Privacy Policy (PDPA) — Techmorrow
1.1 Introduction
Techmorrow Co., Ltd. (“Company”, “we”) deeply respects and values your rights and privacy. This Policy describes how we collect, use, disclose, and protect your personal data when you use the following services:
- TMRX Platform — an IoT PaaS for connecting devices, building dashboards, and managing device fleets (accessible at app.techmorrow.co)
- techmorrow.co website — including the IoT hardware store and marketing content
This Policy is in compliance with the Personal Data Protection Act B.E. 2562 (PDPA). By using our services you acknowledge and consent to this Policy.
1.2 Personal Data We Collect
Data you provide directly
- Full name, email address, phone number (account registration, enquiries)
- Organisation details such as company name, job title (for enterprise/solution)
- Shipping address, tax invoice information (for hardware orders)
- Payment information (processed via Stripe — we do not store credit/debit card data directly)
- Messages sent through contact forms, tickets, or chat
Data collected automatically
- Platform usage data: API call logs, device telemetry you submit to TMRX, dashboard events
- Device data: IP address, browser type, operating system, pages visited, visit timestamps
- Cookies and local storage (see Section 1.6)
Data from third parties
- OAuth data from Google/GitHub if you choose to sign in via those channels
1.3 Purposes and Legal Bases for Processing
| Purpose | Legal Basis (PDPA) |
|---|---|
| Account registration and TMRX platform services | Contract performance (Section 24(3)) |
| Hardware order processing and delivery | Contract performance (Section 24(3)) |
| Tax invoice and accounting document issuance | Legal obligation (Section 24(6)) |
| Security maintenance and breach detection | Legitimate interest (Section 24(5)) |
| Product analytics and development | Legitimate interest (Section 24(5)) |
| Email marketing and newsletters | Consent (Section 19) |
| Analytics and marketing cookies | Consent (Section 19) |
1.4 Disclosure to Third Parties
We do not sell your personal data. We may disclose data to:
- Stripe Inc. — payment processor (for transaction processing)
- Cloud infrastructure providers — to host systems and store data (bound by Data Processing Agreements)
- Email service providers — for system notifications and marketing
- Government authorities or regulatory bodies — when required by law or court order
- Affiliates or business successors — in the event of merger or business transfer, with prior notice to you
All data processors are contractually obligated to meet data protection standards equivalent to PDPA.
1.5 Data Retention
| Type of Data | Retention Period |
|---|---|
| Account data | Duration of account + 1 year after closure |
| Device telemetry and event logs | 90 days (free plan) / per plan selected |
| Transaction records and tax invoices | 5 years (per Thai tax law) |
| System access logs | 90 days |
| Contact inquiry emails | 3 years from last contact |
After the retention period, we will securely delete or anonymise your data.
1.6 Cookies
We use cookies for the following purposes:
Essential Cookies (no consent required)
- Maintaining user sessions after login
- CSRF protection and security
Analytics Cookies (consent required)
- Analysing website usage behaviour to improve products
Marketing Cookies (consent required)
- Tailoring marketing content to your interests
You can manage cookie preferences via the cookie banner on our website or through your browser settings.
1.7 Data Subject Rights
Under PDPA you have the following rights:
- Right to be Informed — know that your data is being collected (Section 23)
- Right of Access — request a copy of data we hold (Section 30)
- Right to Rectification — request correction of inaccurate data (Section 35)
- Right to Erasure — request deletion when there is no legal basis to retain (Section 33)
- Right to Restriction — request temporary restriction of data use (Section 34)
- Right to Data Portability — receive your data in a reusable format (Section 31)
- Right to Object — object to processing based on legitimate interest or for direct marketing (Section 32)
- Right to Withdraw Consent — withdraw consent at any time (Section 19) without affecting rights arising before withdrawal
How to exercise your rights: submit a request to privacy@techmorrow.co or contact hello@techmorrow.co. We will respond within 30 days of receiving your request.
1.8 Data Protection Officer (DPO)
The Company has appointed a Data Protection Officer. Contact:
DPO Email: privacy@techmorrow.co
Address: B302/2, Fl3, Northern Science Park, Ban Mae Hia Nai, Chiang Mai 50200
1.9 Data Security
We employ appropriate technical and organisational measures, including: data encryption in transit (TLS/HTTPS) and at rest, least-privilege access controls, regular security reviews, and staff training. In the event of a high-risk personal data breach we will notify you within 72 hours as required by PDPA.
1.10 Policy Updates
We may update this Policy from time to time. We will notify you by email or platform notification before any material change takes effect.
1.11 Contact Us
If you have questions about this Policy:
Company: Techmorrow Co., Ltd.
Address: B302/2, Fl3, Northern Science Park, Ban Mae Hia Nai, Chiang Mai 50200
Email: hello@techmorrow.co
Phone: +66 94 203 0030
Data Protection Officer: privacy@techmorrow.co