1. Who we are
Veribadge (“we”, “us”, “our”) operates the website and services available at veribadge.app and related subdomains (the “Service”). This Privacy Policy explains how we process personal data when you use the Service as a traveler (public user), as a resort partner, or as a visitor browsing our public pages.
For questions about this policy or to exercise your privacy rights, contact us at support@veribadge.app.
2. Personal data we collect
The data we collect depends on how you use the Service:
- Traveler (public) accounts: email address, display name (optional), phone number (optional), password hash if you register with email/password, and Google account identifiers if you sign in with Google.
- Guest requests and messaging: when you submit a request to a resort through Veribadge, we process the content of your request (including optional travel details and messages) and related metadata (timestamps, status).
- Resort partner accounts: email, name, role, resort profile and verification-related information you submit, billing/subscription identifiers where applicable, and operational logs tied to your account.
- Website visitors: technical data such as IP address, user agent, and approximate location derived by analytics or security systems; timestamps of events (e.g. page views, channel clicks) as described in our Cookies section.
- Support and safety: information you provide when you contact us or submit reports (e.g. suspicious listing reports), including any attachments you choose to upload.
3. How we use personal data
We use personal data for the following purposes:
- To provide and operate the Service (accounts, resort listings, verification workflows, guest request inbox, messaging threads, and partner tools).
- To authenticate users, protect accounts, detect abuse, enforce rate limits, and maintain audit logs for security and trust operations.
- To send service-related emails (e.g. notifications about guest requests or replies) where you have provided an email address or where necessary to perform the Service.
- To measure product usage and improve the Service through analytics and event data (e.g. impressions, views, clicks) collected on public pages.
- To comply with legal obligations and respond to lawful requests.
4. Legal bases (Thailand PDPA-style framing)
Where the Thai Personal Data Protection Act B.E. 2562 (PDPA) applies, we rely on one or more of the following, depending on the activity:
- Performance of a contract or steps prior to entering a contract: providing the features you sign up for (e.g. guest requests, partner dashboard).
- Legitimate interests: securing the Service, preventing fraud and misuse, improving the product, and limited analytics that do not override your rights.
- Consent: where we ask for consent (for example, for certain marketing communications or non-essential cookies, if we offer a choice), you may withdraw consent at any time by contacting us.
- Legal obligation: where we must retain or disclose information to comply with the law.
5. Sharing with third parties
We may share personal data with:
- The resort you contact: when you send a guest request or message through Veribadge, the relevant resort receives the information needed to respond.
- Infrastructure and service providers who host the application, database, email delivery, authentication (e.g. Google Sign-In), and analytics - only as needed to provide the Service and under appropriate safeguards.
- Professional advisers or authorities when required by law or to protect rights, safety, and integrity of users and the Service.
6. International transfers
We may process and store data using cloud providers or services located outside Thailand (for example in the United States, European Union, or Singapore, depending on the vendor). Where required, we implement appropriate safeguards such as contractual clauses or vendor standards consistent with applicable law.
7. Retention
We retain personal data for as long as necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements. Retention periods may differ by data category; for example, audit logs and security records may be kept longer than transient analytics aggregates. When data is no longer needed, we delete or anonymise it where feasible.
8. Your rights
Subject to applicable law, you may have the right to access, correct, delete, restrict, or object to certain processing of your personal data, and to withdraw consent where processing is based on consent. You may also have the right to lodge a complaint with a supervisory authority.
To exercise these rights, contact us at support@veribadge.app. We may need to verify your identity before responding.
9. Cookies and similar technologies
We use cookies and similar technologies for essential operation of the site (e.g. session and security), language preferences, and - on public pages - analytics events such as page views, search impressions, sponsor impressions, and channel clicks. These events help us understand usage and improve the directory. You can control cookies through your browser settings; blocking some cookies may limit certain features.
10. Security
We implement technical and organisational measures appropriate to the risk, including encrypted connections (HTTPS), access controls for staff systems, server-side validation, rate limiting on sensitive actions, and audit logging for critical trust and account operations. No method of transmission over the Internet is 100% secure; we encourage strong passwords and safe account practices.
11. Changes to this policy
We may update this Privacy Policy from time to time. We will post the updated version on this page and revise the “Last updated” date. Where changes are material, we will provide additional notice as appropriate (for example, a notice on the Service or by email).
12. Children
The Service is not directed at children under 16. We do not knowingly collect personal data from children. If you believe we have collected such data, please contact us and we will take steps to delete it.
