Privacy Policy Overview
This privacy policy describes how AppTopWorks collects, uses, stores and shares personal data when you visit AppTopWorks.pro, use our software, or communicate with our team. We focus on providing clear information about data handling so you can make informed choices about the services you use. Our procedures are designed to protect user information while enabling reliable delivery of workflow automation, collaboration, and analytics features for businesses operating in Thailand and internationally.
Key Definitions
To help you understand this policy, we define common terms used throughout:
Data We Collect
We collect data directly from you, automatically through your device, and from third parties to provide, secure, and improve our services. Below are typical categories collected and examples of use.
Data You Provide
When you register, configure accounts, contact support, or purchase services, we collect information you supply such as:
- Contact details: name, business email, phone number, company name and address.
- Account credentials: login usernames and hashed passwords, role and permission settings.
- Billing and payment information required to process purchases (stored and processed by our payment partners).
- Business data and configuration: workflows, templates, integration settings and uploaded documents necessary for service operation.
- Support and communications: messages you send to our support team, feedback and survey responses.
- Marketing preferences and subscription choices for newsletters and product updates.
Automatically Collected Data
When you use our site and services we automatically collect certain technical and usage information to operate and improve the platform:
- Device and connection information such as IP address, browser type, operating system, and device identifiers.
- Usage data including pages visited, features used, timestamps and performance metrics.
- Log data and error reports generated by the application and infrastructure.
- Analytics data from cookies and similar technologies to understand feature adoption and user flows.
- Location data inferred from IP addresses to provide regional settings and localization.
- Aggregated and anonymized metrics derived from user activity for product improvement.
Data from Third Parties
We may receive information about you from trusted third-party services and partners to enable features, billing and integrations:
- Identity and contact data from identity providers and business directories when you connect external accounts.
- Payment and transaction details from payment processors to complete purchases.
- Analytics and advertising data from analytics providers and marketing platforms used to measure campaign performance and service usage.
How We Use Personal Data
We use personal data for specific, limited purposes necessary to operate and improve AppTopWorks:
- Provide and maintain the service, including account setup, authentication, feature delivery and hosting.
- Process payments, invoices and business records with the help of payment processors.
- Respond to support requests, troubleshoot issues and communicate important service updates.
- Improve product functionality and user experience by analyzing usage patterns and feedback.
- Protect the service and users from fraud, abuse and security threats; perform audits and monitoring.
- Comply with legal obligations, tax and regulatory requirements applicable to our operations.
- Send marketing communications where permitted by applicable law and user preferences.
- Support integrations with third-party tools and services that you choose to connect.
Legal Basis for Processing
Where applicable law requires us to identify a legal basis for processing personal data, we rely on the following:
- Performance of a contract: processing necessary to deliver the services you requested.
- Consent: where you have provided clear consent for specific purposes such as marketing or analytics.
- Legitimate interests: processing to operate and secure the service, prevent fraud, and improve features, balanced against user rights.
- Legal obligation: processing required to comply with laws, tax or regulatory duties.
GDPR and European Data Subjects
Rights for data subjects in the European Economic Area and the UK are described below. If you are an EU/EEA/UK resident, these provisions explain how to exercise your rights under applicable data protection law.
- Access: request a copy of personal data we hold about you and receive details about processing purposes and recipients.
- Rectification: request correction of inaccurate or incomplete personal data.
- Erasure: request deletion of personal data where retention is no longer necessary, subject to legal and contractual obligations.
- Restriction: request restriction of processing in certain circumstances.
- Data portability: request a machine-readable copy of data you provided to AppTopWorks for transfer to another provider where technically feasible.
- Objection: object to processing based on legitimate interests or for direct marketing purposes.
Data Sharing and Disclosure
We share personal data only as needed with service providers, partners and legal authorities. Sharing is limited to what is necessary for the specified purpose.
- Service providers and software providers who host, maintain and support AppTopWorks (cloud hosting, email, monitoring, backups).
- Payment processors and business services that handle billing and transactions.
- Analytics and marketing partners that help measure and optimize the service when you have consented to such processing.
- Professional advisors and auditors who perform compliance, tax or legal functions on our behalf.
- Authorities when required by law, legal process or to protect the rights, property or safety of AppTopWorks, our users, or others.
