Privacy Policy

How ThaiCopilot collects, uses, and protects your personal data. We're committed to transparency and protecting your privacy.

Last updated: January 17, 2026

Introduction#

Welcome to ThaiCopilot. We respect your privacy and are committed to protecting your personal data. This privacy policy explains how we collect, use, store, and protect your information when you use our Thai language learning platform.

ThaiCopilot is operated by Rahul Roy, a solo founder based in India who moved to Thailand 2 years back. We're building this platform to help expats and travelers learn Thai effectively through AI-powered conversations and flashcards.

This policy complies with Thailand's PDPA (Personal Data Protection Act), India's Personal Data Protection Act, and the EU's GDPR where applicable.

What Data We Collect#

We collect minimal data necessary to provide our service:

Account Information:

  • Email address - For account creation, login, and essential communications
  • Name - To personalize your experience
  • Password - Securely hashed, never stored in plain text

Learning Data:

  • Conversations - Messages you send and receive while practicing Thai
  • Flashcards - Cards you create, practice results, and progress data
  • Usage patterns - Features you use, session duration, learning streaks

Technical Data:

  • IP address - For security and fraud prevention (anonymized in analytics)
  • Browser & device information - To optimize our platform
  • Session cookies - To keep you logged in

We do not collect: Payment information (when paid features launch, we'll use trusted payment processors), location data beyond country-level analytics, or any sensitive personal information beyond what's listed above.

How We Use Your Data#

We use your data exclusively for the following purposes:

  1. Service Delivery: To provide Thai language learning features, save your progress, and personalize your experience
  2. Account Management: To create and maintain your account, authenticate logins, and send essential service emails (verification, password resets)
  3. Platform Improvement: To understand how users interact with features, identify bugs, and improve the learning experience
  4. Security: To detect and prevent fraud, abuse, and unauthorized access
  5. Legal Compliance: To comply with legal obligations and enforce our Terms of Service

What we don't do: We do not sell your data to third parties. We do not send marketing emails (only transactional emails). We do not use your conversations for advertising.

Data Storage & Security#

Current Practice:

Your data is currently stored privately on our secure servers. All data is encrypted in transit using HTTPS/SSL and at rest using industry-standard encryption. Passwords are hashed using bcrypt, a secure one-way hashing algorithm.

Security Measures:

  • Encryption: All connections use HTTPS/SSL encryption
  • Password Security: Bcrypt hashing with secure salts
  • Access Control: Strict access controls and authentication
  • CloudFlare Protection: DDoS protection and bot filtering
  • Regular Monitoring: We follow Rails security guidelines and monitor for vulnerabilities

Future Changes:

We may use anonymized or aggregated data (not linked to individuals) to improve the platform. For example, "Users struggle with tone marks" helps us improve lessons. We'll provide 14 days notice before any material changes to how we use your data.

Data Retention:

We retain your data until you delete your account or request deletion. After deletion, we'll remove your personal data within 30 days, except where required by law.

Third-Party Services#

We use the following third-party services to operate ThaiCopilot. These services may process your data:

Analytics & Monitoring:

  • Google Analytics 4: Usage analytics and page views (IP anonymization enabled).Privacy Policy
  • Mixpanel: Product analytics and feature usage tracking.Privacy Policy
  • New Relic: Performance monitoring and error tracking.Privacy Policy
  • Custom Analytics: We may implement our own analytics system to better understand user behavior

International Data Transfers:

These third-party services may transfer and process data in the United States or other countries. We ensure appropriate safeguards are in place through standard contractual clauses and service agreements.

Your Control:

You can decline analytics cookies through your browser settings. Note that this may affect some non-essential features. We may add or change analytics providers with 14 days notice.

AI Processing#

Current Practice:

Your conversation data is currently processed in-house on our servers. We do not send your messages to third-party AI providers.

Future Changes:

We may use third-party AI services (such as OpenAI or Anthropic) in the future to improve conversation quality and language learning features. Before making this change:

  • We'll provide 14 days advance notice
  • We'll update this policy with specific details
  • We'll ensure providers have strong privacy protections
  • You'll have the option to delete your data if you disagree

Your Rights#

Under PDPA, GDPR, and Indian data protection laws, you have the following rights regarding your personal data:

Right to Access:

You can request a copy of all personal data we hold about you. React out via contact us form.

Right to Deletion:

You can delete your account and all associated data at any time through Settings → Profile → Delete Account. We'll permanently remove your data within 30 days.

Right to Portability:

You can export your learning data (conversations, flashcards, progress) in JSON format. This feature is coming soon to the dashboard.

Right to Correction:

You can update your name and email through Settings → Profile. For other corrections, contact us.

Right to Object:

You can object to data processing for specific purposes. Note that this may limit platform functionality.

How to Exercise Your Rights:

Contact us with your request. We'll respond within 30 days.

Cookies & Analytics#

Essential Cookies:

We use session cookies to keep you logged in. These are required for the platform to function and cannot be disabled.

Analytics Cookies (Third-Party):

  • Google Analytics 4: Usage analytics, page views
  • Mixpanel: Product analytics, feature usage tracking
  • New Relic: Performance monitoring

Your Control:

You can decline analytics cookies through your browser settings:

  • Chrome: Settings → Privacy and Security → Cookies
  • Firefox: Settings → Privacy & Security → Cookies and Site Data
  • Safari: Preferences → Privacy → Cookies and website data

Declining analytics cookies won't affect core learning features, but may limit our ability to improve the platform based on usage patterns.

Changes to This Policy#

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements.

How We'll Notify You:

  • We'll email you at least 14 days before material changes take effect
  • We'll update the "Last updated" date at the top of this page
  • For minor clarifications, we'll update the policy without advance notice

Your Options:

If you disagree with changes, you can delete your account before they take effect. Continued use of ThaiCopilot after changes means you accept the updated policy.

Contact Us#

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

ThaiCopilot Privacy Team

Contact Us

We aim to respond to all inquiries within 24-48 hours.

For data protection complaints in your jurisdiction:

  • India: Ministry of Electronics and Information Technology
  • Thailand: Personal Data Protection Commission (PDPC)
  • EU: Your local data protection authority