appropriate safeguards such as standard contractual clauses approved by the PDPC
• Obtaining your explicit consent for the transfer where required

Our website and services are directed at businesses and professionals. We do not knowingly collect personal data from individuals under the age of 20. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at contact@syncedge.tech and we will promptly delete such data.

Under the PDPA, if we knowingly collect data from a minor (under 20), we are required to obtain parental or guardian consent. As our services are B2B in nature, such collection is not anticipated in the ordinary course of our operations.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will:

• Update the "Last updated" date at the top of this page
• Post a notice on our website where appropriate, or notify you directly if we hold your contact information and the change materially affects your rights

We encourage you to review this policy periodically. Your continued use of our website after the effective date of any changes constitutes your acknowledgement of the revised policy.

For any questions about this Privacy Policy, to exercise your PDPA rights, or to submit a data subject request, please contact our Data Protection Officer:

We aim to respond to all data subject requests within 30 days. To help us process your request efficiently, please include your full name, the email address associated with your interaction with us, and a clear description of the request.