Privacy Policy
Last updated: March 15, 2025
At Stream-Brain, we take your privacy seriously. This document explains how we collect, use, and protect your personal information when you use our budget approval workflow services. We operate in Thailand and comply with local data protection regulations while maintaining international standards for information security.
We believe in transparency. This policy uses straightforward language because we want you to actually understand what happens with your data. If something isn't clear, reach out to us directly.
Privacy Questions?
Email us: [email protected]
Call: +66 32 326 797
Office: 335/2-3 Moo 3, Sai 331 Rd Bowin, Sriracha, Chon Buri 20230, Thailand
Information We Collect
When you use Stream-Brain, we collect different types of information depending on how you interact with our platform. Some information you give us directly. Other information gets collected automatically as you use our services.
Information You Provide
- Account registration details including your name, work email address, and company information
- Profile information such as job title, department, and organizational role within the budget approval workflow
- Budget data, financial documents, and approval requests you submit through our platform
- Communication content when you contact our support team or participate in training sessions
- Payment and billing information when you subscribe to our services
- Feedback, survey responses, and testimonials you choose to share with us
Automatically Collected Information
- Technical data about your device, browser type, operating system, and IP address
- Usage patterns including pages visited, features accessed, and time spent on the platform
- Login timestamps and session duration for security monitoring
- Workflow interaction data to help us improve approval processes and system performance
We don't collect unnecessary information. Every piece of data we gather serves a specific purpose related to providing, securing, or improving our budget approval workflow services.
How We Use Your Information
Your data helps us operate Stream-Brain effectively and serve you better. Here's what we actually do with the information we collect:
| Purpose | Description |
|---|---|
| Service Delivery | Processing budget approvals, managing workflows, and ensuring platform functionality |
| Account Management | Creating and maintaining your user profile, handling authentication and access control |
| Communication | Sending system notifications, approval alerts, and important service updates |
| Support Services | Responding to your questions, troubleshooting issues, and providing technical assistance |
| Platform Improvement | Analyzing usage patterns to enhance features and optimize workflow efficiency |
| Security | Detecting fraud, preventing unauthorized access, and protecting against cyber threats |
| Compliance | Meeting legal obligations and maintaining audit trails as required by Thai regulations |
We process your personal data based on several legal grounds including contractual necessity, legitimate business interests, legal compliance, and your explicit consent where required. You always have control over how we use your information.
Data Sharing and Disclosure
We don't sell your personal information. Period. However, we do share data with specific parties who help us operate our business and serve you effectively.
Service Providers
We work with trusted third-party companies that process data on our behalf. These include cloud hosting providers, payment processors, email service providers, and analytics tools. All service providers sign strict confidentiality agreements and can only use your data for specific purposes we authorize.
Business Transfers
If Stream-Brain undergoes a merger, acquisition, or sale of assets, your information might be transferred to the new entity. We'll notify you before this happens and explain any changes to how your data is handled.
Legal Requirements
Sometimes we must disclose information to comply with Thai law, respond to valid legal requests from authorities, protect our rights and property, or ensure user safety. We carefully review each request and only share what's legally necessary.
Within Your Organization
Budget approval workflows involve multiple people in your company. Relevant data is shared with designated approvers, financial administrators, and other authorized users within your organization based on their roles and permissions.
Thailand-Specific Privacy Considerations
As a company operating in Thailand, we comply with the Personal Data Protection Act (PDPA) which came into full effect in 2022. This law gives you specific rights regarding your personal information.
We maintain our primary data processing operations within Thailand, working with local service providers where possible. When international data transfers are necessary for technical reasons, we implement appropriate safeguards to protect your information.
Thai residents have the right to file complaints with the Personal Data Protection Committee if you believe your privacy rights have been violated. However, we encourage you to contact us first so we can address your concerns directly.
Your Privacy Rights
You have significant control over your personal information. Under Thai law and our commitment to transparency, you can exercise the following rights:
Access Your Data
Request a copy of all personal information we hold about you. We'll provide this in a readable format within 30 days.
Correct Inaccuracies
Update or fix incorrect personal information directly through your account settings or by contacting our support team.
Delete Your Data
Request deletion of your personal information, subject to legal retention requirements and contractual obligations.
