Privacy Policy
1. Introduction
Yolopreneur Club ("we", "our", "us") operates the website yolopreneur.club and related services. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform, in compliance with Thailand's Personal Data Protection Act B.E. 2562 (2019) (PDPA).
2. Information We Collect
2.1 Personal Information
We may collect the following personal data:
- Account Information: Name, email address, and profile information provided during registration via our authentication provider (Clerk).
- Payment Information: Payment slip images uploaded for credit top-ups and subscription payments. Slip images contain transaction details such as amount, date, sender name, and reference number.
- Usage Data: Content you access, courses you enroll in, events you RSVP for, and credit transaction history.
2.2 Automatically Collected Data
When you visit our platform, we may automatically collect:
- Browser type and version
- Operating system
- IP address (anonymized for analytics)
- Pages visited and time spent
- Referring website URL
We use Plausible Analytics, a privacy-first analytics service that does not use cookies and is GDPR/PDPA compliant.
3. How We Use Your Information
We use your personal data to:
- Provide and maintain our services (account management, content access, billing)
- Process credit top-ups and subscription payments
- Verify payment transactions through our third-party slip verification provider
- Send transactional emails (welcome, payment confirmation, renewal reminders)
- Improve our platform and user experience
- Comply with legal obligations
4. Legal Basis for Processing (PDPA)
We process your personal data under the following legal bases:
- Consent: When you upload payment slips, you consent to processing for verification purposes.
- Contractual Necessity: To provide our services, process payments, and manage your account.
- Legitimate Interest: To improve our services, prevent fraud, and ensure platform security.
- Legal Obligation: To comply with applicable laws and regulations.
5. Data Sharing and Disclosure
We share your data only with:
- Clerk: For user authentication and account management.
- Supabase: For database storage and file storage (payment slips in private bucket).
- Thunder (Opn): For payment slip verification — we share the slip image and expected amount only.
- Resend: For sending transactional emails on our behalf.
- Anthropic: For AI chat features — only article content and your questions are shared, not personal data.
We do not sell your personal data to third parties.
6. Data Retention
- Payment slips: Retained for up to 90 days after transaction settlement, then permanently deleted from storage.
- Account data: Retained while your account is active.
- Transaction records: Credit transaction records are retained for statutory accounting requirements (hashed user IDs after account deletion).
- Analytics data: Aggregated and anonymized; no personally identifiable information retained.
7. Data Security
We implement appropriate technical and organizational measures to protect your data:
- HTTPS encryption for all connections (HSTS enabled)
- Payment slips stored in private cloud storage with signed URLs
- JWT-based authentication with secure, HttpOnly, SameSite cookies
- PII redaction in application logs and error tracking
- No credit card numbers or KYC documents are collected
8. Your Rights (PDPA)
Under the PDPA, you have the right to:
- Access your personal data
- Rectify inaccurate data
- Withdraw consent for data processing
- Request deletion of your personal data
- Restrict or object to data processing
- Data portability
To exercise these rights, contact us at [email protected].
9. Cookies
We use minimal cookies:
- Authentication cookies: Set by Clerk for session management (HttpOnly, Secure, SameSite=Lax).
- No tracking cookies: We use Plausible Analytics which does not require cookies.
10. Children's Privacy
Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal data from children.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Material changes will be communicated via email.
12. Contact
For privacy-related inquiries:
Email: [email protected]