6 min read
Download

Privacy Policy

Last Updated: June 6, 2025

Digiwava ("we," "us," or "our") is committed to protecting your personal data in compliance with Thailand's Personal Data Protection Act B.E. 2562 (2019) ("PDPA"). This Privacy Policy explains how we, as the Data Controller, collect, use, disclose, and safeguard your personal data when you use our website, services, and applications (collectively, the "Platform").

1. Personal Data We Collect

We collect various types of personal data to provide and improve our Platform, including:

  • Identity & Contact Data: Name, username, email address, and other identifiers you provide during registration.
  • Transaction Data: Details about payments to and from you, including the status, amount, and products purchased. This data is processed by our third-party payment provider, Stripe. We never receive or store any credit card information.
  • Seller-Specific Data: Information required to connect your Stripe Standard account, which is provided directly to Stripe through their secure OAuth flow.
  • Technical & Usage Data: IP address, browser type, device information, and data on how you interact with our Platform.
  • Profile Data: Your purchase history, product listings, reviews, and other information you voluntarily add to your profile.
  • Marketing and Communications Data: Your preferences in receiving marketing from us and your communication history with us.

We do not intentionally collect "Sensitive Personal Data" (as defined by the PDPA). Do not upload such data to the Platform.

We process your personal data based on the following legal grounds under the PDPA:

  • Contractual Necessity: We process your data to fulfill our contractual obligations to you. This includes:
    • Registering and managing your user account.
    • Processing payments for product purchases and collecting our application fees.
    • Facilitating Seller payouts through their connected Stripe account.
    • Providing you with access to purchased digital products via secure download links.
  • Legitimate Interest: We process your data for our legitimate business interests, provided they do not override your fundamental rights. This includes:
    • Improving and personalizing the Platform.
    • Monitoring for fraud and ensuring the security of our Platform.
    • Analyzing platform usage to enhance user experience.
    • Communicating with you about service updates or important notices.
  • Legal Obligation: We may process your data to comply with our legal and regulatory obligations, such as tax laws or requests from law enforcement authorities.
  • Consent: Where no other legal basis applies, we will request your explicit consent to process your data, for example, for certain direct marketing activities. You can withdraw your consent at any time.

3. How We Disclose Your Personal Data

We may disclose your data to:

  • Service Providers (Data Processors): We share information with third-party vendors who perform services on our behalf, such as:
    • Stripe: For payment processing, seller onboarding, and dispute management. For PromptPay refunds, Stripe will contact the Buyer directly to securely collect bank details.
    • Infrastructure Providers: For database hosting, file storage, and authentication services.
  • Legal Authorities: If required by law or to protect the rights and safety of our users and the Platform.

4. Data Retention and Account Deletion

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for satisfying any legal, accounting, or reporting requirements.

Upon your request to delete your account, we will delete or anonymize your personal account information, such as your username, email, and profile data.

However, to fulfill our contractual obligations to Buyers who have purchased your Products, we will retain the specific digital product files you have sold for a period of six (6) months following your account deletion. This ensures that Buyers can still access and download their purchases. After this period, the product files will be permanently deleted from our systems. This policy is a condition of the Seller terms you agree to when using the Platform.

5. International Data Transfers

Your personal data may be transferred to, stored, and processed in countries outside of Thailand where our service providers operate. We will ensure that any cross-border transfer complies with PDPA requirements, such as transferring to countries with adequate data protection standards or implementing appropriate safeguards like Standard Contractual Clauses.

6. Your Rights as a Data Subject

Under the PDPA, you have the following rights regarding your personal data:

  • Right to Withdraw Consent: You may withdraw your consent at any time for data processing that is based on consent.
  • Right of Access: You may request a copy of the personal data we hold about you.
  • Right to Rectification: You may request to correct any incomplete or inaccurate data we hold about you.
  • Right to Erasure (Right to be Forgotten): You may request that we delete or anonymize your personal data, subject to our data retention policies required to fulfill contractual or legal obligations, as described in Section 4.
  • Right to Restrict Processing: You may request that we suspend the processing of your personal data in certain circumstances.
  • Right to Data Portability: You may request the transfer of your personal data to you or a third party in a structured, commonly used, machine-readable format.
  • Right to Object: You may object to the processing of your personal data where we are relying on a legitimate interest.
  • Right to Lodge a Complaint: You have the right to lodge a complaint with the Personal Data Protection Committee (PDPC) of Thailand.

To exercise any of these rights, please contact us at [email protected].

7. Data Security

We are committed to protecting your data and have implemented appropriate technical and organizational security measures designed to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way. These measures include:

  • Encryption: We use industry-standard TLS (HTTPS) encryption for all data transmitted between your browser and our servers. Sensitive data is also encrypted when stored at rest in our databases.
  • Payment Security: We do not store, process, or have access to your full credit card details. All payment processing is handled directly by our PCI-compliant payment partner, Stripe, through a secure connection.
  • Access Control: Our application is built with strict access controls and Row Level Security (RLS) policies to ensure that users can only access their own data. Access to personal data by our internal staff is limited to a need-to-know basis.
  • Secure File Downloads: To protect Sellers' intellectual property and Buyers' purchases, access to purchased digital products is provided through secure, time-limited signed URLs generated on-demand. We store product packages in a private bucket to prevent unauthorized public access.
  • Account Security: We utilize secure, modern authentication mechanisms to protect user accounts from unauthorized access. We also advise users to use strong, unique passwords.

8. Data Protection Inquiries

If you have any questions about this policy or wish to exercise your data protection rights, please contact us at [email protected].

9. Changes to This Privacy Policy

We may update this policy from time to time. We will notify you of any significant changes by posting the new policy on the Platform or via email.