Back to home
Legal · PDPA compliant

Privacy Policy

Last updated: May 2026 · Effective immediately

Overview

Cofoundee Co., Ltd. (“we”, “our”) operates cofoundee.co (the “Service”). This Privacy Policy describes what personal data we collect, how we use it, and the rights you have under Thailand’s Personal Data Protection Act B.E. 2562 (“PDPA”).

Data we collect

  • Account data— full name, email address, password (hashed), photo, LinkedIn URL.
  • Profile data— role, intent, skills, industries, stage, commitment level, financial runway, founder experience, pitch text, location.
  • Activity data— interests expressed, matches formed, messages sent, profile views, forum posts, reports submitted.
  • Technical data— IP address, browser type, device type, session timestamps. Used for security and abuse prevention.

How we use it

  • To run the matching service (filter, score, surface profiles)
  • To send transactional emails (sign-in, match alerts, messages)
  • To prevent abuse and respond to reports
  • To improve the platform via aggregated, anonymized analytics

We do not sell your data to third parties. We do not use it for advertising.

Who can see your data

  • Other authenticated users can see your profile (name, role, pitch, etc.) when they browse the directory. They cannot see your email unless you have a mutual match.
  • Cofoundee staff can access data for support, abuse review, and infrastructure operations.
  • Service providers we use (Supabase, Vercel, Resend, Google) process data under their own privacy policies. We choose vendors with PDPA-compatible practices.

How long we keep it

Active accounts: indefinitely while your account exists. Deleted accounts: removed within 30 days, except where retention is required for legal or regulatory reasons.

Your rights under PDPA

You have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate or incomplete data
  • Request deletion of your data
  • Object to certain types of processing
  • Withdraw consent (where processing is consent-based)
  • Data portability (export your data in a usable format)
  • File a complaint with Thailand’s Personal Data Protection Committee (PDPC)

To exercise any of these rights, email chayanonr@cofoundee.co. We respond within 30 days.

Cookies

We use essential cookies for authentication, session management, and remembering your language preference. We don’t use third-party tracking or advertising cookies.

Data security

All data is encrypted in transit (TLS 1.3) and at rest. Passwords are hashed with bcrypt. Production access is restricted to a small engineering team with audit logging. In the event of a data breach affecting your data, we will notify you and the PDPC within 72 hours where required.

Contact

Cofoundee Co., Ltd.
Bangkok, Thailand
chayanonr@cofoundee.co

This policy will be reviewed and refined by qualified legal counsel before public launch. Translations are provided for convenience; the Thai-language version will be authoritative once finalized.