Legal

Privacy Policy

Last updated: 04 July 2026

1. Introduction

OneMember Co., Ltd. ("OneMember", "we", "us") operates the OneMember loyalty platform at app.onemember.co and the corporate website at www.onemember.co. This Privacy Policy explains how we collect, use, and protect personal data in compliance with Thailand's Personal Data Protection Act B.E. 2562 (PDPA).

By using our platform, you agree to the collection and use of information in accordance with this policy.

2. Data We Collect

Merchant Data
  • Business name, owner name, email address, phone number
  • Business type and industry
  • Billing information (processed by Stripe — we do not store card numbers)
  • Usage data: login times, feature usage, report activity
Member Data (collected on behalf of Merchants)
  • Name, phone number
  • Birthday (optional, required for birthday rewards)
  • Email address (optional)
  • Transaction history: points earned, rewards redeemed, stamps collected

3. How We Use Data

  • To operate and deliver the OneMember loyalty platform
  • To send transactional emails (account verification, password reset, subscription notices)
  • To process payments via Stripe
  • To provide customer support
  • To improve our product based on aggregated, anonymised usage patterns
  • To comply with legal obligations

We do not sell personal data to third parties. We do not use member data for advertising.

4. Data Sharing

We share personal data only with trusted sub-processors necessary to deliver our service:

  • Stripe — payment processing (PCI-DSS Level 1 certified)
  • Resend / Amazon SES — transactional email delivery
  • DigitalOcean — cloud infrastructure (Asia-Pacific region)

All sub-processors are bound by data processing agreements.

5. Your Rights (PDPA)

Under Thailand's PDPA, you have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your data (right to erasure)
  • Withdraw consent at any time
  • Lodge a complaint with the PDPC (Personal Data Protection Committee)

To exercise these rights, contact privacy@onemember.co.

6. Data Retention

We retain merchant account data for the duration of the account plus 1 year after closure. Member transaction data is retained for the duration of the merchant account. You may request earlier deletion at any time.

7. Security

All data is encrypted in transit (TLS 1.2+) and at rest. Passwords are hashed using bcrypt. We conduct regular security reviews. See our Security & PDPA page for details.

8. Cookies

We use session cookies to keep you logged in and CSRF tokens to protect form submissions. We do not use advertising cookies or third-party tracking cookies.

9. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated by email to active merchants. The "Last updated" date at the top of this page reflects the most recent revision.

10. Contact

For privacy enquiries: privacy@onemember.co
For general enquiries: hello@onemember.co