Skip to content
Legal

Privacy Policy

Last updated: April 27, 2026

Ideacle Co., Ltd. ("we", "us", "our") operates ideacle.ai (the "Site"). This Privacy Policy explains what personal data we collect, how we use it, and the rights you have under Thailand's Personal Data Protection Act B.E. 2562 (PDPA) and the EU General Data Protection Regulation (GDPR), where applicable.

1. Data controller

The data controller for personal data collected through this Site is Ideacle Co., Ltd., located at Bangkok, Thailand. For privacy questions, requests, or to exercise your rights, contact privacy@ideacle.ai.

2. Personal data we collect

We collect the minimum data needed to deliver the services on this Site:

a. Information you submit through the contact form: - Name - Email address - Company name (optional) - Message content - Locale preference

b. Server logs (automatically collected): - IP address (truncated for privacy) - User-agent string - Request URL, timestamp, and HTTP status - Referer header

c. Cookies and local storage: - Session cookie ("ideacle_session") — for admin authentication only, set after passkey sign-in - Language preference ("lang") — to remember your EN/TH choice

We do not use marketing cookies, advertising trackers, or third-party analytics that fingerprint visitors.

d. Analytics: We use Cloudflare Web Analytics, which is privacy-first and does not use cookies, fingerprints, or track individuals across sites. It collects aggregate, anonymous traffic statistics only.

3. Why we process your data (legal basis)

  • Contact form submissions — to respond to your inquiry. Legal basis: your consent (you submit voluntarily) and our legitimate interest in providing customer support.
  • Server logs — for security, abuse prevention, and debugging. Legal basis: legitimate interest.
  • Aggregate analytics — to improve the Site. Legal basis: legitimate interest. No personal data is processed.
  • Admin sessions — to authenticate authorized team members. Legal basis: contract performance with our team members.

4. How long we keep your data

  • Contact form submissions — retained for up to 24 months after the last contact, then deleted or anonymized.
  • Server logs — retained for up to 30 days, then automatically purged.
  • Admin sessions — expire after 30 days of inactivity.
  • Aggregate analytics — retained indefinitely in fully anonymized form.

5. Who we share data with

We do not sell, rent, or share your personal data with marketers. We share limited data with the following processors only as needed to operate the Site:

  • Cloudflare, Inc. (USA) — hosting, content delivery, web analytics, edge security. Cloudflare may receive your IP address and request metadata.
  • Anthropic, PBC (USA) — used internally by our team to assist with content generation in our admin. Visitor-submitted data (e.g., contact form messages) is not sent to Anthropic.
  • Resend (USA) — transactional email delivery (replies to your contact form, internal notifications).

All processors are bound by Data Processing Agreements meeting GDPR Article 28 / PDPA Section 40 standards.

6. International data transfers

Some of our service providers (Cloudflare, Anthropic, Resend) are based in the United States and other jurisdictions outside Thailand and the EEA. When we transfer data internationally, we rely on the recipient's appropriate safeguards (Standard Contractual Clauses, certifications, or equivalent) per PDPA Section 28 and GDPR Chapter V.

7. Your rights

Under PDPA and GDPR, you have the right to:

  • Access — request a copy of the personal data we hold about you
  • Rectification — ask us to correct inaccurate or incomplete data
  • Erasure ("right to be forgotten") — request deletion, subject to legal retention obligations
  • Restriction — limit how we process your data
  • Portability — receive your data in a machine-readable format
  • Object — object to processing based on legitimate interest
  • Withdraw consent — at any time, where processing is based on consent
  • Lodge a complaint — with the Personal Data Protection Committee (Thailand) or your local EU supervisory authority

To exercise any right, email privacy@ideacle.ai with the request and proof of identity. We respond within 30 days.

8. Security

We protect your data with:

  • HTTPS/TLS encryption in transit
  • Encrypted storage at rest (Cloudflare D1, R2)
  • WebAuthn passkey authentication for admin access (no passwords)
  • Strict access control — only authorized team members can access submission data
  • Regular security review

No system is perfectly secure. If we detect a personal data breach affecting you, we will notify you and the relevant authority within 72 hours per PDPA Section 37(4) and GDPR Article 33.

9. Children

This Site is intended for business audiences. We do not knowingly collect personal data from anyone under 20 years old (the age of majority under PDPA). If you believe a minor has submitted data, contact us at privacy@ideacle.ai and we will delete it.

10. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the latest revision. For material changes, we will provide prominent notice on the Site at least 14 days before the change takes effect.

11. Contact

For privacy questions, requests, or complaints, contact:

Ideacle Co., Ltd. Email: privacy@ideacle.ai Address: Bangkok, Thailand