DeepPocket

Privacy Policy

Effective Date: 1 July 2025  ·  Last Updated: 25 June 2026

T2P Company Limited ("the Company") respects the privacy of DeepPocket users. This Privacy Policy explains how we collect, use, and protect your personal data in connection with the DeepPocket digital wallet application and related services — including e-money, QR payments, Visa card issuance, domestic and international transfers — as authorized by the Bank of Thailand.
1

Personal Data We Collect

"Personal Data" means any information that identifies or can identify a person, directly or indirectly. We collect the following categories for the purpose of providing our Services:

  • Identity documents: ID card number, name, surname, date of birth, gender, nationality, photo, and other details on government-issued documents or passport.
  • Contact information: Postal address, telephone number, and email address.
  • Financial information: Transaction records, wallet balance, bank account details, and card information.
  • Biometric data: Facial images collected during KYC verification and biometric identifiers used for biometric login — processed only with your explicit consent or as otherwise permitted by law.
  • Device and usage data: Device identifiers, advertising ID, IP address, operating system, mobile network provider, and in-app usage behavior. Android permissions DeepPocket requests: Camera (document scan & KYC selfie), Biometric authentication, Storage (document upload), Location (optional — fraud detection only).
  • Legal compliance data: Information required by applicable law, including Anti-Money Laundering regulations, court orders, or law enforcement requests.
2

Personal Data Sources

2.1 Directly from you. We collect data you voluntarily provide when registering, completing KYC, using Services, responding to surveys, or communicating with us through the DeepPocket app, our website, or other channels including browser cookies.

2.2 From third parties. We may receive data from agents, subcontractors, financial institutions, KYC verification providers, or other parties who are legally authorised to share your data with us to support account registration and service delivery.

3

Purposes of Processing

We process your Personal Data for the following purposes:

3.1 To improve and enhance Service quality, efficiency, and user experience.

3.2 To verify your identity for transactions and regulatory KYC compliance.

3.3 To contact you about Services, after-sales support, or other necessary matters.

3.4 To fulfil our obligations under contracts to which you are a party, or at your request before entering a contract.

3.5 To fulfil obligations under third-party contracts that benefit you.

3.6 To use, transmit, transfer, process, and/or disclose data to relevant parties including auditors, government agencies, assignees, and authorised business partners.

3.7 To detect, investigate, and prevent fraudulent transactions.

3.8 To assess data and send you news, promotions, and benefits from the Company and selected partners. You may opt out of marketing communications at any time by emailing privacy@deeppocket.com or disabling notifications in the app under Settings → Notifications.

3.9 For any other lawful purpose, or to comply with applicable laws and regulations.

3.10 For purposes authorised by law that do not require your explicit consent.

4

Storage and Retention

4.1 Storage

We store Personal Data in both physical and electronic formats, protected by security controls that prevent unauthorised loss, access, use, alteration, or disclosure.

4.2 Retention Period

We retain data for as long as your account is active or as required to fulfil the purposes described in this Policy. We may retain data beyond account closure as required by law — for example, Anti-Money Laundering regulations — or for dispute resolution within applicable prescription periods. Data is securely deleted or anonymised when no longer required.

5

Use of Personal Data

We may disclose your Personal Data to our affiliates, subsidiaries, data processors, government agencies, IT service providers, financial institutions, customer support providers, and marketing partners — with your consent or as permitted by law — for purposes including analytics, fraud prevention, promotions, and identity verification.

Third-party services integrated into DeepPocket include: Firebase (analytics, push notifications, crash reporting), AppsFlyer (attribution analytics), Facebook SDK (attribution), and payment processors (Visa, T2P Gateway). Each third party is bound by a data processing agreement and applicable privacy standards.

Where we transfer your Personal Data internationally, we ensure appropriate safeguards are in place — such as Standard Contractual Clauses (SCCs) or adequacy decisions recognised under Thailand's PDPA — before any transfer occurs.

6

Restrictions on Use

We will not disclose or use your Personal Data beyond the stated purposes without your consent, unless required by contract, court order, or law, or when cooperating with government agencies on fraud prevention measures that do not compromise data confidentiality.

If we require additional Personal Data, we will notify you, obtain your consent where required, and inform you of the consequences of refusal.

7

Your Rights Under PDPA

As a data subject under Thailand's Personal Data Protection Act B.E. 2562 (PDPA), you have the following rights:

7.1 Withdraw ConsentWithdraw consent at any time, subject to legal limits. Withdrawal may affect access to some Services.
7.2 Access & CopyAccess and obtain a copy of your Personal Data held by us.
7.3 Data PortabilityRequest transfer of your data to another controller or to yourself.
7.4 ObjectObject to the processing of your Personal Data.
7.5 RectificationRequest correction of inaccurate, incomplete, or outdated data.
7.6 ErasureRequest deletion or destruction of your Personal Data.
7.7 RestrictionRequest suspension of processing your Personal Data.
7.8 ComplaintLodge a complaint with the Personal Data Protection Committee or relevant authority.

We may decline requests where law provides a specific ground, or if a request is fraudulent or unreasonable. To exercise any right, contact us at privacy@deeppocket.com.

8

Impact of Refusing to Provide Data

If you do not consent to the collection of Personal Data required for the Services, we may be unable to provide or may suspend certain Services due to legal or regulatory obligations.

If you decline optional data uses (beyond those necessary for the contract or required by law), you may still access core Services but may receive a reduced level of personalisation and benefits.

9

Children's Privacy

The DeepPocket application is not directed at persons under 20 years of age. We do not knowingly collect Personal Data from individuals below this age. If you are a parent or guardian and believe your child has provided Personal Data to us, please contact privacy@deeppocket.com so we may take appropriate action.

Where required to process data of legally incompetent persons as defined under applicable Thai law, we will follow appropriate procedures and legal standards.

10

Security

We implement appropriate technical and organisational security measures — including encrypted data storage, TLS/SSL connections, SSL certificate pinning, biometric access controls, and jailbreak/root detection — to protect Personal Data against loss, unauthorised access, use, destruction, or inappropriate disclosure.

11

Contact Us

For questions, recommendations, complaints, or to exercise your data rights under this Policy:

Phone +66 2114 7456  (Mon–Fri, 09:00–18:00 ICT)
Address T2P Company Limited, 1788 Singha Complex, 30th Floor Room 3005, New Petchaburi Road, Bangkapi, Huai Khwang, Bangkok 10310
In-App DeepPocket App → Menu → Help & Support
12

Data Collection Summary

The following table summarises what data DeepPocket collects and how it is used. This information is also declared in the app store privacy/data safety forms on both Google Play and Apple App Store:

Data Type Collected Purpose Shared with 3rd Parties User Can Delete
Name & Contact Info Yes Account management, KYC Yes (as required by law) Yes
Government ID / Passport Yes KYC identity verification Yes (KYC provider) Limited (legal requirement)
Financial Transactions Yes Payment processing, fraud prevention Yes (payment processors) Limited (legal retention)
Device & App Info (IDs, IP) Yes Security, analytics, fraud detection Yes (analytics providers) Yes
Biometric / Face Data Yes KYC verification, biometric login No Yes
Precise Location Optional Fraud detection (user-granted) No Yes
Camera / Photos Yes Document scan & KYC selfie Yes (KYC provider) Yes

This table is a summary. For full details refer to the sections above.

13

Changes to This Policy

Continued use of our Services constitutes acceptance of this Privacy Policy. We may amend this Policy at any time and will notify you of material changes via in-app notification, email, or other appropriate channels. For changes that materially affect your rights, we will seek your written or electronic consent before they take effect.