Privacy Policy
Last updated: February 1, 2026
Table of Contents
1Scope of This Policy
This Privacy Policy describes how Splendormon ("Company", "we", "us") collects, uses, and discloses your personal data when you access or use the Splendormon Cloud Security Audit Platform for Amazon Web Services (AWS).
This policy is prepared in accordance with Thailand's Personal Data Protection Act B.E. 2562 (2019)(PDPA), which came into full effect on June 1, 2022.
2Definitions
- "Personal Data" means any information that can identify an individual, whether directly or indirectly.
- "Sensitive Data" means data relating to race, religion, health, biometrics, etc.
- "Data Controller" means Splendormon as the entity determining the purposes and means of processing.
- "Data Subject" means the individual whose personal data is being processed.
- "Platform" means the Splendormon Cloud Security Audit Platform for AWS.
3Personal Data We Collect
We collect the following categories of personal data:
Account Information
- Full name
- Email address
- Password (encrypted)
- Multi-Factor Authentication (MFA) data
AWS Integration Data
- AWS Account ID
- Cross-Account IAM Role ARN (Zero-Trust Assume Role — no static credentials stored)
- AWS resource security configurations
- Security audit results
Technical Data
- IP Address
- Browser type and device information
- Login records
- Platform usage data
4Purposes of Data Collection
We collect your personal data for the following purposes:
- Service Delivery: To manage your account and provide AWS security audit services
- Authentication: To verify your identity and prevent unauthorized access
- Service Improvement: To analyze and improve platform quality
- Communication: To send important service-related information
- Legal Compliance: To comply with legal requirements
5Legal Basis for Processing
Under the PDPA, we process your personal data based on the following legal grounds:
- Consent: You have given explicit consent for data processing
- Contract: Processing is necessary to fulfill our service agreement
- Legitimate Interest: For service improvement and fraud prevention
- Legal Obligation: When required by law
7Your Data Subject Rights (PDPA)
Under the PDPA, you have the following rights:
Right to Access
Request access to and obtain copies of your personal data
Right to Data Portability
Receive your data in a readable or usable format
Right to Object
Object to the collection, use, or disclosure of your data
Right to Erasure
Request deletion, destruction, or anonymization of your data
Right to Restrict Processing
Request temporary suspension of data processing
Right to Rectification
Request correction of inaccurate or incomplete data
Right to Withdraw Consent
Withdraw your consent at any time (without affecting prior processing)
Right to Lodge a Complaint
File a complaint with the Personal Data Protection Committee
To exercise any of these rights, please contact us at privacy@splendormon.com
8Security Measures
We implement appropriate security measures as required by the PDPA:
- Data encryption in transit (TLS/SSL) and at rest (AES-256)
- Multi-Factor Authentication (MFA)
- Role-Based Access Control (RBAC)
- Audit logging and activity monitoring
- Regular security reviews and updates
9Data Retention
We retain personal data for as long as necessary:
- Account Data: Duration of active account plus 2 years after closure
- AWS Audit Data: According to your service plan (7-90 days)
- Login Records: 1 year
- Legal Compliance Data: As required by law
11Data Breach Notification
Under the PDPA, in the event of a personal data breach, we will notify the Personal Data Protection Committee (PDPC) within 72 hours of becoming aware of the breach.
If the breach poses a high risk to your rights and freedoms, we will notify you without undue delay.
12Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you via email or a notice on the platform before changes take effect.