Privacy Policy

Last updated: February 2025

Summary: We collect account and profile data, device/push tokens, and optional portal credentials to run the app and send reminders. We use Supabase, Expo Push, and (for payments) Stripe. We do not sell your data.

Data we collect

• Account: Email, password (handled by Supabase Auth), user ID, timezone, subscription status.
• Immigration profiles: Name, passport number and country, passport expiry, date of birth, visa type and dates, entry date, 90-day report dates, TM30 info, re-entry permit, work permit, profile stage, e-visa application data, planned entry, etc.
• Device and push: Expo push token, device ID, platform (iOS/Android), device name (for reminders and notifications).
• Documents: Files you upload (e.g. passport, visa, receipts) and metadata (category, expiry, tags, notes); stored in Supabase Storage.
• Reminders and notifications: Reminder settings, quiet hours, notification preferences (email/push, digest frequency).
• Premium / optional:
  • Portal account linking: Encrypted storage of usernames/passwords for Thai immigration portals (e-visa, 90-day, TM30, VFS extension) for login testing and future automation.
  • Bank balance (e.g. for retirement visa): Account name, bank name, balance, renewal date.
  • Profile groups, check-ins, profile linking (invitations, access grants).
  • AI advisor: Conversation history.

How we use it

To provide the service (tracking, reminders, notifications, document storage, optional portal linking and AI advice), to process payments (Stripe), and to communicate with you (email for verification, password reset, invitations, link requests, check-ins).

Storage and third parties

• Supabase: Auth, database (PostgreSQL), file storage; data stored in Supabase's infrastructure.
• Expo Push Notifications: To send push notifications to your devices.
• Stripe: Payment processing for premium subscriptions; payment data is handled by Stripe per their privacy policy.
• Email: Sending transactional email (verification, password reset, invitations, link requests, check-ins) via our server.
• Google / Apple: If you use "Sign in with Google" or "Sign in with Apple," those providers process the sign-in; we receive only what you allow (e.g. email, name).

Security

Passwords and auth by Supabase; sensitive portal credentials encrypted (AES-256-CBC) before storage; HTTPS for all traffic; Row-Level Security (RLS) in the database so users only access their own data.

Your rights

You can access, correct, or delete your data (account and profiles) via the app or by contacting us; we'll respond within a reasonable time. Contact: support@thaitrack.app.

Data retention

We retain your data while your account is active; you can request account deletion; we may retain some data as required by law or for legitimate purposes (e.g. backups, disputes).

Changes

We may update this policy; we'll post the new version at this URL and update the "Last updated" date; continued use after changes constitutes acceptance.

Contact

For privacy or data requests: support@thaitrack.app.