Privacy Policy (PDPA)
Version: 2026-07-04 · Effective: 2026-07-04
This policy explains how CEOsofts Co., Ltd. collects, uses, and protects personal data when you use CEOsofts ERP.
1. Data controller
- Operator: CEOsofts Co., Ltd.
- Address: Bangkok, Thailand
- DPO / Privacy contact: dpo@ceosofts.com
2. Personal data we process
- Account data: name, email, phone, role, login metadata
- Company / tenant data: company name, tax ID, address, billing status
- Business data you enter: customers, employees, invoices, payroll (processed as processor on your instructions)
- Technical logs: IP address, audit trail, error logs (retained up to 365 days)
3. Purposes & lawful bases
- Provide the ERP service — contract performance
- Billing & subscription — contract / legal obligation
- Security, fraud prevention, audit — legitimate interest
- Product improvements (aggregated/anonymised where possible) — legitimate interest
4. Your PDPA rights
You may request access, correction, deletion, restriction, or portability of your personal data, and withdraw consent where applicable.
Tenant administrators can export workspace data (JSON ZIP) from Settings → Subscription. For account deletion or cross-tenant requests, contact the DPO.
5. Retention
- Audit logs: 365 days
- Expired trial workspaces may be deleted after 30 days unless converted to paid
6. Sub-processors & transfers
We may use cloud hosting, email, and payment providers (e.g. Stripe/Omise). Data is primarily stored in Thailand or regions specified in your contract.