OctoChurn

นโยบายความเป็นส่วนตัว

อัปเดตล่าสุด: 2026-06-13

เอกสารทางกฎหมายของเราจัดทำเป็นภาษาอังกฤษ และฉบับภาษาอังกฤษมีผลบังคับใช้ หากมีคำถามเป็นภาษาไทย อีเมลมาได้ที่ admin@octochurn.com

The short version

  • We collect the minimum we need to run the service.
  • We never sell data. Not yours, not your customers'.
  • Your customers' billing data stays yours: we process it only to run the retention features you configure.
  • You can ask us to export or delete your data anytime: admin@octochurn.com.

Who we are

OctoChurn (Bangkok, Thailand) operates octochurn.com and the OctoChurn application. For your account data, we are the data controller. Contact: admin@octochurn.com.

Two kinds of data

1. Your data (you, the merchant). Your email address, name, workspace settings, and how you use the product. We are the controller of this data.

2. Your customers' data. When you connect Stripe or Omise, we receive subscription, invoice, and charge data about your customers (names, email addresses, amounts, decline codes) so we can run cancel flows, payment recovery, and analytics for you. For this data you are the controller and we are your processor: we act only on your configuration and instructions, we never use this data for our own marketing, never contact your customers except through features you turned on, and never sell or share it. When you disconnect a processor or delete your workspace, we delete this data within 30 days (backups roll off within 90).

You are responsible for having a lawful basis to share your customers' data with us and for the messages you configure the service to send them.

What we collect

From you:

  • Email address (required to sign in)
  • Display name and profile picture (optional)
  • Workspace configuration and anything you create in the product
  • Messages you send us

Automatically:

  • IP address (abuse prevention)
  • Browser type, OS, screen size, language
  • Pages visited and basic interactions

From third parties:

  • If you sign in with an OAuth provider, we get your name, email, and avatar from them.
  • Stripe and Omise send us the billing data described above, plus your own subscription status for paying us. Card numbers never reach us; the processors hold them.

Why we collect it

  • To provide the service you signed up for (legal basis: contract)
  • To keep the service secure and prevent abuse (legitimate interest)
  • To send transactional emails (account, billing, security)
  • To improve the product based on usage, anonymized where possible
  • Marketing emails only if you opted in; unsubscribe anytime

Who we share it with

We share data with these processors so we can run the service:

  • Stripe and Omise / Opn Payments: payment processing (yours and, via your connection, your customers')
  • Supabase: authentication and database
  • Cloudflare: file storage and network
  • PostHog: product analytics (EU instance)
  • Google Analytics: web analytics on the marketing site
  • Transactional email and AI providers: only the content needed for the specific feature (for example, sending a dunning email you configured)

We do not sell or rent information to anyone. We disclose data to authorities only if legally compelled.

If the business is ever sold, data may transfer to the buyer under this same policy or a stricter one. We will email you if that happens.

Where your data lives

Data is processed and stored in the regions our vendors operate (primarily Singapore, the EU, and the US). Where data leaves the EEA or UK, we rely on Standard Contractual Clauses through our processors. OctoChurncomplies with Thailand's Personal Data Protection Act (PDPA) as a Thailand-based service.

How long we keep it

  • While your account is active: as long as needed to provide the service.
  • After you delete your account: removed within 30 days; backups roll off within 90 days.
  • Billing records: kept as long as tax law requires.

Your rights

Under GDPR, UK GDPR, Thailand PDPA, or California law (depending on where you are), you can:

  • Get a copy of your data
  • Correct anything wrong
  • Delete your account and data
  • Object to or restrict certain processing
  • Export your data
  • Complain to your local data protection authority

Email admin@octochurn.com. We respond within 30 days and may verify your identity first. If your customers contact us directly about their data, we will refer them to you (their controller) and assist you in responding.

California: we do not sell or share personal information as defined under California law, and you will not be discriminated against for exercising your rights.

Cookies

We use cookies to keep you signed in, remember your language and theme, and understand how the site is used. We honor the browser Do Not Track signal: with DNT enabled, analytics cookies are not set.

Cookies we set:

  • Session cookies: your sign-in session (required)
  • NEXT_LOCALE: your chosen language
  • theme: your light/dark preference
  • ph_*: PostHog analytics (skipped with DNT)
  • _ga, _ga_*: Google Analytics (skipped with DNT)

You can disable cookies in your browser; some features may stop working.

Security

We protect data with TLS in transit, encryption at rest where our processors offer it, and least-privilege access. Card data never touches our systems; it stays with Stripe and Omise (PCI-DSS scope minimization). If we discover a breach affecting your data, we will notify you and the relevant authority as applicable law requires.

Children

The service is not for children under 16. If you think a child gave us data, email admin@octochurn.com and we will remove it.

Changes

We may update this policy. When we do, we update the date above. For material changes, we will notify you by email.

Questions?

Email admin@octochurn.com.