Privacy Policy — 1intent Co., Ltd.
Data Controller: 1intent Co., Ltd. · Covers all products and services under the 1intent brand (such as Daily, 1intentAI, and services launched in the future).
1. About This Policy and Us
This policy explains how 1intent Co., Ltd. (“we,” “us,” “our”) collects, uses, discloses, and protects your personal data across all products and services under the 1intent brand, in accordance with Thailand’s Personal Data Protection Act B.E. 2562 (PDPA). Some products (such as Daily) may provide their own in-app privacy notices in addition to this one, consistent with the principles set out here.
- Enterprise customers (B2B) — When an organization uses our products to process data about its own applicants/customers, we act as a data processor on behalf of that organization, which is the data controller.
- Individual users (B2C) — When you use our products directly, we are the data controller of your data.
2. Information We Collect
- Identity data — Full name, national ID / tax ID, date of birth, address, email, phone number.
- Data from third-party sign-in (LINE Login, Google, Microsoft) — When you choose to sign in with LINE, we receive your display name, profile picture, LINE user ID, and email address associated with your LINE account, only when you grant consent on LINE’s consent screen. You may decline this permission and use an alternative sign-up method instead (see Section 4).
- Documents and data extracted from documents — Documents you upload through document-processing products (such as ID cards, payslips, financial documents), and the text/figures our system extracts automatically via OCR. These documents may contain biometric data, such as the facial image on an ID card.
- Financial data — Income, liabilities, and information related to your request/case.
- API account data — For API-tier products (such as 1intentAI), we record usage per API key (pages/tokens/cost) for measurement and quota control.
- Usage and technical data — IP address, usage logs, and cookies necessary for signing in.
3. Purposes and Legal Bases
We process your data for the following purposes, based on the legal bases in Section 24:
- Processing your request/case/API calls — Basis: performance of a contract
- Creating and identifying your user account, including sign-in with LINE — Basis: performance of a contract
- Identity verification, KYC, and fraud prevention — Basis: legal obligation
- Providing, securing, and improving our services — Basis: legitimate interest
- Optional marketing or add-on services — Basis: consent (withdrawable at any time)
4. LINE Login and Use of Your Email
Our products support signing in with your LINE account (LINE Login) for convenience. When you choose this method and grant consent on LINE’s consent screen, we receive the following information from LINE:
- Email address — We use it to (a) create and identify your user account, (b) send important notifications about your account and services (such as identity verification and case-status updates), and (c) serve as a contact channel for account security matters.
- Display name and profile picture — Used to display your user account within our system.
- LINE user ID — Used to link your account to LINE Login on subsequent sign-ins.
We collect and use your email address only for the purposes above. We do not sell your email address, do not use it for advertising, and do not disclose it to third parties for marketing. The legal basis for processing is performance of a contract (providing the account service you requested) under Section 24.
Granting email access via LINE is always optional — you can decline it on LINE’s consent screen and still use our services via an alternative sign-up / sign-in method. You may request deletion of your account and data received via LINE Login under the rights described in Section 8 below.
Signing in with a Google or Microsoft account follows exactly the same principles — we receive your name, email address, and profile picture from that provider only when you consent on the provider’s screen, use them for the same purposes described above, the permission is always optional, and this data is likewise never sold or used for marketing.
5. Who Receives Your Data
- Enterprise customers through whom you submit your request (B2B).
- Service providers we use — Cloud providers and OCR/AI processors.
- Overseas AI providers — Our products use OpenAI (United States) to extract/analyze text from documents or requests, which constitutes a cross-border data transfer under Section 28. Safeguards (a data processing agreement with the provider) are being prepared alongside review by legal counsel.
- Government or regulatory authorities where required by law.
Data received via LINE Login (including your email address) is not sold or disclosed to third parties for marketing purposes.
6. Data Retention and Deletion
We retain your data only as long as necessary for the stated purposes, plus any period required by law. When no longer needed, we delete data via “crypto-shred” (destroying the decryption key), making the data in our primary database immediately unrecoverable.
7. Security
We apply security measures in accordance with Section 37, including:
- Encryption of personal data at rest
- Role-based access control
- Audit logging of access to and modification of personal data
8. Your Rights Under PDPA
- Right to access and obtain a copy of your data (Section 30)
- Right to rectification (Sections 35–36)
- Right to erasure or destruction (Section 33)
- Right to restrict processing (Section 34)
- Right to object to processing (Section 32)
- Right to data portability (Section 31)
- Right to withdraw consent (Section 19)
- Right to lodge a complaint with the Personal Data Protection Committee (PDPC)
If you use our products through an organization (B2B), please contact that organization first. We act on requests received within 30 days.
9. Cookies
We use only cookies necessary for signing in (HttpOnly session cookies) to maintain your login state — no advertising or cross-site tracking cookies.
10. Contact Us and Changes to This Policy
Contact for personal-data matters and exercising your rights: privacy@1intent.co (a dedicated Data Protection Officer (DPO) channel is being established alongside review by legal counsel).
We may update this policy from time to time — changes take effect when posted on this page, with the last-updated date shown above.
See our Terms of Use at /en/terms