Last updated: 2026-07-14
This policy explains what we collect, how we use it, and how we protect your personal data, aligned with Thailand’s PDPA.
Account data (name and email), profile text (including text extracted from DOCX/TXT/MD files), grades and scores, targets, analyses, application progress, billing identifiers, referrals, email-delivery records, and product usage events. We do not retain the original uploaded document.
To provide the readiness analysis, rank what to do next, save your progress, and manage your account and billing.
Your profile content (including text extracted from uploaded files) is sent server-side to an AI provider (e.g. OpenAI or kie.ai) to generate the analysis. We do not sell your data.
We use necessary processors including Railway (hosting), Supabase (database/auth), Stripe (payments), OpenAI or kie.ai (AI), and—when enabled—Resend (email), Sentry (error monitoring), Plausible, or Google Analytics. We share only what is needed for each service.
Some processors operate outside Thailand. Where personal data is transferred internationally, we use the processor’s contractual and security safeguards and limit the transferred data to the service purpose.
Account content is kept while your account is active and is deleted when you permanently delete the account, subject to records we must retain by law. Security and operational logs are retained only for a limited troubleshooting period; payment records remain with Stripe under its legal obligations.
We use row-level security, server-only credentials, access controls, and encrypted transport. No online system can guarantee absolute security.
You can access, export (self-service in Settings), correct, and delete your data (permanent account deletion is self-service in Settings).
To exercise your rights or ask a question, contact [email protected].