Privacy Policy
Last Updated: March 2025
At flash-think, we take your privacy seriously. This policy explains how we handle your personal information when you use our financial analysis tools and software. We're based in Thailand and follow local data protection regulations, but we've written this in plain English so you actually know what's happening with your data.
We built flash-think to help people make better financial decisions. That means working with sensitive information, and we don't take that lightly.
Information We Collect
Account Information
When you sign up for flash-think, we need some basic details to set up your account. This includes your name, email address, and phone number. If you're subscribing to a paid plan, we also collect billing information—though payment card details are handled directly by our payment processor, not stored on our servers.
Financial Analysis Data
- Transaction records you upload for analysis
- Budget categories and spending patterns
- Financial goals and projections you create
- Custom reports and saved analyses
- Integration data from connected financial accounts
Usage Information
Like most online services, we automatically collect some technical data when you use flash-think. This includes your IP address, browser type, device information, and how you interact with our platform. We use this to improve performance and understand which features matter most to users.
We also track which tools you use, how often you log in, and error messages you encounter. This helps us fix bugs and make the software better.
Communication Records
When you contact our support team or participate in surveys, we keep records of those conversations. This helps us provide better assistance and remember context if you reach out again with related questions.
How We Use Your Information
Your data serves specific purposes. We don't collect information just to have it—everything we gather has a practical reason behind it.
Providing Our Service
This is the obvious one. We use your information to run the financial analysis tools you signed up for. That means processing your transactions, generating reports, storing your preferences, and keeping your account secure.
Some features require analyzing patterns in your financial data. For example, our spending forecasts work by looking at your historical transactions. Our budget recommendations come from understanding your actual spending habits.
We never sell your financial information to third parties. We don't share your transaction details with advertisers. Your financial data is used solely to provide the analysis tools and insights you're paying for.
Improving Our Platform
We analyze usage patterns to understand what works and what doesn't. If everyone abandons a particular feature halfway through, that tells us something needs fixing. If a certain report type gets used constantly, we know to invest in making it better.
This analysis happens at an aggregate level most of the time. We're looking at trends across users, not examining individual accounts for curiosity's sake.
Security and Fraud Prevention
We monitor for suspicious activity to protect your account. Unusual login locations, rapid-fire access attempts, or patterns that suggest unauthorized access trigger our security systems.
Communication
We'll send you essential account notifications—password resets, subscription renewals, significant changes to our service. You can't opt out of these because they're necessary for using flash-think.
We also send product updates and tips for using the platform more effectively. You can unsubscribe from these anytime through your account settings.
Data Sharing and Third Parties
We work with several third-party services to operate flash-think. Here's who gets access to what and why.
| Service Provider | Purpose | Data Shared |
|---|---|---|
| Cloud Hosting | Platform infrastructure | All account and usage data |
| Payment Processor | Subscription billing | Email, billing address, transaction history |
| Email Service | Transactional emails | Email address, name, notification preferences |
| Analytics Platform | Usage insights | Anonymized usage patterns, technical data |
| Support Software | Customer assistance | Contact details, support ticket history |
Financial Institution Connections
If you connect your bank accounts to flash-think, we use secure banking data aggregators to fetch transaction information. These services use read-only access—they can see your transactions but can't move money or make changes to your accounts.
We never receive your actual banking credentials. The connection happens through secure APIs where you authenticate directly with your bank.
Legal Requirements
Sometimes we're legally required to share information. This happens if we receive valid court orders, government requests related to criminal investigations, or if we need to protect our rights in legal disputes.
In Thailand, financial service providers must comply with Anti-Money Laundering regulations. If authorities request information as part of an investigation, we're obligated to cooperate.
Your Rights and Choices
You have control over your information. Here's what you can do.
Access Your Data
You can download a copy of all personal information we hold about you. This includes your profile details, transaction history, and usage records. Request this through your account settings.
Correct Information
If any details are wrong or outdated, you can update them directly in your account settings. For information you can't change yourself, contact our support team.
Delete Your Account
You can close your flash-think account anytime. This removes your profile and stops all data collection. Financial records are retained for seven years per Thai accounting regulations, but they're disconnected from your identity.
Restrict Processing
You can limit how we use certain data while keeping your account active. For example, you might want to stop receiving product recommendations based on usage patterns.
Data Portability
Export your financial data in common formats (CSV, JSON) to use with other services. This is available in your account dashboard under data export options.
