Legal
Privacy Policy
Your privacy is fundamental to us. This policy explains how we collect, use, and protect your personal information, in line with Thailand's PDPA and international standards.
Last updated: May 19, 2026
Who We Are
Viatapass is operated by Mr. Apisit Taoanon, based in Prachinburi, Thailand. We are the "Data Controller" under the Personal Data Protection Act B.E. 2562 (2019) of Thailand ("PDPA").
For privacy questions, contact: founder@viatapass.com
Information We Collect
We collect the following categories of personal data:
Account Information
- Full name
- Email address
- Password (encrypted, never stored in plain text)
Application Information
- Date of birth and age
- Country of citizenship and destination preferences
- Income and financial information (when provided)
- Travel history and visa history
- Sponsor and family details (when applicable)
- Documents you upload (passports, statements, etc.)
Payment Information
- Payment method details (handled directly by Stripe, we don't store card numbers)
- Transaction history and receipts
Technical Information
- IP address and approximate location
- Browser type and device information
- Usage data (pages visited, actions taken)
- Cookies and similar technologies
How We Use Your Data
We process your personal data for these purposes:
Service Delivery
Providing visa preparation guidance, document analysis, and personalized recommendations, based on the legal basis of contract performance.
Payment Processing
Processing your package purchases through Stripe, based on contract performance.
Communication
Sending transactional emails (confirmations, password resets, updates), based on contract performance.
Security and Fraud Prevention
Protecting accounts, detecting abuse, and preventing fraud, based on legitimate interests.
Service Improvement
Analyzing usage patterns to improve features, based on legitimate interests (data is aggregated and anonymized when possible).
Legal Compliance
Complying with tax, accounting, and legal obligations, based on legal obligation.
We do not sell, rent, or trade your personal data to third parties for marketing purposes.
Third-Party Services
We share data with the following trusted service providers to operate Viatapass. Each processor has its own privacy policy and data protection standards:
International Data Transfers
Some of our service providers (e.g., Supabase, Stripe, Vercel) operate servers outside Thailand. When your data is transferred internationally, we ensure it remains protected through:
- Standard contractual clauses with our processors
- Providers' compliance with internationally recognized frameworks (e.g., GDPR)
- Encrypted data in transit and at rest
Data Retention
We retain your data only as long as necessary:
- Account data: until you delete your account or 3 years of inactivity
- Application data: for the duration of your package access plus 6 months
- Payment records: 7 years (Thai tax law requirement)
- Server logs: typically 30-90 days
Your Rights Under PDPA
As a Data Subject under PDPA, you have the following rights:
Right to Access
Request a copy of your personal data
Right to Rectification
Correct inaccurate or incomplete data
Right to Erasure
Request deletion of your data
Right to Restrict
Limit how we process your data
Right to Portability
Receive your data in a portable format
Right to Object
Object to certain processing activities
Right to Withdraw Consent
Withdraw previously given consent
Right to Complain
File a complaint with the PDPC
To exercise any of these rights, email founder@viatapass.com. We will respond within 30 days.
Cookies
We use the following types of cookies:
- Essential cookies: required for authentication and core functionality (cannot be disabled)
- Functional cookies: remember your preferences (theme, language)
- Analytics cookies: help us understand usage patterns (anonymized)
You can control cookies through your browser settings, but disabling essential cookies may break service functionality.
Data Security
We implement industry-standard security measures including:
- Encrypted data in transit (HTTPS/TLS) and at rest (AES-256)
- Secure authentication with hashed passwords
- Role-based access controls and audit logs
- Regular security updates and monitoring
- Encrypted backups
However, no system is 100% secure. In the unlikely event of a data breach affecting your personal data, we will notify you within 72 hours where required by law.
Children's Privacy
Viatapass is not intended for children under 16. We do not knowingly collect data from children under 16. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email or website notice. The "Last updated" date at the top reflects the most recent revision.
Contact the Data Controller
Mr. Apisit Taoanon (Data Controller)
Prachinburi, Thailand
Email: founder@viatapass.com
You can also file a complaint with Thailand's Personal Data Protection Committee (PDPC):