Personal Data We Collect
"Personal Data" means any information that identifies or can identify a person, directly or indirectly. We collect the following categories for the purpose of providing our Services:
- Identity documents: ID card number, name, surname, date of birth, gender, nationality, photo, and other details on government-issued documents or passport.
- Contact information: Postal address, telephone number, and email address.
- Financial information: Transaction records, wallet balance, bank account details, and card information.
- Biometric data: Facial images collected during KYC verification and biometric identifiers used for biometric login — processed only with your explicit consent or as otherwise permitted by law.
- Device and usage data: Device identifiers, advertising ID, IP address, operating system, mobile network provider, and in-app usage behavior. Android permissions DeepPocket requests: Camera (document scan & KYC selfie), Biometric authentication, Storage (document upload), Location (optional — fraud detection only).
- Legal compliance data: Information required by applicable law, including Anti-Money Laundering regulations, court orders, or law enforcement requests.
Personal Data Sources
2.1 Directly from you. We collect data you voluntarily provide when registering, completing KYC, using Services, responding to surveys, or communicating with us through the DeepPocket app, our website, or other channels including browser cookies.
2.2 From third parties. We may receive data from agents, subcontractors, financial institutions, KYC verification providers, or other parties who are legally authorised to share your data with us to support account registration and service delivery.
Purposes of Processing
We process your Personal Data for the following purposes:
3.1 To improve and enhance Service quality, efficiency, and user experience.
3.2 To verify your identity for transactions and regulatory KYC compliance.
3.3 To contact you about Services, after-sales support, or other necessary matters.
3.4 To fulfil our obligations under contracts to which you are a party, or at your request before entering a contract.
3.5 To fulfil obligations under third-party contracts that benefit you.
3.6 To use, transmit, transfer, process, and/or disclose data to relevant parties including auditors, government agencies, assignees, and authorised business partners.
3.7 To detect, investigate, and prevent fraudulent transactions.
3.8 To assess data and send you news, promotions, and benefits from the Company and selected partners. You may opt out of marketing communications at any time by emailing privacy@deeppocket.com or disabling notifications in the app under Settings → Notifications.
3.9 For any other lawful purpose, or to comply with applicable laws and regulations.
3.10 For purposes authorised by law that do not require your explicit consent.
Storage and Retention
4.1 Storage
We store Personal Data in both physical and electronic formats, protected by security controls that prevent unauthorised loss, access, use, alteration, or disclosure.
4.2 Retention Period
We retain data for as long as your account is active or as required to fulfil the purposes described in this Policy. We may retain data beyond account closure as required by law — for example, Anti-Money Laundering regulations — or for dispute resolution within applicable prescription periods. Data is securely deleted or anonymised when no longer required.
Use of Personal Data
We may disclose your Personal Data to our affiliates, subsidiaries, data processors, government agencies, IT service providers, financial institutions, customer support providers, and marketing partners — with your consent or as permitted by law — for purposes including analytics, fraud prevention, promotions, and identity verification.
Third-party services integrated into DeepPocket include: Firebase (analytics, push notifications, crash reporting), AppsFlyer (attribution analytics), Facebook SDK (attribution), and payment processors (Visa, T2P Gateway). Each third party is bound by a data processing agreement and applicable privacy standards.
Where we transfer your Personal Data internationally, we ensure appropriate safeguards are in place — such as Standard Contractual Clauses (SCCs) or adequacy decisions recognised under Thailand's PDPA — before any transfer occurs.
Restrictions on Use
We will not disclose or use your Personal Data beyond the stated purposes without your consent, unless required by contract, court order, or law, or when cooperating with government agencies on fraud prevention measures that do not compromise data confidentiality.
If we require additional Personal Data, we will notify you, obtain your consent where required, and inform you of the consequences of refusal.
Your Rights Under PDPA
As a data subject under Thailand's Personal Data Protection Act B.E. 2562 (PDPA), you have the following rights:
We may decline requests where law provides a specific ground, or if a request is fraudulent or unreasonable. To exercise any right, contact us at privacy@deeppocket.com.
Impact of Refusing to Provide Data
If you do not consent to the collection of Personal Data required for the Services, we may be unable to provide or may suspend certain Services due to legal or regulatory obligations.
If you decline optional data uses (beyond those necessary for the contract or required by law), you may still access core Services but may receive a reduced level of personalisation and benefits.
Children's Privacy
The DeepPocket application is not directed at persons under 20 years of age. We do not knowingly collect Personal Data from individuals below this age. If you are a parent or guardian and believe your child has provided Personal Data to us, please contact privacy@deeppocket.com so we may take appropriate action.
Where required to process data of legally incompetent persons as defined under applicable Thai law, we will follow appropriate procedures and legal standards.
Security
We implement appropriate technical and organisational security measures — including encrypted data storage, TLS/SSL connections, SSL certificate pinning, biometric access controls, and jailbreak/root detection — to protect Personal Data against loss, unauthorised access, use, destruction, or inappropriate disclosure.
Contact Us
For questions, recommendations, complaints, or to exercise your data rights under this Policy:
Data Collection Summary
The following table summarises what data DeepPocket collects and how it is used. This information is also declared in the app store privacy/data safety forms on both Google Play and Apple App Store:
| Data Type | Collected | Purpose | Shared with 3rd Parties | User Can Delete |
|---|---|---|---|---|
| Name & Contact Info | Yes | Account management, KYC | Yes (as required by law) | Yes |
| Government ID / Passport | Yes | KYC identity verification | Yes (KYC provider) | Limited (legal requirement) |
| Financial Transactions | Yes | Payment processing, fraud prevention | Yes (payment processors) | Limited (legal retention) |
| Device & App Info (IDs, IP) | Yes | Security, analytics, fraud detection | Yes (analytics providers) | Yes |
| Biometric / Face Data | Yes | KYC verification, biometric login | No | Yes |
| Precise Location | Optional | Fraud detection (user-granted) | No | Yes |
| Camera / Photos | Yes | Document scan & KYC selfie | Yes (KYC provider) | Yes |
This table is a summary. For full details refer to the sections above.
Changes to This Policy
Continued use of our Services constitutes acceptance of this Privacy Policy. We may amend this Policy at any time and will notify you of material changes via in-app notification, email, or other appropriate channels. For changes that materially affect your rights, we will seek your written or electronic consent before they take effect.