- In the event of a merger, acquisition or sale of assets, data may be transferred to a successor entity subject to confidentiality commitments.
International Data Transfers
AppTopWorks operates internationally and may transfer personal data to countries outside your jurisdiction, including cloud providers and contractors located in other countries. Transfers are managed to ensure adequate protection of personal data.
When we transfer data internationally we use appropriate safeguards such as standard contractual clauses, data processing agreements, or rely on approved frameworks where available to protect your information.
Data Retention
We retain personal data only as long as necessary to fulfill the purposes described in this policy, to meet contractual obligations, and to comply with legal requirements.
Account and profile information is retained for the duration of your active account and for a reasonable period after account closure to meet legal, tax and audit obligations; typically up to 7 years for business records unless a shorter period applies under local law.
Support communications and message logs are retained for operational purposes and to improve our service; retention periods vary but are regularly reviewed and managed.
System logs, backup copies and diagnostic data are retained to maintain service integrity and security; retention periods are limited and subject to secure deletion procedures.
When retention periods expire or you request deletion where applicable, we apply secure deletion methods to remove personal data from active systems; residual copies may remain in backups for a limited time until fully purged.
Security Practices
We maintain technical and organizational measures designed to protect personal data against unauthorized access, loss, misuse or alteration. Security is reviewed regularly and updated in line with evolving threats and industry best practices.
- Encryption of data in transit (TLS) and encryption at rest for sensitive data where applicable.
- Role-based access controls, strong authentication practices and least-privilege principles for internal systems.
- Regular security assessments, vulnerability scanning, incident response planning and staff training.
Your Rights
You have choices about how we use and share your personal data. To exercise rights or ask questions, contact us using the details above. We will respond within applicable legal timeframes and provide guidance on next steps.
- Access, correction and export: request copies of personal data and request updates to inaccurate information.
- Deletion and restriction: where permitted by law, request deletion or restriction of processing for your personal data.
- Opt-out and objection: opt-out of marketing communications and object to processing based on legitimate interests where applicable.
- Request correction of inaccurate or incomplete personal data held by AppTopWorks, including account details and contact information.
- Request restriction of processing where accuracy is contested or processing is unlawful and you prefer restriction over erasure.
- Object to processing based on legitimate interests or direct marketing; we will review and respond in line with applicable law.
- Request portability of personal data you have provided in a structured, commonly used and machine-readable format where technically feasible.
- Withdraw consent for processing that relies on consent; withdrawal will not affect processing conducted prior to withdrawal for compliance reasons.
How to Exercise Your Privacy Rights
To exercise any of the privacy rights listed, contact our privacy team with a clear description of the request and any supporting details. We may ask for proof of identity to protect your account and others. Requests are reviewed to ensure they are valid and actionable under applicable Thai and international data protection requirements. AppTopWorks aims to process requests efficiently and will inform you if any limitation applies under the law.
We will acknowledge receipt of a valid request within 7 calendar days and aim to respond substantively within 30 calendar days. Complex requests may require additional time; if so, we will notify you with an expected timeline and reason for the extension.
Marketing Communications
AppTopWorks may send marketing and promotional communications about product updates, training offers, and special pricing to users who opt in. Messages are tailored to professional interests and regional relevance. Marketing communications may include email, in-app notifications, and targeted content within our platform.
To stop receiving marketing communications, follow the unsubscribe link in any marketing email, change your notification settings in your AppTopWorks account, or submit an opt-out request to our privacy team through the contact details below. Opting out will not prevent transactional messages or service-related alerts necessary to operate your account.
Children and Minors
AppTopWorks is designed for businesses and professionals. We do not knowingly collect personal data from children under 13. If we become aware that we have collected personal information from a minor without parental consent, we will take steps to remove that information promptly. If you believe data about a minor has been provided to us, contact our privacy team for assistance.
Links to Third-Party Sites
Our services may include links to third-party websites or services that are not operated by AppTopWorks. We do not control external sites and are not responsible for their privacy practices or content. Review the privacy policies of any third-party sites you visit before providing personal information to them.
Changes to This Privacy Notice
We may update this privacy notice to reflect changes in our practices, new features, or legal requirements. Material changes will be posted on the AppTopWorks website and, when appropriate, notified to registered users by email. Continued use of AppTopWorks after changes indicates acceptance of the updated notice.