Privacy Policy

Effective 2026-05-03. ThaiBae Operations, Phuket, Thailand.

This Privacy Policy explains what personal data ThaiBae Operations ("we") collects when you use ThaiBae (the "Service"), how we use it, who we share it with, and the rights you have over it.

1. Who we are

ThaiBae Operations, Phuket, Thailand, is the controller of personal data processed through the Service. Contact for privacy matters: [email protected].

2. What we collect

  • Account data: email, password (hashed), date of birth, gender, country.
  • Profile data: display name, photos, bio, preferences, optional details such as height, languages, occupation.
  • Location: approximate location derived from IP, plus precise location if you grant permission for nearby search.
  • Messages: content of messages you send through the Service, retained while your account is active.
  • Phone verification: when you choose to verify with Telegram Passport, we receive a Telegram-verified phone number and store only its country and a one-way hash of it (never the number itself), together with your Telegram account identifier, to confirm you are a real person and to detect fraud.
  • Payment metadata: processor token, last four digits, billing country. We do not store full card numbers.
  • Device and usage data: IP address, user agent, language, pages viewed, actions taken, error logs.
  • Cookies: see our Cookie Policy.

We may also process information about people who have not joined the Service but whose details appear on a public dating profile we have indexed. These unclaimed profiles exist so that, if the person joins, they can claim them in one click. See Section 7 for how to remove yourself from this category.

3. How we use it

  • operate and improve the Service, including matching, search, and recommendations;
  • verify that users are real and over 18;
  • detect and prevent fraud, harassment, spam, and abuse;
  • process payments and prevent payment fraud;
  • communicate with you about your account, security, and updates;
  • comply with legal obligations and respond to lawful requests.

4. Legal bases (where applicable)

Where data protection law requires a legal basis, we rely on: performance of our contract with you (operating the Service), our legitimate interests (safety, fraud prevention, product improvement), your consent (precise location, marketing emails), and compliance with legal obligations.

5. Sharing

We do not sell personal data. We share limited data with categories of service providers acting on our instructions:

  • infrastructure (hosting, CDN, database, backup);
  • payment processing;
  • analytics and product telemetry, including Google Analytics;
  • email and notification delivery;
  • fraud and abuse detection.

We may also disclose data to comply with a binding legal request, to enforce our Terms, or to protect the rights, safety, or property of users or the public.

6. International transfers and storage

The Service is operated from servers located in regions chosen for performance and reliability. When we transfer personal data across borders we rely on appropriate safeguards such as standard contractual clauses or equivalent mechanisms recognised in the source jurisdiction.

7. Removing your information

Active accounts: you can edit your profile, withdraw consents, or delete your account from Settings at any time. Deletion is final and removes your profile from public view immediately; backups are purged within 30 days.

Unclaimed profiles: Should a profile bearing your name, photo, or other identifying details appear on the Service that you did not create, email [email protected] with enough detail to identify the profile (a name, the city shown, and one verifying photo or screenshot). We will remove matching profiles within 24 hours of confirming your request, and we will not require you to create an account to do so.

You also have the right to request a copy of the personal data we hold about you, ask us to correct it, restrict or object to processing, and where applicable receive it in a portable format. Use the same address.

8. Retention

We keep account data while your account is active and for a short period afterwards to handle disputes and meet legal obligations. Server logs are retained for up to 90 days. Payment records are retained for the period required by tax and accounting law in our operating jurisdiction.

9. Children

The Service is for adults aged 18 and over. We do not knowingly collect data from anyone under 18. To report a suspected minor account, email [email protected] and we will act on it within 24 hours.

10. Security

We use industry-standard practices to protect personal data, including encryption in transit, hashed passwords, restricted internal access, and routine security review. No system is perfectly secure; report suspected vulnerabilities to [email protected].

11. Changes

We will notify you of material changes to this Policy by email or in-app notice at least 14 days before they take effect. The effective date is shown at the top of this page.

12. Contact

Privacy and data requests: [email protected]. General support: [email protected]. Postal address: ThaiBae Operations, Phuket, Thailand.