• Account data: email, name, phone number, password hash, language preference.
• Phone verification: SMS OTP records and rate-limit counters used to confirm and protect your phone number.
• Listings: the title, description, photos, category, price, location, and contact preferences you publish.
• Reports and support messages: the content of reports you submit and the messages you exchange with support.
• Technical and security logs: IP address, browser, device type, request timestamps, and abuse-prevention signals (rate-limit triggers, anti-bot challenges).
• Cookies: see the Cookie Policy.
• Payments and promotions: wallet transactions and top-up records via the payment provider. We do not store full card data on BoardDee.

• Account management — sign-in, password reset, language preference.
• Phone verification — to reduce spam and scams and to let buyers reach you on a real Thai number.
• Listing publication — storing, indexing, and showing your listings to viewers.
• Translation — generating the other-language version of your listing so it reaches both Thai and English audiences.
• Moderation — enforcing the Terms of Service and Posting Rules.
• Fraud and abuse prevention — rate limiting, anti-bot challenges, suspicious-activity detection.
• Customer support — answering your messages and resolving issues.
• Legal compliance — responding to lawful requests and protecting our rights and users.

BoardDee uses the following providers to operate the service. They process personal data on our behalf, subject to their own security and privacy commitments.

• Supabase — database, authentication, file storage.
• Vercel — web hosting and serverless function execution.
• Resend — transactional email (verification, listing notifications, support replies).
• ThaiBulkSMS — SMS OTP delivery for phone verification in Thailand. Twilio is configured as a fallback SMS provider in case the primary provider is unavailable.
• Cloudflare Turnstile — anti-bot challenges on sensitive forms.
• OpenAI — assisted translation between Thai and English and natural-language search query parsing.
• ElevenLabs — voice transcription for the optional voice-search feature.
• Omise — wallet top-up payment processing.

We do not sell personal data. We share data with the providers listed above strictly to operate the service. We may disclose data when required by Thai law, in response to a lawful request, or to protect rights, safety, and our users — for example to investigate fraud or safety threats.

• Account and listings: retained while your account is active. Listings expire automatically and are removed from the public site at expiration.
• Account deletion: when you delete your account from Dashboard → Profile, we apply a 30-day grace period during which your account is fully recoverable, then permanently delete profile data, listings, avatar, and verification logs.
• Wallet transactions: retained in anonymized form for accounting audit after account deletion — they no longer reference your identity.
• Security logs: retained for a limited period needed for fraud and abuse investigation.
• Database backups: rotate on a normal schedule; data in older backups expires with rotation.

Under the PDPA you have the right to:

• Access — request a copy of the personal data we hold about you.
• Correction — fix inaccurate or incomplete data.
• Deletion — close your account and have your data deleted (subject to the retention rules above).
• Withdraw consent — for processing that is based on consent.
• Object — to certain processing.
• Data portability — receive your data in a machine-readable form.
• Lodge a complaint with the Personal Data Protection Committee (PDPC).

Most actions are self-serve at Dashboard → Profile, including profile updates, data export, and account deletion. For anything else, email support@boarddee.com.

We protect your data with encryption in transit, row-level security in the database, rate limiting on sensitive endpoints, and access logs. No system is perfectly secure; if you suspect a security issue, email support@boarddee.com so we can investigate.

BoardDee is intended for adults. We do not knowingly collect personal data from children. If you believe a child has created an account, contact support@boarddee.com and we will remove it.

We may update this Privacy Policy. Material changes will be announced on the site or by email; the "Last updated" date at the top of the page tells you when the most recent version was published.

For privacy questions, data-export requests, or to exercise any PDPA right, email support@boarddee.com.