THAISEVA
THAISEVA
Welcome to ThaiSeva ("we," "us," or "our"), a tour and travel platform that helps you discover, book, and enjoy travel experiences across Thailand.
This Privacy Policy explains what personal information we collect when you use the ThaiSeva mobile application App or website, how we use it, with whom we share it, and the choices you have regarding your information. By creating an account or using the App, you agree to the practices described in this policy.
If you do not agree with any part of this Privacy Policy, please discontinue use of the App and contact us to delete your account at privacy@thaiseva.com.
We collect information you provide directly, information generated through your use of the App, and information from third-party services when applicable.
2.1 Account registration (standard user)
| Data field | Purpose | Required? |
|---|---|---|
| Full name | Identity, personalization, partner sharing | Required |
| Email address | Account access, notifications, receipts | Required |
| Mobile number | Verification, booking updates, rider coordination | Required |
| Password (hashed) | Account security — never stored in plain text | Required |
| Date of birth | Age verification (must be 18+) | Required |
| Profile photo | Profile identification, shared with partners for bookings | Optional |
2.2 T2T (Travel-to-Travel) business account
For business partners registering on the T2T portal, we additionally collect:
| Data field | Category |
|---|---|
| Business name, owner name, designation | Business identity |
| Business address, city, state | Location & service area |
| Office/business registration number, ID card details | Legal verification & KYC |
| Business email, phone number, website | Communication & listing |
| T2T username & password (hashed) | Portal access |
| Business location (GPS) | Map listing and discovery |
2.3 Information generated through app usage
When you use the App, we automatically collect: device identifiers (Android ID, device model, OS version), IP address, app usage logs, booking history, search queries, chat messages with our support team, payment transaction references (not full card data), and crash/diagnostic data.
| Purpose | Data used | Legal basis |
|---|---|---|
| Account creation & authentication | Name, email, phone, password | Contract |
| Age verification (18+ gate) | Date of birth | ContractLegal obligation |
| Tour package booking | Name, email, phone, location | Contract |
| Hotel booking | Name, email, profile photo, phone | Contract |
| Food ordering via partner restaurants | Name, location, phone, user ID | Contract |
| Rider/vehicle booking | Name, real-time location, phone | Contract |
| Showing nearby venues (map discovery) | Temporary GPS location | Consent |
| Customer support chat | Name, booking data, chat messages | Contract |
| Payment processing | Booking reference, amount | Contract |
| Service improvement & analytics | Anonymized usage data | Legitimate interest |
| Legal compliance & fraud prevention | Identity, transaction records | Legal obligation |
We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects without human review.
Location access is central to several ThaiSeva features. We are transparent about exactly when and why we access it:
| Feature | Location type | Stored? |
|---|---|---|
| Discover nearby restaurants, hotels, malls, clubs | Foreground — one-time read when you open the map | No — used in real time only |
| Rider / vehicle booking | Foreground — while booking is active | Yes — trip record is retained for safety |
| T2T business listing placement | One-time read during business registration | Yes — stored as business address |
We do not access your location in the background when the App is closed or not actively in use. You can revoke location permission at any time from your device Settings.
Location data used for map discovery is never shared with third parties in identifiable form. Location data attached to a rider booking is shared only with the assigned rider to fulfil the trip.
We only share your data as described below. We do not sell your personal information.
5.1 Registered platform partners (hotels, restaurants, riders)
When you make a booking or order through ThaiSeva, we share the following basic details with the relevant registered partner to fulfil your request:
We do not share financial details, date of birth, passwords, or any other sensitive information with partners beyond what is listed above.
5.2 Payment processors
Payments are processed by Stripe and Thailand's QR payment infrastructure. We share only the booking reference and amount. We do not store full card numbers; Stripe handles card data under PCI-DSS compliance. For QR payments, your bank or payment app processes the transaction directly.
5.3 Service providers
We use trusted third-party vendors for cloud hosting, push notifications, analytics, and customer support tools. These providers are contractually bound to process your data only on our instructions and in compliance with applicable data protection law.
