11 min read
Download

Privacy Policy

Last Updated: 17 September 2025

This policy explains how Digiwava Co., Ltd. handles your personal data in compliance with Thailand's Personal Data Protection Act (PDPA). We collect only what's necessary, never sell your data, and give you control over your information. This applies to all users of our marketplace.

1. Information We Collect

We only collect information necessary to operate our marketplace effectively.

Account Information

When you create an account, you'll need to provide a username (your public identifier on the platform), an email address (kept private), and a password. You can optionally add profile enhancements like an avatar, bio, or location to personalize your presence on the platform.

Transaction Information

We maintain a private record of your purchases including what you bought, when, from whom, and your download history. We also store your cart and wishlist items for your convenience. Sellers have their digital product listings, sales metrics, and performance data tracked to help them understand their business and ensure quality service. Any reviews you write become public and associated with your username, while support communications remain private.

Payment Information

We never directly handle your payment information. When you make a purchase, you enter your payment details into Stripe's secure form embedded on our checkout page. Your card information goes directly to Stripe's PCI-compliant servers, and we only receive non-sensitive information like transaction IDs, payment status, and the last four digits of your card for reference.

Sellers must connect a Stripe account to receive payments. Stripe handles all identity verification, tax documentation, and banking details through their secure OAuth process. We store only your Stripe account ID to facilitate marketplace operations. Payouts flow directly from Stripe to your bank account. We never hold or control your funds.

Technical Information

To keep our platform secure and functioning properly, we automatically collect certain technical information including your IP address (for security and fraud prevention), browser and device information (to optimize your experience), and session data (to keep you signed in). This information helps us detect unusual activity, prevent unauthorized access, and ensure the platform works well across different devices.

Platform Visitors

Even if you don't create an account, we collect basic analytics data and technical information about your browser and device when you visit our platform. This helps us understand how people use our marketplace and improve the experience for all visitors. This is collected through essential cookies and standard web server logs.

What We Don't Collect

We believe in minimal data collection. We don't require real names, phone numbers, or physical addresses. We don't collect government IDs, precise location data, or link to your social media profiles unless you choose to share them.

We do not collect sensitive personal data as defined by the Thai PDPA, including health information, religious beliefs, political opinions, racial or ethnic origin, criminal records, or biometric data. When sellers need identity verification to receive payments, this is handled entirely by Stripe on their secure platform. We never see these documents.

We never sell your personal data to third parties. We don't make your purchase history public or share it with sellers beyond what's necessary for order fulfillment. We won't share your email with third parties for their marketing purposes.

If we ever need to process sensitive data in the future, we'll clearly explain why, request your explicit consent, and allow you to withdraw that consent at any time.

2. How We Use Your Information

We use your information for specific, legitimate purposes to operate our marketplace.

To Provide Our Services

Your information enables us to create and manage your account, process orders and deliver digital products, facilitate communication between buyers and sellers (without revealing email addresses), provide customer support, and generate download links for your purchases.

To Improve Our Platform

With your information, we can understand how people use our marketplace, identify and fix technical issues, develop new features based on user needs, and ensure our platform works well across different devices and browsers.

For Security and Trust

We use your information to protect our platform and users by preventing fraud and unauthorized access, investigating violations of our Terms of Use, and resolving disputes between buyers and sellers. This includes monitoring for unusual account activity and maintaining secure backups.

For Marketing and Analytics

We may use advertising tools and analytics services to understand our audience, measure marketing effectiveness, and show you relevant ads on other platforms. This includes pixels and tracking technologies from services like Facebook, Google, and others. These tools help us reach new users and remind you about products you've shown interest in, but we never sell your personal data to these platforms.

To Communicate With You

We respect your inbox and are thoughtful about the emails we send. You'll receive essential service emails including order confirmations, password reset emails, and important updates about our terms or privacy policy. We may also send you information about new features, products, or services we think you'll find valuable. You can control your email preferences in your account settings and unsubscribe from promotional emails at any time using the link in each message.

We're required to use certain information to comply with legal obligations, including maintaining transaction records for 5 years per Thai tax law, responding to valid legal requests from authorities, and enforcing our Terms of Use to protect the platform and community.

Under the Thai PDPA, we process your personal data based on several legal grounds. We rely on your consent for optional features like profile customization and marketing communications. Contract performance justifies our processing for account creation, order fulfillment, and providing marketplace services. We process data to meet legal obligations such as tax reporting and responding to lawful requests. Finally, we rely on legitimate interests for security, fraud prevention, and service improvements that benefit all users.

3. How We Share Your Information

We're careful about who has access to your information and only share what's necessary.

With Other Users

Certain information is public on our platform, including your username, avatar, any digital products you're selling, and reviews you've written. When you complete a transaction, sellers can see your username and what you purchased (but never your email or payment details), while buyers can see seller information and response times. Your purchase history, wishlist, account settings, and personal details remain completely private.

With Service Providers

We work with trusted service providers to operate our marketplace. Stripe handles all payment processing and seller verification, receiving only the transaction data necessary to process payments securely. Cloudflare provides security and content delivery services, accessing technical information like IP addresses to protect against attacks and improve performance. Our cloud infrastructure providers host the platform data with strict security requirements and data processing agreements. All service providers are contractually required to protect your data and use it only for the services they provide to us.

We may share information when required by law to comply with court orders, report income for tax purposes, assist law enforcement with valid requests, or protect against fraud and security threats. We carefully review each request to ensure it's legally valid and only share the minimum information necessary.

