Privacy Policy

We collect the minimum data needed to operate the Service:

• Account data: email address and authentication identifiers when you sign in.
• Session data: a session token (cookie) so you stay signed in between visits.
• Content you submit: corrections, comments, or admin edits, attributed to your account.
• Technical logs: standard server logs (IP address, user agent, request path, timestamp) retained for security and abuse prevention for up to 30 days.

We do not use third-party analytics, advertising trackers, or social media pixels.

• Contract: to provide the Service you requested.
• Legitimate interests: securing the Service, preventing abuse, maintaining records.
• Legal obligation: complying with applicable law.
• Consent: where required (e.g., non-essential cookies — we currently use none).

• To authenticate you and operate the Service.
• To respond to your inquiries and process content submissions.
• To detect, prevent, and respond to abuse, fraud, or security incidents.
• To comply with legal obligations.

We do not sell personal data. We share data only with service providers strictly necessary to run the Service:

• Supabase — database, authentication, and storage (data may be processed in regions where Supabase operates).
• Cloudflare — edge hosting and DDoS protection.
• Google (Gemini) & Firecrawl — server-side AI processing of public source material to assist with research. No user-account data is sent.

These sub-processors act on our instructions under contractual confidentiality and security obligations.

Personal data may be transferred to and processed in countries outside your country of residence, including the United States and the European Union. Where required, transfers are protected by Standard Contractual Clauses or equivalent safeguards.

Account data is retained while your account is active and for a reasonable period thereafter to comply with legal obligations and resolve disputes. Server logs are retained for up to 30 days.

Depending on your jurisdiction (GDPR, UK GDPR, CCPA/CPRA, Thailand PDPA, and others), you may have the right to: access your data, rectify inaccurate data, erase your data, restrict or object to processing, data portability, withdraw consent, and lodge a complaint with a supervisory authority. To exercise any right, email contact@techbridgesoftware.com. We respond within 30 days.

California residents: we do not "sell" or "share" personal information as defined by the CCPA/CPRA.

We use industry-standard measures including encryption in transit (TLS), encrypted databases at rest, and row-level access controls. No system is 100% secure; we cannot guarantee absolute security.

The Service is not directed to children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with data, contact us and we will delete it.

We will update this Policy as the Service evolves. Material changes will be indicated by updating the "Last updated" date above.

TechBridge Software Co., Ltd., Thailand — contact@techbridgesoftware.com