AuraSeaOS
Draft: This document is a working draft, currently under review by legal counsel. For questions, contact hello@auraseaos.com.

Privacy Policy

Last updated: 1 May 2026

AuraSea Co., Ltd. ("AuraSea," "we," or "us") respects your privacy. This policy explains how we collect, use, share, and protect personal data when you use AuraSea OS, our website, or contact us. This policy is written to align with Thailand's Personal Data Protection Act B.E. 2562 (2019) ("PDPA") and other applicable data protection laws in Southeast Asia.

1. Information we collect

We collect personal data that you provide directly to us:

  • Account information: name, email, phone or LINE ID, business name, business type
  • Demo request information: information you submit through forms on our website
  • Communications: emails, LINE messages, and support tickets you send to our team

We also collect operational data from your business systems (when you connect them) or that you enter manually:

  • Hospitality data: occupancy, ADR, RevPAR, channel mix, competitor rates
  • F&B data: revenue, covers, food cost, labor cost, menu performance
  • Operational metadata: timestamps, system events, user actions within the app

We collect technical data automatically:

  • IP address, browser type, device information
  • Pages visited, time spent, referral source
  • Cookies and similar technologies (see Section 6)

2. How we use your information

We use personal and operational data to:

We do not sell personal data. We do not use customer business data to train external machine learning models or share it with other AuraSea customers.

  • Deliver the AuraSea OS service: morning briefings, anomaly alerts, recommendations
  • Communicate with you: respond to inquiries, send service updates, handle billing
  • Improve our service: analyze usage patterns, fix bugs, develop new features
  • Comply with legal obligations: tax, accounting, regulatory requirements

3. Sharing with service providers

We use trusted service providers to operate AuraSea OS. These providers process data on our behalf under data processing agreements:

Each provider is bound by confidentiality and security obligations. We do not authorize them to use your data for their own purposes.

  • Vercel (USA, with global edge network) — website and application hosting
  • Supabase (Singapore region) — database, authentication, file storage
  • Resend (USA) — transactional email (demo confirmations, alerts, password resets)
  • Omise (Thailand) — payment processing for paid subscriptions
  • Google Analytics (USA) — website usage analytics

4. International data transfers

Some of our service providers are located outside Thailand. When personal data is transferred internationally, we rely on adequate protections such as standard contractual clauses, the providers' own data protection certifications, or your explicit consent where required.

5. Your rights under PDPA

If you are in Thailand, you have the following rights under the PDPA:

To exercise any of these rights, email hello@auraseaos.com. We will respond within 30 days.

  • Right to access: request a copy of personal data we hold about you
  • Right to rectification: correct inaccurate or incomplete data
  • Right to erasure: request deletion of your data, subject to legal retention requirements
  • Right to restrict processing: limit how we use your data
  • Right to data portability: receive your data in a portable format
  • Right to object: object to certain types of processing
  • Right to withdraw consent: withdraw consent at any time without affecting prior lawful processing
  • Right to lodge a complaint: contact the Personal Data Protection Committee (PDPC) of Thailand

6. Cookies and tracking

We use cookies and similar technologies to operate the website, remember your preferences, and analyze usage. You can control cookies through your browser settings. Disabling cookies may limit some website features.

7. Data retention

We retain personal data for as long as your account is active, plus a reasonable period afterward to meet legal, tax, and accounting requirements (typically 5-10 years for financial records under Thai law). Operational business data is deleted within 90 days of account cancellation, unless you request earlier deletion.

8. Security

We use industry-standard security measures including encryption in transit (TLS 1.2+), encryption at rest, role-based access controls, and regular security reviews. See our Security page for full details. No system is perfectly secure; if a data breach occurs, we will notify affected users and the PDPC as required by law.

9. Children's privacy

AuraSea OS is a B2B product for business owners. We do not knowingly collect personal data from individuals under 20 years of age. If you believe we have collected such data, contact hello@auraseaos.com and we will delete it.

10. Changes to this policy

We may update this policy from time to time. Material changes will be announced via email to registered users at least 30 days before taking effect. The current version is always available at this URL.

11. Contact

For questions about this policy or to exercise your rights:

Email: hello@auraseaos.com

AuraSea Co., Ltd.

Business Registration: 0305568007729

Headquarters: Nakhon Ratchasima, Thailand

hello@auraseaos.com