Information We Collect

When you use FlashTream, we collect different types of information depending on how you interact with our platform. Some of this you provide directly, and some we gather automatically.

Account Information

To create an account, we need basic details that help us identify you and keep your account secure:

• Full name and email address
• Phone number for account recovery and notifications
• Password (encrypted and never stored in plain text)
• Preferred language and currency settings

Financial Data

Because FlashTream is a budgeting tool, we collect information about your financial activities. This data stays within your account and helps us provide accurate tracking:

• Income sources and amounts you manually enter
• Expense categories and transaction details
• Budget goals and spending limits you set
• Linked bank account metadata (not full account access)
• Payment history related to our subscription service

Usage Information

We track how you interact with FlashTream to improve the platform and fix issues:

• Pages you visit and features you use most often
• Device type, browser version, and operating system
• IP address and general location (city level, not precise GPS)
• Login times and session duration
• Error reports and crash logs

How We Use Your Information

Every piece of data we collect serves a specific purpose. We don't gather information just to have it sitting in a database somewhere.

Core Platform Functions

Most data usage falls into basic operational needs. We use your information to provide the service you signed up for, maintain your account security, and process your subscription payments. When you create a budget category or log an expense, that information gets stored so you can access it later and track your progress over time.

Communication

We'll send you emails about your account activity, security alerts, and important updates to our service. You can control marketing communications through your account settings, but we'll still need to send essential notifications about things like password resets or subscription renewals.

Platform Improvements

Usage data helps us understand which features work well and which need improvement. If we notice users struggling with a particular workflow, we can redesign it. When certain features go unused, we know to either improve them or retire them.

Legal Compliance

Sometimes we're required to use or retain data for legal reasons. This includes complying with Thailand's Personal Data Protection Act, responding to valid legal requests, and maintaining records for tax and accounting purposes.

Data Sharing and Third Parties

We don't sell your personal information. That's not our business model. But we do work with other companies to keep FlashTream running, and some data sharing happens in those relationships.

Service Providers

We partner with specialized companies for specific functions:

• Cloud Hosting: Our servers are managed by established cloud providers who store your encrypted data securely
• Payment Processing: When you subscribe, payment details go through certified payment processors who handle card information according to PCI DSS standards
• Email Services: Transactional emails and notifications are sent through email service providers
• Analytics Tools: We use analytics platforms to understand usage patterns, but only with anonymized data

These providers sign agreements requiring them to protect your data and use it only for the services they provide to us. They can't use your information for their own purposes.

Legal Requirements

We may disclose information when required by Thai law, court orders, or government requests. We'll notify you when legally permitted and will only share the minimum information necessary.

Business Transfers

If FlashTream is acquired or merged with another company, your information would transfer to the new entity. We'd notify you before any such transfer and explain what options you have.

Your Rights Under Thai Law

Thailand's Personal Data Protection Act gives you specific rights over your personal information. These aren't just theoretical, you can actually exercise them.

1. Access: You can request a copy of all personal data we hold about you. We'll provide this in a readable format within 30 days.
2. Correction: Found an error in your account information? You can update most details directly in your settings, or contact us for help with data you can't change yourself.
3. Deletion: You can request account deletion at any time. We'll remove your data within 30 days, keeping only what we're legally required to retain.
4. Portability: Request your financial data in a machine-readable format to transfer to another service. We provide exports in CSV and JSON formats.
5. Objection: You can object to certain types of data processing, particularly for marketing purposes. We'll honor these requests unless we have compelling legal grounds to continue.
6. Restriction: In specific situations, you can ask us to limit how we use your data while maintaining your account.

Data Security Measures

Security isn't just about technology. It's about processes, training, and constant vigilance. Here's what we do to protect your information.

Technical Protections

All data transmitted between your device and our servers uses TLS encryption. Your financial information is encrypted at rest using industry-standard AES-256 encryption. Passwords go through bcrypt hashing before storage, making them unreadable even to our own team.

We maintain separate database environments for production and development, ensuring that test activities never involve real user data. Access controls limit which team members can view what information, and all access is logged.

Operational Security

Our team receives regular security training on topics like phishing recognition, secure coding practices, and data handling procedures. We conduct security audits quarterly and immediately patch any vulnerabilities discovered.

We monitor systems 24/7 for suspicious activity. If we detect a potential breach, our incident response plan kicks in immediately, including user notification when appropriate.

Physical Security

While we use cloud hosting, our providers maintain physically secure data centers with restricted access, surveillance systems, and environmental controls. These facilities meet international security standards.

Data Retention and Deletion

We don't keep your data forever. Different types of information have different retention periods based on their purpose and legal requirements.

Data Type	Retention Period
Account Information	Duration of account plus 90 days after deletion request
Financial Records	7 years after account closure (tax compliance requirement)
Usage Logs	18 months for active accounts, 6 months after closure
Marketing Communications	Until you unsubscribe or close your account
Support Tickets	3 years after resolution for quality assurance

When you delete your account, we start a 90-day grace period during which you can reactivate. After that, we permanently delete your account data except for financial records we're legally required to maintain.

Some anonymized usage data may persist in our analytics systems, but it can't be traced back to you individually once your account is deleted.

Cookies and Tracking

FlashTream uses cookies and similar technologies. These small files help us remember your preferences and keep you logged in.

Essential Cookies

These cookies are necessary for the platform to function. They handle your login session, remember your language preference, and maintain security tokens. You can't disable these through our settings because doing so would break core functionality.

Analytics Cookies

We use analytics cookies to understand how people use FlashTream. These track things like which pages you visit, how long you spend on the platform, and what buttons you click. The data is aggregated and anonymized.

You can opt out of analytics cookies through your account settings. This won't affect your ability to use FlashTream.

Browser Settings

Your browser lets you control cookies independently of our settings. Most browsers allow you to block third-party cookies while keeping first-party ones, which works well for privacy-conscious users.

Children's Privacy

FlashTream is designed for adults managing their personal or household finances. We don't knowingly collect information from anyone under 18 years old.

If you're a parent and believe your child has created an account, contact us immediately at [email protected]. We'll delete the account and any associated data promptly.

Our terms of service explicitly state that users must be at least 18 years old or have parental consent to use the platform.

International Data Transfers

FlashTream primarily serves users in Thailand, and we store data on servers located within the country when possible. However, some of our service providers operate internationally, which may involve data transfers outside Thailand.

When data leaves Thailand, we ensure it's protected through:

• Standard contractual clauses approved by data protection authorities
• Transfers only to countries with adequate data protection laws
• Additional encryption during transit
• Ongoing monitoring of provider security practices

You have the right to information about these transfers. Contact us for details about where your data is processed and what safeguards apply.

Changes to This Policy

We update this privacy policy occasionally to reflect changes in our practices, legal requirements, or platform features. When we make significant changes, we'll notify you by email and through an in-app notification.

The "Last Updated" date at the top of this page shows when we most recently revised the policy. We maintain an archive of previous versions, which you can request by emailing [email protected].

Continuing to use FlashTream after policy changes means you accept the updated terms. If you disagree with changes, you can close your account before they take effect.

Complaints and Dispute Resolution

If you believe we've mishandled your personal information, we want to hear about it. Start by contacting us directly at [email protected]. We'll investigate and respond within 30 days.

Not satisfied with our response? You have the right to lodge a complaint with Thailand's Personal Data Protection Committee. They can investigate and take action if they find violations of data protection laws.

You can reach the committee at: