1. What we collect
- Account data: the email you sign up with (stored via Supabase Auth)
- Business data: name, type, description, contact details, logo you enter
- Site content: AI-generated HTML and your subsequent edits
- Payment metadata: amounts, dates, status, GBPrimePay references — we never store card numbers
- Technical data: IP, user-agent, access logs (retained 90 days)
2. How we use it
- Operate the service you subscribed to (host and serve your sites)
- Process payments and manage subscriptions
- Respond to support requests and send service notices
- Detect abuse such as phishing or malware
3. Who we share with
- Anthropic: we send your business description to the Claude API to generate HTML.
- GBPrimePay: amounts and references to collect payment.
- Cloudflare: CDN/DNS only — no identifiable payload retention.
- Supabase / Railway / Vercel: infrastructure providers.
We never sell your data.
4. Your PDPA rights
You may exercise the following rights by emailing privacy@saaniq.com:
- Access and obtain a copy of your data
- Rectify inaccurate data
- Erase your data (when you cancel)
- Object to or restrict processing
- Withdraw consent
5. Retention
- Account and site data: kept while your subscription is active, plus 30 days after expiry, then permanently deleted
- Payment records: kept 5 years to meet Thai tax requirements
- Technical logs: 90 days
6. Security
- Data encrypted at rest by Supabase
- HTTPS/TLS for all connections in transit
- JWT-based authentication via Supabase Auth
- We never see card numbers — they go straight to GBPrimePay
7. Cookies
We use cookies for:
saaniq_sid: anonymous session id used before loginsb-*: Supabase session token after login
8. Changes to this policy
Material changes will be announced via email at least 14 days before they take effect.