Last Updated: October 25, 2025
Privacy Policy
TrueCode Co., Ltd.
This Privacy Policy explains how TrueCode Co., Ltd. ('we', 'us', or 'our') collects, uses, discloses, and protects your personal data in compliance with the Personal Data Protection Act B.E. 2562 (2019) ('PDPA').
1. Introduction and Executive Summary
TrueCode Co., Ltd. is committed to protecting your privacy and ensuring the security of your personal data. As a technology company providing AI-powered solutions and software development services, we recognize the importance of maintaining the confidentiality, integrity, and availability of personal data entrusted to us. This Privacy Policy outlines our data processing practices, your rights under the PDPA, and our commitment to transparent data handling. We process personal data lawfully, fairly, and in a transparent manner, ensuring that data subjects are informed about how their personal data is used.
Applicable Services:
- AI Chat Bot platform and related services (orca.truecode-ai.in.th)
2. Definitions
For the purposes of this Privacy Policy, the following terms shall have the meanings set forth below, in accordance with the PDPA:
Personal Data
Any information relating to an individual who is identified or can be identified, directly or indirectly, from that information or from other information combined with that information, including but not limited to name, identification number, location data, online identifier, or factors specific to physical, physiological, genetic, mental, economic, cultural, or social identity.
Data Subject
An individual whose personal data is collected, used, disclosed, or processed by TrueCode Co., Ltd.
Processing
Any operation performed on personal data, whether by automated means or not, including collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure, dissemination, restriction, erasure, or destruction.
Data Controller
TrueCode Co., Ltd., as the natural or legal person who determines the purposes and means of processing personal data.
Consent
Any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which they signify agreement to the processing of their personal data.
Sensitive Personal Data
Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data, or data concerning a person's sex life or sexual orientation.
3. Types of Personal Data We Collect
We collect personal data through various means when you interact with our services, visit our website, or engage with our business operations. The categories of personal data we may collect include:
Identification and Contact Information
- Full name, title, and professional designation
- Email address and phone numbers
- Business address and location information
- Company affiliation and job role
- Government-issued identification numbers (when legally required)
- Digital signatures and authentication credentials
Technical and Usage Data
- IP address, device identifiers, and browser information
- Website usage patterns and interaction data
- Log files, cookies, and similar tracking technologies
- System performance data and error reports
- API usage statistics and access patterns
- Security event logs and access attempts
Business and Commercial Information
- Project requirements and technical specifications
- Communication preferences and history
- Contract terms and commercial arrangements
- Payment information and billing details
- Service usage patterns and preferences
- Feedback, reviews, and support inquiries
Marketing and Communication Data
- Marketing preferences and consent records
- Event attendance and networking information
- Social media interactions and professional connections
- Newsletter subscriptions and communication history
- Survey responses and market research data
4. Purposes of Data Collection and Processing
We process personal data for specific, explicit, and legitimate purposes. We do not process personal data in a manner incompatible with these purposes:
Service Delivery and Contract Performance
To provide our AI-powered solutions, software development services, and technical support in accordance with contractual obligations.
Activities Include:
- Project management and delivery coordination
- Technical implementation and system integration
- Quality assurance and testing procedures
- Client communication and progress reporting
- Documentation and knowledge transfer
- Post-deployment support and maintenance
Business Operations and Administration
To manage our business relationships, maintain operational efficiency, and ensure proper corporate governance.
Activities Include:
- Client onboarding and relationship management
- Invoice generation and payment processing
- Vendor management and partnership coordination
- Human resources and employee management
- Legal compliance and regulatory reporting
- Business continuity and risk management
Marketing Communications and Business Development
To communicate about our services, industry developments, and business opportunities (with appropriate consent).
Activities Include:
- Newsletter distribution and content marketing
- Event invitations and networking opportunities
- Product updates and service announcements
- Market research and customer satisfaction surveys
- Webinar hosting and educational content delivery
- Social media engagement and thought leadership
Legal Compliance and Risk Management
To comply with applicable laws, regulations, and legal obligations, and to protect our legitimate business interests.
Activities Include:
- Regulatory compliance and reporting requirements
- Tax obligations and financial record keeping
- Data protection impact assessments
- Security incident response and investigation
- Legal dispute resolution and litigation support
- Audit and examination procedures
5. Legal Basis for Processing Under PDPA
All processing of personal data is conducted on the basis of lawful grounds under the PDPA. Our legal basis for processing includes:
Consent
Where you have given clear, informed consent for processing your personal data for specific purposes, such as marketing communications or optional service features.
Contract Performance
Processing necessary for the performance of a contract to which you are a party, or to take steps at your request prior to entering into a contract.
Legal Obligation
Processing necessary for compliance with legal obligations to which we are subject under Thai law or other applicable regulations.
Legitimate Interests
Processing necessary for legitimate interests pursued by us, provided such interests are not overridden by your fundamental rights and freedoms.