Object to Processing
You can object to specific uses of your data, like marketing communications or certain analytics. We'll stop unless we have compelling legitimate grounds to continue.
Most rights can be exercised directly through your account settings. For complex requests or if you need assistance, email our privacy team at help@flash-think.com with your account details and what you'd like to do.
Data Security
How We Protect Your Information
Financial data requires serious security. We use industry-standard encryption for data transmission (TLS 1.3) and at-rest storage (AES-256). Our servers are hosted in secure facilities with restricted physical access.
All employees with data access undergo background checks and sign confidentiality agreements. Access is restricted based on role—support staff see different information than developers, and nobody has unlimited access to everything.
What You Should Do
Security is a shared responsibility. Use a strong, unique password for your flash-think account. Enable two-factor authentication—it takes two minutes and dramatically improves account security.
Don't share your login credentials, even with family members. If multiple people need access, set up separate user accounts with appropriate permissions.
Log out when using shared computers. Be cautious about accessing your account on public WiFi without a VPN.
Incident Response
If we detect a security breach affecting your data, we'll notify you within 72 hours via email. The notification will explain what happened, what information was involved, and what steps we're taking.
We also report significant breaches to Thailand's Personal Data Protection Committee as required by law.
Data Retention
We don't keep your information forever. Different types of data have different retention periods based on business needs and legal requirements.
Active Account Data
While your account is active, we retain all your financial analysis data, preferences, and usage history. This is necessary to provide the service you're paying for.
After Account Closure
When you close your account, we delete most data within 30 days. However, Thai law requires businesses to retain financial records for seven years. These records are archived in encrypted form and separated from your personal identifier.
We also keep limited information to prevent fraud and abuse—like email addresses of banned users to prevent them from creating new accounts.
Backup Systems
Our backup systems retain data for 90 days for disaster recovery purposes. Deleted information may persist in backups during this period, but these backups are never accessed except during system restoration.
International Data Transfers
Flash-think operates primarily in Thailand, but some of our service providers are based in other countries. This means your data sometimes moves across borders.
Where Your Data Goes
Our primary servers are located in Singapore. Some cloud infrastructure services operate from data centers in Japan and Australia. Our payment processor handles transactions through servers in the United States.
All these jurisdictions have data protection laws comparable to Thailand's Personal Data Protection Act. We use contracts with these providers requiring them to maintain appropriate security standards.
Children's Privacy
Flash-think is not intended for children under 18. We don't knowingly collect information from minors. If you're under 18, please don't use our service or provide any personal information.
If we discover we've collected data from someone under 18, we'll delete it immediately. Parents who believe their child has provided information to us should contact help@flash-think.com.
Cookies and Tracking
What We Use
Our website uses cookies to keep you logged in, remember your preferences, and understand how people use the platform. Most are essential for the service to work—without them, you couldn't stay logged in between pages.
We also use analytics cookies to track which features get used and where people encounter problems. These help us prioritize improvements.
Your Cookie Choices
Essential cookies can't be disabled—the platform won't function without them. Analytics cookies can be turned off in your privacy preferences, though this limits our ability to improve features based on real usage patterns.
You can also configure your browser to reject all cookies, but this will prevent you from using flash-think.
Changes to This Policy
We update this privacy policy occasionally to reflect new features, legal requirements, or changes in how we operate. When we make significant changes, we'll notify active users via email and display a notice on the platform.
The "Last Updated" date at the top shows when we last revised this policy. We recommend checking back periodically, especially if you haven't used flash-think in a while.
Continued use of our service after policy changes means you accept the updated terms. If you disagree with changes, you can close your account before they take effect.
Thailand-Specific Rights
Under Thailand's Personal Data Protection Act (PDPA), you have specific rights regarding your personal information:
- Right to withdraw consent for data processing at any time
- Right to request suspension of data use if you believe it's inaccurate or being processed unlawfully
- Right to object to processing based on legitimate interests
- Right to have your data deleted when it's no longer necessary for the purposes it was collected
- Right to lodge complaints with the Personal Data Protection Committee if you believe we've violated PDPA
These rights supplement the general rights described earlier in this policy. To exercise any PDPA-specific rights, contact our Data Protection Officer at help@flash-think.com with the subject line "PDPA Request."
Contact Us About Privacy
If you have questions about this privacy policy or how we handle your information, we're here to help. Our privacy team responds to inquiries within 48 hours on business days.
For formal privacy complaints or PDPA-related matters, please mark correspondence as "ATTN: Data Protection Officer" to ensure proper routing.