Restrict Processing
Limit how we use your data in certain circumstances, such as when you contest the accuracy of information.
Data Portability
Receive your data in a structured, commonly used format that can be transferred to another service provider.
Withdraw Consent
Revoke permission for data processing activities based on your consent at any time through your account settings.
To exercise any of these rights, email us at [email protected] with your request. We'll verify your identity and respond within the timeframes required by Thai law. There's no charge for most requests, though we might charge a reasonable fee for excessive or repetitive requests.
Data Security Measures
Protecting your information isn't just a legal requirement for us. It's fundamental to our business. We implement multiple layers of security to keep your data safe from unauthorized access, alteration, or destruction.
Technical Safeguards
- End-to-end encryption for data transmission using industry-standard TLS protocols
- Encrypted storage for sensitive financial data and personal information at rest
- Multi-factor authentication requirements for account access and critical actions
- Regular security audits and penetration testing conducted by independent experts
- Automated backup systems with secure, geographically distributed storage
- Intrusion detection systems that monitor for suspicious activity 24/7
Organizational Measures
- Strict access controls limiting employee data access based on job requirements
- Comprehensive confidentiality agreements signed by all staff members
- Regular security training for employees covering data protection best practices
- Incident response procedures for quickly addressing potential security breaches
- Annual third-party security assessments and compliance certifications
Despite our efforts, no system is completely secure. If we detect a data breach that affects your personal information, we'll notify you promptly along with relevant authorities as required by Thai law.
Data Retention Periods
We don't keep your data longer than necessary. Retention periods vary based on the type of information and legal requirements.
Active Account Data
While your account remains active, we maintain your profile information, budget data, and approval records to provide continuous service. You can delete specific items through your account settings at any time.
Inactive Accounts
If your subscription ends or your account becomes inactive, we typically retain core data for 90 days to allow for reactivation. After this grace period, we delete or anonymize most personal information unless legal obligations require longer retention.
Legal and Financial Records
Thai law requires us to maintain certain financial and tax-related records for seven years. Audit trails and compliance documentation may also be retained for extended periods to meet regulatory requirements.
Backup Systems
Data in our backup systems gets deleted according to automated retention schedules, typically within 60 days of removal from production systems.
International Data Transfers
While we primarily process data within Thailand, some service providers we work with operate internationally. This means your information might occasionally be transferred to or processed in other countries.
When we transfer data outside Thailand, we ensure appropriate safeguards are in place. These include using service providers certified under recognized data protection frameworks, implementing standard contractual clauses, and conducting due diligence on international partners' security practices.
Countries outside Thailand may have different data protection laws. Where legal protections are weaker, we implement additional contractual and technical measures to maintain the same level of protection your data receives in Thailand.
Children's Privacy
Stream-Brain is designed for business use by adults. We don't knowingly collect personal information from individuals under 18 years of age. Our services require users to be at least 18 years old or the age of legal majority in Thailand.
If we discover that we've inadvertently collected information from someone under 18, we'll delete that data promptly. Parents or guardians who believe their child has provided us with personal information should contact us immediately.
Changes to This Policy
We update this privacy policy occasionally to reflect changes in our practices, technology, legal requirements, or business operations. The date at the top of this document shows when it was last modified.
When we make significant changes that affect how we handle your personal information, we'll notify you through email or a prominent notice on our platform before the changes take effect. We encourage you to review this policy periodically to stay informed about how we protect your data.
Continuing to use Stream-Brain after policy changes indicates your acceptance of the updated terms. If you disagree with changes, you can close your account before they take effect.
Contact Information and Complaints
Questions about this privacy policy or how we handle your data? We're here to help. Our team takes privacy concerns seriously and responds to inquiries promptly.
Privacy Inquiries:
Email: [email protected]
Phone: +66 32 326 797
Office Hours: Monday to Friday, 9:00 AM to 6:00 PM (Thailand time)
Postal Address: 335/2-3 Moo 3, Sai 331 Rd Bowin, Sriracha, Chon Buri 20230, Thailand
If you believe we've violated your privacy rights or mishandled your personal information, please contact us first. We'll investigate your complaint thoroughly and work to resolve any issues.
You also have the right to file a complaint with Thailand's Personal Data Protection Committee if you're unsatisfied with our response. However, we hope to address your concerns directly before you take that step.