Privacy Policy
Last Updated: January 15, 2025
At Energix Flareon, we handle your personal information with care and transparency. This policy explains what data we collect during software testing projects, why we need it, and how we protect it. We operate in Thailand and follow local data protection requirements while maintaining international standards for client confidentiality.
Running a testing service means we sometimes handle sensitive application data and client information. We take that responsibility seriously. This document walks through our practices in straightforward terms.
Information We Collect
Client Information
When you work with us on testing projects, we collect details that help us deliver our services and maintain communication:
- Business contact details including names, email addresses, and phone numbers of project stakeholders
- Company information such as business name, address, and organizational structure relevant to the project
- Billing and payment information necessary for processing invoices and maintaining financial records
- Project requirements, specifications, and technical documentation provided for testing purposes
Technical and Testing Data
During manual testing engagements, we interact with your applications and systems. This generates data we need to keep temporarily:
- Test account credentials and access permissions for applications under evaluation
- Bug reports containing screenshots, error logs, and reproduction steps
- Test case documentation and validation results
- Performance observations and usability feedback gathered during testing sessions
- Application behavior data and system interaction logs relevant to quality assessment
Website Usage Information
Our website collects basic information to function properly and help us understand how people find and use it:
- IP addresses and general location data from visitors
- Browser type, device information, and operating system details
- Pages visited, time spent, and navigation patterns on our site
- Referral sources that brought you to our website
How We Use Your Information
We're pretty straightforward about data usage. Everything we collect serves specific purposes related to providing testing services:
Service Delivery: We use client and technical data to perform manual testing, document findings, communicate results, and provide the validation services you've contracted us for.
Project Management: Contact information helps us coordinate testing schedules, share progress updates, and maintain clear communication throughout engagements.
Quality Improvement: We analyze testing patterns and project outcomes to refine our methodologies and deliver better results over time.
Legal Compliance: Some data retention is required for tax purposes, contract enforcement, and meeting Thailand business regulations.
We don't sell client data. We don't use it for advertising. We don't share testing information outside the project team unless you specifically request it or legal requirements demand it.
Data Storage and Security
Information security isn't just good practice for us—it's essential to our business. Clients trust us with access to applications that aren't publicly available yet. Here's how we protect that trust:
| Security Measure | Implementation |
|---|---|
| Data Encryption | All client data is encrypted during transmission using TLS protocols and at rest using AES-256 encryption standards |
| Access Control | Testing data is restricted to assigned project team members only, with role-based permissions and regular access reviews |
| Secure Storage | Client information and test data are stored on protected servers with regular security updates and monitored access logs |
| Physical Security | Our Chanthaburi office maintains controlled access systems and secure workstation protocols for handling sensitive information |
| Data Backup | Regular encrypted backups ensure data recovery capability while maintaining security standards throughout the backup process |
Testing often involves temporary access to client systems. We use dedicated test accounts, follow principle of least privilege, and document all access for accountability.
Data Retention and Deletion
We keep different types of information for different periods, based on practical needs and legal requirements:
- Active Project Data: Test results, bug reports, and project documentation remain accessible throughout the engagement and for 90 days after project completion for reference purposes
- Test Account Access: Application credentials and access permissions are deleted immediately upon project completion unless ongoing maintenance testing is contracted
- Business Records: Contract documents, invoices, and business correspondence are retained for seven years to comply with Thailand tax and business regulations
- Marketing Communications: If you've subscribed to updates or newsletters, we keep your contact information until you unsubscribe or request removal
When data reaches the end of its retention period, we delete it securely. This means overwriting files rather than simple deletion, ensuring information can't be recovered.
Client-Requested Deletion: You can request deletion of your information at any time. We'll comply within 30 days except for data we're legally required to keep for tax or contract purposes. We'll explain clearly if any retention requirements apply to your request.
Information Sharing and Disclosure
We share client information in very limited circumstances:
With Your Permission
Sometimes testing projects involve coordination with your other vendors or team members. We only share information in these situations when you've explicitly authorized it and only the specific details needed for collaboration.
Service Providers
We work with a small number of trusted service providers who help us run our business:
- Cloud hosting providers for secure data storage
- Accounting services for financial record management
- Communication tools for project coordination
These providers are contractually bound to protect your information and can only use it for the specific services they provide to us.
Legal Requirements
We'll disclose information if required by Thai law, court order, or government regulation. If this happens and we're legally permitted to inform you, we will. We've never had to do this since our founding, but transparency requires mentioning the possibility.
Business Transfers
Should Energix Flareon be acquired or merged with another company, client data would be transferred as part of business assets. You'd be notified of any such change and given options regarding your information.
Your Rights and Choices
You have considerable control over information we hold about you:
- Access: Request copies of personal information we've collected about you or your organization
- Correction: Ask us to update or correct inaccurate information in our records
- Deletion: Request removal of your data, subject to legal retention requirements
- Restriction: Limit how we process your information for specific purposes
- Portability: Receive your data in a structured, commonly used format for transfer to another service
- Objection: Object to processing of your information for particular purposes
To exercise any of these rights, contact us using the information at the bottom of this page. We'll respond within 15 business days and explain any limitations if certain rights don't apply to your specific situation.
Marketing Communications: We occasionally send updates about our services or testing industry insights. You can opt out anytime by clicking unsubscribe in any email or emailing us directly. We'll remove you from marketing lists within five business days.
International Data Considerations
Energix Flareon operates from Thailand and stores data primarily on servers located within the country. If you're working with us from outside Thailand, your information will be transferred to and processed in Thailand according to this privacy policy.
Thailand's Personal Data Protection Act provides protections similar to international standards. We maintain security practices that meet or exceed requirements in most jurisdictions. If you have specific compliance needs for your region, discuss them with us before starting a project so we can accommodate any additional requirements.
Cookies and Tracking Technologies
Our website uses minimal tracking. We employ:
- Essential Cookies: Necessary for website functionality, including form submissions and session management
- Analytics Cookies: Help us understand how visitors use our site so we can improve navigation and content
We don't use advertising cookies or third-party tracking for marketing purposes. You can disable cookies in your browser settings, though this might affect website functionality.
Children's Privacy
Our services target businesses, not individuals under 18. We don't knowingly collect information from children. If we discover we've inadvertently gathered data from someone under 18, we'll delete it promptly.
Changes to This Policy
We update this privacy policy occasionally to reflect changes in our practices or legal requirements. When we make significant changes, we'll notify active clients by email and post the updated policy on our website with a new "Last Updated" date.
We encourage you to review this policy periodically, especially before starting new projects. Continued use of our services after policy updates constitutes acceptance of the changes.
Questions About Privacy?
We're happy to discuss our privacy practices in detail or address specific concerns about how we handle your information. Transparency is important to us, and we'd rather over-communicate than leave you wondering about data practices.
This privacy policy is effective as of January 15, 2025 and applies to all information collected by Energix Flareon from that date forward.