Privacy Policy

Last Updated: March 15, 2025

At AppDriveHub, we believe your financial data deserves serious protection. This policy explains how we collect, use, and safeguard your information when you use our expense budgeting platform. We're based in Thailand and follow both local regulations and international best practices.

Information We Collect

Running a budgeting app means we need certain information to make things work properly. Here's what we gather and why it matters.

Account Information

When you sign up, we collect your name, email address, and phone number. Pretty standard stuff. We also need a password, which we encrypt before storing. If you connect a payment method, we work with secure payment processors who handle that sensitive data according to PCI DSS standards.

Financial Data You Enter

This is the heart of what we do. You input your expenses, income, budget categories, and spending patterns. All of this stays encrypted in our databases. We don't sell this information or share it with advertisers. Ever.

  • Transaction details you manually enter or import
  • Budget categories and spending limits you set
  • Recurring payment information
  • Financial goals and savings targets
  • Notes and tags you add to transactions

Technical Information

Like most web services, we collect some technical data automatically. Your IP address, browser type, device information, and how you interact with our platform. This helps us fix bugs, improve performance, and keep things secure.

How We Use Your Information

We're not in the business of mining your data for ad revenue. Your information serves specific purposes related to making AppDriveHub work better for you.

Core principle: We use your data to provide the budgeting service you signed up for, and that's about it.

Service Delivery

Your financial data powers your personal budget dashboard. We analyze your spending patterns to show you insights, send alerts when you're approaching budget limits, and help you track progress toward savings goals. All of this happens within your private account.

Communication

We'll send you transactional emails about your account activity, security alerts, and service updates. You can opt out of marketing emails anytime, but we need to keep sending the essential stuff like password resets and security notifications.

Security and Fraud Prevention

We monitor for suspicious activity patterns. If something looks off, we might temporarily restrict account access until we can verify it's really you. Better safe than sorry when it comes to financial data.

Data Storage and Security

Your information lives on secure servers located in Thailand and backup facilities in Singapore. We picked these locations carefully to balance performance with strong data protection laws.

Encryption Standards

Everything gets encrypted. Data in transit uses TLS 1.3, and stored data uses AES-256 encryption. Your password goes through bcrypt hashing with salt. We can't see your actual password, which is exactly how it should be.

Access Controls

Only specific team members can access production systems, and they need multi-factor authentication to do so. We log every access attempt and review those logs regularly. Database access is restricted and monitored.

Security Measure Implementation
Data Encryption AES-256 for stored data, TLS 1.3 for transmission
Password Protection Bcrypt hashing with individual salts
Access Logging Complete audit trail of all data access
Backup Frequency Daily encrypted backups with 90-day retention
Security Audits Quarterly third-party penetration testing

Your Rights Under Thai Law

Thailand's Personal Data Protection Act gives you substantial control over your information. Here's what you can actually do with these rights.

Access Your Data

Request a complete copy of everything we have about you. We'll deliver it within 30 days in a readable format.

Correction Rights

Found incorrect information in your profile? You can update most things directly in your account settings or contact us for help.

Data Portability

Export your financial data anytime in CSV or JSON format. Take it to another service if you want.

Deletion Request

Close your account and we'll delete your data within 90 days. Some records stay longer for legal compliance, but we'll anonymize them.

Restrict Processing

Temporarily pause how we process your data while you verify something or sort out a concern.

Object to Processing

You can object to specific types of data processing. We'll stop unless we have compelling legal grounds to continue.

How to Exercise Your Rights

Send an email to [email protected] with "Data Rights Request" in the subject line. Tell us which right you want to exercise and include enough information for us to verify your identity. We'll respond within 30 days, though complex requests might take up to 60 days with an explanation of the delay.

Data Sharing and Third Parties

We don't sell your data. Full stop. But we do work with some third-party services to keep AppDriveHub running smoothly.

Service Providers

Our hosting provider, email service, and analytics tools get limited access to certain data. They're all under strict contracts that prohibit them from using your information for anything except helping us deliver our service. We vet these partners carefully and review their security practices annually.

Payment Processors

If you subscribe to premium features, payment processing happens through certified processors who never send us your full card details. They handle that sensitive stuff according to international payment security standards.

Legal Requirements

Thai law might require us to disclose information in response to valid legal processes. Court orders, government investigations, or regulatory inquiries could force our hand. We'll notify you if this happens unless legally prohibited from doing so.

Data Retention

We keep your information only as long as necessary. Active accounts and their data stay accessible indefinitely while you use our service. Once you close your account, here's what happens.

Deletion Timeline

Account data gets deleted within 90 days after closure. Some financial records stick around for seven years because Thai tax law requires it, but we anonymize them so they're no longer personally identifiable. Server logs get purged after 12 months unless they're part of an active security investigation.

Backup Retention

Deleted data might persist in encrypted backups for up to 90 days before those backups cycle out completely. We can't selectively remove individual records from backup archives without compromising the entire backup system's integrity.

International Data Transfers

Your data primarily stays in Thailand, but our backup systems in Singapore mean some information crosses borders. Singapore has strong data protection laws that Thailand recognizes as adequate. If we ever need to transfer data to countries without equivalent protections, we'll use approved transfer mechanisms and get your explicit consent first.

Cookies and Tracking

We use cookies to keep you logged in and remember your preferences. That's about it. No advertising networks, no cross-site tracking, no behavioral profiling for marketing purposes.

Essential Cookies

These make the site function. Session cookies, authentication tokens, and security features. You can't opt out of these without breaking basic functionality.

Analytics Cookies

We use privacy-focused analytics to understand how people use AppDriveHub. These are anonymized and don't track you across other websites. You can disable them in your account settings if you prefer.

Children's Privacy

AppDriveHub isn't designed for anyone under 18. We don't knowingly collect information from minors. If we discover we've accidentally collected data from someone underage, we'll delete it immediately. Parents who find their child created an account should contact us right away.

Changes to This Policy

Privacy practices evolve, and so will this policy. When we make significant changes, we'll email active users at least 30 days before the new terms take effect. Minor clarifications or updates to contact information might happen without notification. The "Last Updated" date at the top always reflects the current version.

Continuing to use AppDriveHub after changes take effect means you accept the updated terms. If you disagree with major changes, close your account before they go live.

Data Breach Notification

If something goes wrong and your data gets compromised, we'll notify you within 72 hours of discovering the breach. You'll get details about what happened, what information was affected, and what steps we're taking to fix the problem. We'll also notify the Thai Personal Data Protection Committee as required by law.

Privacy Questions?

Our data protection officer handles all privacy inquiries and complaints.

Email: [email protected]

Phone: +66 2 985 0058

Mail: Moo 8, Tambon Ko Yo, Amphoe Mueang Songkhla, Songkhla, 90100, Thailand

We respond to all privacy inquiries within five business days.