Thailand background

Privacy Notice

Last updated: 31 Aug 2025

We value privacy, clarity and restraint. This notice explains in plain language what we (Settle in Thailand) do with personal data across our website, relocation guides, calculators, tools, community features and the Phad assistant.

Scope & Applicability

This notice applies to visitors, registered users, newsletter subscribers, partner referral participants and anyone who interacts with our AI assistant ("Phad"). It covers personal data you provide, data generated through use, limited technical logs and partner referral identifiers. It does not cover external third-party websites you navigate to (they have their own policies).

  • Platform Components: website pages, relocation & visa guidance, calculators, AI chat, community/forum-like interactions, and affiliate referral flows.
  • Excluded: third-party partner sites, external payment processors, external discussion forums not operated by us.

Data We Collect

We follow a data minimisation approach. Categories include:

  • Contact Data: email address, (optional) display name, Telegram username or chat identifier.
  • Account / Preference Data: language choice, saved settings, consent states (e.g. marketing).
  • AI Interaction Data: messages you send to Phad and system-generated summaries (short-lived context + minimal hashed/aggregated traces).
  • Usage & Technical Data: IP address (truncated or rotated), browser & device metadata, timestamps, basic event logs (page views, tool usage).
  • Referral & Affiliate Data: non-identifying partner codes, outbound click tokens, conversion status where reported back in aggregate; we avoid storing sensitive partner information.
  • Support Communications: messages or emails you send to us regarding help, feedback or rights requests.
  • Optional Marketing Data: newsletter subscription status and tracking of basic open/click events if permitted.

We do not intentionally collect special categories (sensitive health, biometric, political, religious). Please do not submit them. If we discover such data we will delete or minimise it.

How We Use Data

  • Service Delivery: operate the site, calculators, content personalisation, AI responses.
  • Improvement & Quality: debug performance, refine guidance, tune prompts via aggregated, anonymised patterns.
  • Security & Abuse Prevention: detect spam, misuse, scraping, fraud indicators.
  • Communication: respond to enquiries, provide updates you requested.
  • Partner / Affiliate Attribution: measure outbound referrals (e.g. insurance, property, schooling, relocation services) using lightweight tags without storing unnecessary personal details.
  • Legal & Compliance: honour rights requests, enforce terms, respond to lawful requests.
  • Consent-Based Marketing: send newsletters or optional product updates when you opt-in (you can unsubscribe anytime).

AI Processing & Message Handling

  • Transient Context: Only a rotating window of recent messages is kept in active memory for coherent replies; this buffer is short-lived.
  • Summaries: We may derive compact, de-personalised summaries (hashed or generalised) to improve continuity and quality with minimal exposure.
  • Minimal Retention: Raw conversational content is pruned; long-term storage favours aggregated metrics not tied to identity where practical.
  • No Routine Human Review: Humans do not systematically read your messages. Manual access only occurs for debugging a reported issue, investigating abuse, or complying with a legal request.
  • Filtering & Safety: Automated systems may flag suspicious or abusive patterns to protect users and infrastructure.
  • User Controls: You can request deletion of identifiable conversation traces (subject to limited logs retained for security and legal obligations).

Avoid entering highly sensitive or unnecessary personal data in AI chats.

Deletion requests remove residual context buffers and summary artefacts, except data needed for legal or abuse prevention purposes.

  • Contract: To provide requested services (guides, calculators, AI responses).
  • Legitimate Interests: security, service improvement, fraud prevention, measuring non-intrusive referral performance.
  • Consent: newsletter / optional marketing, non-essential cookies.
  • Legal Obligation: handling lawful requests, compliance with applicable regulations, record keeping of rights requests.
  • Vital Interests (rare): only if needed to protect an individual's safety.

Cookies & Analytics

We use strictly necessary cookies (session, language) and—only with consent—performance or analytics cookies to understand aggregate usage. We avoid invasive profiling. A separate Cookie Policy (linked where cookie banner appears) provides details of categories, providers, durations, and management options.

