PetScent

Legal

Privacy Policy

Last updated: 28 May 2026

PetScent ("we", "our", "us") takes your privacy seriously. This policy explains what data we collect when you use thepetscent.com, why we collect it, who we share it with, and the rights you have under Thailand's Personal Data Protection Act B.E. 2562 (PDPA) and equivalent laws.

1. Who we are

PetScent is operated from Bangkok, Thailand. For any data-related question you can reach us at admin@thepetscent.com.

2. What data we collect

We only collect what we need to sell you pet care products and run our business properly.

  • Account information — your name, email address, phone number, and a hashed password (we never see your real password).
  • Order information — shipping address, billing address, items ordered, order total.
  • Payment information — handled entirely by Stripe. We see only the last 4 digits of your card and the payment status; we do not store full card numbers, CVCs, or PromptPay PINs on our servers.
  • Communications — anything you send us via contact form, email, or LINE.
  • Technical data — IP address, browser type, device info, pages viewed, time spent. Collected automatically via Vercel and Supabase logs to keep the site working and detect abuse.
  • Cookies — small text files used for your shopping cart, login session, and basic site preferences.

3. Why we use your data (legal basis)

  • Fulfilling your order — necessary to perform our contract with you.
  • Account management — necessary to provide the service you signed up for.
  • Customer support — to answer your questions.
  • Order updates and security notifications — legitimate business interest.
  • Marketing emails or LINE messages — only with your explicit consent. You can unsubscribe at any time.
  • Fraud prevention and security — legitimate interest to protect customers and our business.
  • Legal compliance — tax records, accounting, response to lawful requests.

4. Who we share data with

We share your data only with processors who help us run the service. Each is bound by their own privacy commitments:

  • Stripe, Inc. — payment processing (United States, PCI-DSS Level 1 certified)
  • Supabase, Inc. — database and authentication hosting (United States, with EU data centers available)
  • Vercel Inc. — website hosting and CDN (United States)
  • Resend, Inc. — transactional email delivery (United States)
  • Google Fonts — font delivery (caches a record of your visit)
  • Thai shipping carriers — for delivery of your physical orders
  • Government authorities — only when required by Thai law

We do not sell your data to anyone. Ever.

5. How long we keep your data

  • Account data — until you ask us to delete it, or 3 years of inactivity.
  • Order records — 7 years (Thai tax law requirement).
  • Communications — 2 years from last contact.
  • Marketing consent records — until you withdraw consent, plus 1 year for audit.

6. Your rights under PDPA

You have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate or incomplete data
  • Request deletion of your data (subject to legal retention requirements)
  • Restrict or object to certain processing
  • Receive your data in a portable format
  • Withdraw consent for marketing or other consent-based uses
  • File a complaint with the Personal Data Protection Committee of Thailand

To exercise any of these rights, email admin@thepetscent.com. We'll respond within 30 days.

7. How we protect your data

  • All connections to the site use HTTPS (TLS 1.3)
  • Passwords stored with bcrypt hashing — never in plain text
  • Database access controlled by Row Level Security policies
  • Card data never touches our servers (handled by Stripe)
  • Strict access controls — only the founder and authorized staff can view customer data
  • Regular security headers (CSP, HSTS, X-Frame-Options) on every page

8. Cookies

We use cookies to:

  • Keep you logged in (essential — cannot be disabled)
  • Remember items in your cart (essential)
  • Remember your language preference (functional)

We do not use third-party advertising or tracking cookies. We do not currently use analytics cookies.

9. Children's privacy

Our site is intended for adults purchasing pet care products. We do not knowingly collect data from anyone under 20. If you believe a minor has provided us data, contact us and we will delete it.

10. International data transfers

Some of our service providers are located outside Thailand (primarily the United States). When we transfer your data to them, we rely on the providers' own PDPA, GDPR, or equivalent compliance frameworks to ensure adequate protection.

11. Changes to this policy

We may update this policy from time to time. The "Last updated" date at the top will tell you when. For significant changes, we'll email registered customers in advance.

12. Contact us

For any privacy question, request, or complaint:
Email: admin@thepetscent.com
LINE: @thepetscent