Vital Interests
Processing necessary to protect the vital interests of you or another person, particularly in emergency situations.
6. Your Rights Under the PDPA
As a data subject under the PDPA, you have specific rights regarding your personal data. We are committed to facilitating the exercise of these rights:
Right to Be Informed
You have the right to be informed about the collection and processing of your personal data. This Privacy Policy serves as our primary means of providing this information.
Right of Access
You have the right to request access to your personal data and information about how we process it, including the purposes, categories of data, and recipients.
Right to Data Portability
You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.
Right to Object
You have the right to object to processing based on legitimate interests, direct marketing, or processing for research and statistical purposes.
Right to Erasure and Destruction
You have the right to request deletion of your personal data when it is no longer necessary, consent is withdrawn, or processing is unlawful.
Right to Restrict Processing
You have the right to request restriction of processing in certain circumstances, such as when accuracy is contested or processing is unlawful.
Right to Rectification
You have the right to request correction of inaccurate or incomplete personal data without undue delay.
Right to Withdraw Consent
Where processing is based on consent, you have the right to withdraw consent at any time without affecting the lawfulness of processing before withdrawal.
Right to Complain
You have the right to file a complaint with the Personal Data Protection Commission if you believe your rights have been violated.
7. Data Sharing and Third-Party Disclosures
We may share personal data with third parties only in specific circumstances and with appropriate safeguards to protect your privacy.
8. Data Retention Policies
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, and protect our legitimate business interests:
Retention Schedule:
| Category | Period | Rationale | Disposal Method |
|---|---|---|---|
| Client Data and Project Information | 7 years from contract completion | Commercial law requirements and potential warranty obligations | Secure deletion after retention period unless legal hold applies |
| Marketing Communications Data | Until consent withdrawal or 3 years of inactivity | Ongoing marketing relationship and consent management | Immediate removal from marketing lists upon withdrawal |
| Website and Technical Logs | 12 months from collection | Security monitoring and system optimization | Automated purging and anonymization processes |
| Financial and Accounting Records | 5 years from transaction date | Thai Accounting Act and tax law requirements | Secure destruction in accordance with legal requirements |
| Legal and Compliance Records | 10 years or as required by applicable law | Regulatory compliance and litigation protection | Legal review before disposal to ensure compliance |
Data Retention Procedures:
- Regular review of retention schedules and legal requirements
- Automated data purging systems where technically feasible
- Secure disposal methods for both physical and electronic data
- Documentation of data disposal activities for audit purposes
- Legal hold procedures to preserve data during litigation
- Data subject notification procedures for retention policy changes
Deletion Procedures:
- Automated deletion upon expiry of retention periods
- Manual deletion upon user request or consent withdrawal
9. Security Measures and Data Protection
We implement comprehensive technical, organizational, and physical security measures to protect personal data against unauthorized access, disclosure, alteration, and destruction:
Technical Measures:
- End-to-end encryption for data in transit and at rest
- Multi-factor authentication and access controls
- Regular security vulnerability assessments and penetration testing
- Automated security monitoring and incident detection systems
- Secure software development lifecycle (SDLC) practices
- Regular security updates and patch management procedures
- Data loss prevention (DLP) systems and monitoring
- Secure backup and disaster recovery procedures
Organizational Measures:
- Comprehensive privacy and security training for all employees
- Data protection impact assessments (DPIAs) for high-risk processing
- Privacy by design and by default in system development
- Incident response plans and breach notification procedures
- Vendor security assessments and due diligence processes
- Data retention and disposal policy enforcement
- Segregation of duties and least privilege access principles
11. Policy Updates and Notifications
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or business operations. Our update process includes:
Update Process:
- Regular review of privacy practices and legal requirements
- Stakeholder consultation for significant policy changes
- Legal review and approval of policy modifications
- Version control and change documentation
- Communication planning for policy updates
- Post-implementation monitoring and feedback collection
Notification Methods:
- Prominent notice on our website with effective date
- Email notification to registered users for material changes
- In-service notifications for significant privacy impact changes
- Social media and communication channel announcements
- Direct communication to affected data subjects when required
Important Notice: We encourage you to review this Privacy Policy periodically. Continued use of our services after changes become effective constitutes acceptance of the updated policy, except where additional consent is required by law for material changes affecting your rights.
12. Compliance and Legal Framework
This Cookie Policy is designed to ensure compliance with applicable privacy laws and regulations, including but not limited to:
Applicable Laws & Regulations:
- Personal Data Protection Act B.E. 2562 (2019) of Thailand
13. Contact Information
For questions, concerns, or requests related to this Cookie Policy please contact:
Contact Us
Email: truecodecompany@gmail.com
Phone: (+66) 88-924-7944
Address: Casa Condo @MRT Sam Yaek Bang Yai Room No. 99/486, 25th Floor Nonthaburi 11140, Thailand