  • Essential: login state, security tokens, load balancing.
  • Preferences: language or saved regional filters.
  • Analytics (consent-based): page performance, aggregated traffic patterns (IP truncated / pseudonymised).
  • Affiliate Attribution: short-lived identifiers to register an outbound referral; we do not store full browsing histories.

You can adjust cookie preferences via your browser and (where implemented) our consent management interface.

Data Sharing & Third Parties

We do not sell personal data. We share only when necessary:

  • Service Providers: hosting, security monitoring, email delivery — bound by contractual confidentiality and data protection terms.
  • Analytics / Performance: tools that process pseudonymised usage metrics (no direct marketing profile building).
  • Affiliate / Referral Partners: only when you actively click a referral link; we pass minimal codes. Any further data you supply is governed by the partner's policy.
  • Legal / Compliance: if required by a competent authority or to enforce rights / protect users.
  • Business Transitions: in a merger or acquisition, data would transfer under equivalent safeguards; you would be notified of material changes.

We obtain your consent before sharing for marketing or non-essential purposes where required.

Data Retention

We retain data only as long as needed for the stated purpose or a legal requirement, then delete or aggregate/anonymise.

  • Account & Contact Data: kept while you maintain an active relationship; deleted or anonymised 12 months after inactivity barring legal holds.
  • AI Message Buffers: transient (minutes to hours), then pruned.
  • Conversation Summaries: rotationally pruned; typical retention weeks not years.
  • Security & Abuse Logs: kept up to 180 days unless needed longer for investigation.
  • Referral Click Data: short-lived (≤30 days) for aggregated performance statistics.
  • Support Tickets / Rights Requests: kept up to 24 months to evidence compliance.
  • Backups: encrypted; roll over on a scheduled cycle (e.g. 30–60 day window).

If deletion is requested we apply irreversible removal in primary systems and schedule purge from backups at next rotation.

Security Measures

  • Encryption in transit (TLS) and at rest for core storage.
  • Least-privilege role-based access; logged administrative actions.
  • Segregated environments and key management.
  • Rate limiting & anomaly detection for abuse prevention.
  • Regular dependency patching & selective penetration-style reviews.

No system is perfectly secure; we follow industry-aligned practices to reduce risk. If we become aware of a breach affecting you, we will notify you where legally required.

International Data Transfers

Infrastructure or processors may operate in jurisdictions different from your own. Where data moves cross-border, we rely on recognised safeguards (e.g. EU Standard Contractual Clauses, equivalent contractual protections) and assess risk proportionally.

Your Rights

Depending on your jurisdiction (e.g. GDPR in the EEA/UK) you may have rights to:

  • Access: obtain a copy of your personal data.
  • Rectification: correct inaccurate data.
  • Deletion: request erasure (subject to legal / security retention).
  • Restriction: pause certain processing.
  • Objection: to processing based on legitimate interests or direct marketing.
  • Portability: receive data you provided in a structured commonly used format.
  • Withdraw Consent: for any processing relying on consent (no effect on prior lawful use).
  • Lodge a Complaint: with a supervisory authority (e.g. your local data protection regulator).

Exercise rights by emailing us (see Contact). We may need to verify identity proportionately. We respond within applicable statutory timeframes.

Children’s Privacy

Our services are not directed to children under 16 and we do not knowingly collect their personal data. If you believe a child has provided data, contact us and we will delete it promptly.

Changes to this Notice

We may update this notice for legal, technical or operational reasons. Material changes will be signposted (e.g. banner or effective date update). The current version governs processing from its effective date.

Contact Information

For privacy questions or to exercise your rights contact: info@settleinthailand.com

  • Applicable Law: Where GDPR or similar regional laws apply, we process accordingly; otherwise local laws of the operator’s establishment apply.
  • Dispute Resolution: We encourage resolving issues directly first. You retain the right to escalate to a relevant supervisory authority.
  • Severability: If a clause is invalid the remainder stays in effect.
  • Priority: If translations differ, the English version prevails.

This Privacy Notice is intended to be transparent and concise while remaining legally robust.

Updated 2025-08-31 · Published 2025-08-28