Introduction and Scope

CloudXPortal operates as an educational platform focused on financial modeling for analysts. We're based in Thailand and serve students across various regions who want to build practical skills in financial analysis.

This policy explains how we handle your information when you use our platform. We keep things straightforward because we think you deserve to know exactly what happens with your data. Our approach follows Thailand's Personal Data Protection Act (PDPA) and international standards that apply to our operations.

When we say "personal data," we mean information that identifies you as an individual. This could be your name, email, payment details, or how you interact with our learning materials. We don't collect more than we need, and we definitely don't sell your information to third parties.

What Information We Collect

We collect different types of information depending on how you interact with our platform. Let me break this down into categories that actually make sense.

Account and Registration Data

When you sign up for our courses, we ask for basic information: your full name, email address, phone number, and sometimes your company name if you're enrolling through an organization. We also collect billing information when you purchase courses, though payment processing happens through secure third-party services that we'll discuss later.

• Full name and preferred display name for course certificates
• Email address for account access and course communications
• Phone number for account recovery and important notifications
• Professional details like job title or company (optional but helpful for tailored content)
• Billing address required for invoicing and tax compliance

Learning Activity Information

As you work through courses, we track your progress. This includes which modules you've completed, assessment scores, time spent on materials, and resources you've downloaded. We use this to improve our courses and sometimes to provide completion certificates.

Technical Data

Like most online platforms, we automatically collect technical information. Your IP address, browser type, device information, and how you navigate through our site. This helps us fix bugs, optimize performance, and keep our platform secure.

How We Use Your Information

We're not in the business of hoarding data for no reason. Everything we collect serves a specific purpose related to delivering quality education.

Your Rights Under Thai Law

Thailand's Personal Data Protection Act gives you specific rights over your information. We take these seriously and have processes in place to help you exercise them.

Data Sharing and Third Parties

We don't sell your information. Period. But we do work with service providers who help us run the platform, and they might process your data on our behalf.

Payment Processors

When you purchase a course, your payment information goes directly to our payment processor. We never store complete credit card numbers on our servers. These processors comply with international payment security standards.

Email and Communication Tools

We use email service providers to send course updates, notifications, and newsletters. These providers can see your email address and name, but they're contractually prohibited from using your information for their own purposes.

Hosting and Infrastructure

Our platform runs on cloud infrastructure providers who technically have access to data stored on their servers. However, they operate under strict data processing agreements and can't use your information independently.

Analytics Services

We use analytics tools to understand how people use our platform. These services collect technical data like page views and interaction patterns. We configure these tools to anonymize IP addresses where possible.

Security Measures

Protecting your information isn't just about following regulations. It's about maintaining the trust you place in us when you share personal details.

We encrypt data in transit using industry-standard TLS protocols. This means information traveling between your browser and our servers is protected from eavesdropping. Data stored on our servers uses encryption at rest for sensitive information like passwords, which are hashed using modern algorithms.

Access to personal data within our organization is restricted to employees who need it to perform their jobs. We use role-based access controls and monitor for unusual access patterns. Our team receives regular training on data protection practices.

We maintain regular backups of platform data to prevent loss from technical failures or security incidents. These backups are encrypted and stored in geographically separate locations from our primary systems.

Data Retention

We don't keep your information forever. How long we retain data depends on why we collected it and legal requirements.

• Active account data remains accessible while your account exists and for a reasonable period after to handle any follow-up questions or issues
• Course completion records and certificates are retained for seven years to verify credentials if needed
• Financial records including invoices and payment history are kept for ten years to comply with Thai tax regulations
• Technical logs and analytics data are typically retained for 18 months unless needed for security investigations
• Marketing consent records are maintained until you withdraw consent, plus a reasonable period to ensure we don't accidentally contact you again

When retention periods expire, we either delete data or anonymize it so it can no longer identify you. Deletion happens through secure processes that prevent recovery.

International Data Transfers

CloudXPortal operates primarily in Thailand, but some of our service providers are based internationally. This means your information might be processed or stored outside Thailand.

When we transfer data internationally, we ensure adequate protection through contractual safeguards. These contracts require providers to maintain security standards comparable to those required under Thai law. We also conduct due diligence on international providers to verify their privacy practices before engaging them.

If you're accessing our platform from outside Thailand, your information will be transferred to our servers in Thailand and processed according to Thai privacy laws and this policy.

Children and Age Restrictions

Our courses focus on professional financial modeling skills. The platform isn't designed for children under 18, and we don't knowingly collect information from minors.

If you're under 18 and want to access our educational content, you'll need a parent or guardian to create an account on your behalf and provide consent. If we discover we've inadvertently collected information from someone under 18 without proper consent, we'll delete it promptly.

Updates to This Policy

We review and update this privacy policy periodically as our practices evolve or regulations change. When we make significant changes, we'll notify active users by email and post a notice on our platform.

The date at the top of this policy shows when it was last updated. By continuing to use CloudXPortal after changes take effect, you accept the updated policy. If you disagree with changes, you can close your account, though we'll still need to retain certain information as described in the retention section.