Last Updated: May 12, 2026

At OnNet Technologies, we are committed to protecting the privacy and security of your data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website https://onnet.tech and use our AI-powered services.

1. DATA CONTROLLER AND PROCESSOR

• As a Data Controller: We collect and process personal data of our website visitors and business clients for billing, marketing, and relationship management.
• As a Data Processor: When providing AI Voice Agents or Booking systems, we process the data of your customers on your behalf. In this capacity, you (the Client) are the Data Controller and are responsible for obtaining necessary consents.

2. INFORMATION WE COLLECT
We collect information that identifies, relates to, or could reasonably be linked to you ("Personal Data"):

• Identity Data: Name, business name, and job title.
• Contact Data: Email address, phone number, and office address.
• Usage Data: IP addresses, browser types, and how you interact with our website.
• Communication Data: Audio recordings of calls handled by our AI, call transcripts, and metadata (duration, timestamps) required for service optimization.
• Integration Data: Information from third-party CRMs or calendars (e.g., Google Calendar, Salesforce) that you authorize us to access.

3. HOW WE USE YOUR DATA
We process your data based on legal grounds including Contractual Necessity, Legal Obligation, and Legitimate Interest:

• To Provide Services: Operating the AI Receptionist, managing bookings, and integrating with your business systems.
• To Improve AI Performance: Using anonymized transcripts to train and refine our Natural Language Processing (NLP) models.
• Security: To detect and prevent fraudulent activity or unauthorized access.
• Compliance: To meet legal requirements under Thai law (e.g., tax regulations or the Computer Crimes Act).

4. DATA DISCLOSURE AND SHARING

We do not sell your personal data. We may share information with:

• Service Providers: Cloud hosting providers (e.g., AWS, Google Cloud) and specialized AI model providers (e.g., OpenAI, Anthropic) solely for processing.
• Legal Authorities: When required by law or a valid court order from Thai authorities.
• Business Transfers: In the event of a merger, acquisition, or sale of assets.

5. DATA RETENTION

Client Data: We retain your account information for as long as your subscription is active plus a period required for tax audits (typically 5-10 years under Thai law).
Call Recordings/Transcripts: By default, these are stored for a period defined by your service tier (e.g., 30 to 90 days) before being deleted or anonymized, unless otherwise agreed in writing.

6. YOUR RIGHTS UNDER PDPA

As a data subject in Thailand, you have the following rights:

• Right to Access: Request a copy of the personal data we hold about you.
• Right to Rectification: Request correction of inaccurate data.
• Right to Erasure: Request deletion of your data when it is no longer necessary.
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.
• Right to Data Portability: Request your data in a structured, machine-readable format.

7. COOKIES AND TRACKING

We use cookies to enhance your browsing experience and analyze website traffic. You can manage your cookie preferences through your browser settings, though some features of the website may become unavailable.

8. INTERNATIONAL DATA TRANSFERS

As we use global cloud infrastructure, your data may be transferred to and processed in countries outside of Thailand. We ensure that such transfers comply with PDPA by utilizing Standard Contractual Clauses or ensuring the destination has adequate data protection standards.

9. SECURITY MEASURES

We implement multi-tenant isolation, SSL/TLS encryption for data in transit, and AES-256 encryption for data at rest. Access to sensitive data is strictly limited to authorized personnel via Role-Based Access Control (RBAC).

10. CONTACT OUR DATA PROTECTION OFFICER (DPO)

If you have questions about this policy or wish to exercise your rights, please contact our DPO:

OnNet Technologies Co., Ltd.
Attn: Data Protection Officer
Email: info@onnet.tech
Address: Pratumnak Soi 5, 359/153 Moo 12, Nong Prue, Bang Lamung, Chon Buri 20150, Thailand.