5.4 Legal disclosures
We may disclose your information when required by law, court order, or government authority, or to protect the rights, property, and safety of ThaiSeva, our users, and the public.
6.1 Payment methods
ThaiSeva supports the following payment methods: credit and debit card payments via Stripe, and Thailand QR code payments (PromptPay and participating banks). All transactions are encrypted in transit using TLS.
6.2 Transaction records
We retain transaction records including booking reference, amount, date, and payment status for a minimum of 5 years to comply with financial reporting obligations. We do not retain full card numbers, CVVs, or bank account details.
6.3 Refund policy
Tour packages: Full refund if cancelled at least 7 days before the departure date. 50% refund for cancellations 3–6 days before departure. No refund for cancellations within 48 hours of departure.
Hotel bookings: Refund eligibility is governed by the cancellation policy of the individual hotel as displayed at checkout. Non-refundable rates are clearly labelled before payment.
Rider bookings: Full refund if cancelled before the rider is assigned. No refund once the rider is en route, except in cases of documented driver no-show.
Food orders: Refunds are available for orders that are undelivered, incorrect, or significantly different from what was ordered. Claims must be raised within 24 hours via in-app support chat.
Refunds are processed to the original payment method within 5–10 business days for card payments. QR payment refunds follow the timeline of your issuing bank.
| Data type | Retention period |
|---|---|
| Account information | Until account deletion + 30 days grace period |
| Booking & transaction records | 5 years (legal/tax obligation) |
| Location data (trip records) | 90 days after trip completion |
| Support chat messages | 2 years |
| App usage & analytics logs | 12 months (anonymized after 6 months) |
| KYC / T2T identity documents | Duration of partnership + 2 years |
| Date of birth (age verification) | Lifetime of account |
When retention periods expire, data is securely deleted or irreversibly anonymised. You may request earlier deletion by contacting us (see Section 13), subject to our legal retention obligations.
ThaiSeva is not intended for users under the age of 18. We collect date of birth during registration to verify that users meet this minimum age requirement. If we determine or are notified that a user is under 18, we will immediately suspend the account and delete all associated personal data.
We do not knowingly collect personal information from anyone under 18 years of age. Parents or guardians who believe their child has provided us with personal information should contact us immediately at privacy@thaiseva.com.
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, alteration, or disclosure. These include:
All data in transit is encrypted using TLS 1.2 or higher. Passwords are stored using industry-standard hashing (bcrypt). Access to production databases is restricted to authorised personnel only, with audit logging enabled. Payment data is handled exclusively by PCI-DSS compliant processors (Stripe). We conduct periodic security reviews and vulnerability assessments.
No method of electronic storage or transmission is 100% secure. If you discover a potential security vulnerability, please report it responsibly to security@thaiseva.com.
You have the following rights regarding your personal data. To exercise any of these rights, contact us at privacy@thaiseva.com. We will respond within 30 days.
You may also delete your account directly in the App under Settings → Account → Delete Account. After deletion, your data will be removed within 30 days except where we are legally required to retain it.
The ThaiSeva mobile application uses the following tracking technologies:
| Technology | Purpose | Can you opt out? |
|---|---|---|
| Session tokens | Keep you logged in securely | No (essential) |
| Firebase Analytics / Crashlytics | App stability, crash reporting | Yes — via app settings |
| Push notification tokens | Booking alerts, status updates | Yes — revoke in device settings |
| Advertising ID | We do not use your Ad ID for advertising | N/A |
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will update the "Last Updated" date at the top of this document.
For material changes, we will notify you via in-app notification or email at least 15 days before the changes take effect. Your continued use of the App after the effective date constitutes acceptance of the updated policy.
We encourage you to review this policy periodically. Previous versions are available upon request.
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please reach out to our Data Protection contact:
ThaiSeva Privacy Policy · Version 1.0 · Effective April 14, 2026 · This document is compliant with Google Play Store data safety requirements and Thailand's Personal Data Protection Act (PDPA). All bracketed fields [ ] must be completed with your company's actual details before submission.