International Transfers

Your data may be processed outside Thailand as part of our global operations. Our primary infrastructure is hosted in Singapore, providing optimal performance for Southeast Asian users. Payment processing occurs through Stripe's global infrastructure, and we use content delivery networks across the ASEAN region for better performance.

We protect your data during international transfers through appropriate safeguards including contractual clauses aligned with Thai PDPA requirements, encryption for all data in transit and at rest, strict data processing agreements with all providers, and regular security audits. Your privacy rights remain fully protected regardless of where your data is processed, and all service providers must maintain data protection standards equivalent to or exceeding Thai requirements.

4. Data Retention

We keep your data only as long as necessary. While your account is active, we maintain your profile information, transaction history, and other account data. After account deletion, we must retain certain data for legal reasons:

  • Financial records for 5 years per Thai tax law
  • Seller digital products for 6 months so buyers can access their purchases
  • Security logs as needed for platform protection

Backup copies are purged within 90 days. Data may be retained longer if required for legal proceedings or regulatory investigations.

5. Your Privacy Rights

You have comprehensive rights over your personal data under the Thai PDPA. The law grants you core rights including access, rectification, erasure, data portability, objection, and restriction of processing. We're committed to honoring all these rights promptly and transparently. You'll never face discrimination or degraded service for exercising your privacy rights.

Access Your Data

You can view all your personal data at any time through your account settings. This includes your profile information, purchase history, reviews, and any content you've created. Sellers can also download their complete financial transaction history directly from their Stripe dashboard.

To receive a portable copy of your data, email [email protected] from your registered email address. We'll provide your personal data in CSV format within 30 days where technically feasible.

Update Your Information

If any of your information is incorrect or outdated, you can update most of it directly in your account settings. For fields you can't change yourself, contact us and we'll assist you promptly.

Delete Your Account

You have the right to delete your account at any time. When you do:

  • Your personal information is immediately anonymized
  • Your username changes to "deleted_[id]"
  • Your avatar is permanently removed
  • Reviews you've written are deleted

However, certain data must be retained for legal reasons:

  • Seller digital products remain available to buyers for 6 months
  • Financial records are kept for 5 years to comply with tax law
  • Security logs may be retained as needed for platform protection

Account Restoration

If you delete your account and change your mind within 6 months, you can request restoration by emailing [email protected] from your registered email address. We can restore your username, email, purchase history, and product listings, but other data cannot be recovered. After 6 months, restoration is no longer possible as data is permanently deleted.

Object and Restrict Processing

You have the right to object to certain uses of your data, particularly for marketing purposes or based on our legitimate interests. You can also request that we temporarily restrict processing while we investigate concerns or verify accuracy. Contact us to exercise these rights.

6. Security

We implement comprehensive security measures to protect your personal data.

How We Protect Your Data

All data is encrypted both in transit using HTTPS/TLS and at rest using industry-standard encryption. Your password is secured with one-way hashing, making it impossible for anyone (including us) to see your actual password. Our infrastructure is hosted in secure data centers with regular security audits. Access to production systems is strictly limited, requires multi-factor authentication, and all administrative actions are logged. We work with trusted security partners including Stripe for PCI-compliant payment processing.

Data Breach Response

In the unlikely event of a data breach that affects your personal data, we'll notify the Personal Data Protection Committee (PDPC) within 72 hours as required by the Thai PDPA. If the breach poses high risk to your rights and freedoms, we'll also notify you directly without undue delay, explaining what happened, what information was involved, and what steps you should take.

Your Role in Security

You can help keep your account secure by:

  • Using a strong, unique password and considering a password manager
  • Being cautious with unexpected emails claiming to be from us
  • Keeping your browser and operating system updated
  • Enabling two-factor authentication on your email account (used for password recovery)
  • Contacting us promptly if you notice unusual activity

When purchasing digital products, review seller ratings and product descriptions before buying. While we scan uploaded files for malware, we recommend using antivirus software and exercising caution as you would with any files downloaded from the internet.

7. Cookies

We use minimal cookies to make our platform work. Essential cookies keep you signed in and remember your language preference. Analytics cookies help us understand how people use our site and make improvements, though this data is aggregated and doesn't identify individuals. You can control cookies through your browser settings, but blocking essential cookies will prevent you from signing in. Third-party services like Stripe and Cloudflare may set their own cookies for payment processing and security.

8. Children's Privacy

Our platform is intended for users aged 13 and older. We don't knowingly collect information from children under 13. If we discover we've collected data from someone under 13, we'll delete their account and all associated information.

For users aged 13-18, we recommend parental awareness. Parents or guardians can contact us to request information about their teen's account or request deletion. We don't collect sensitive information from minors and encourage parental involvement in young users' online activities.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Minor changes like clarifications or formatting improvements will be reflected in the "Last Updated" date. For material changes that significantly affect your rights or how we handle your data, we'll notify you by email.

Your continued use of our services after changes are posted constitutes acceptance of the updated policy. The current version will always be available at digiwava.com/privacy.

10. Contact Us

For any privacy-related questions or concerns, contact our Data Protection Officer:

Email: [email protected]

Response time: Within 30 days

We take all privacy requests seriously and will work with you to address your concerns. We're here to help with privacy rights requests, data access, account deletion, or any questions about this policy. If you're not satisfied with our response, you have the right to lodge a complaint with the Personal Data Protection Committee (PDPC) of Thailand. We encourage you to contact us first so we can try to resolve your concerns directly.

Thank you for trusting Digiwava with your information. We're committed to protecting your privacy while providing a great marketplace experience.