Privacy Policy

Bytemotion Co., Ltd. (บริษัท ไบต์โมชั่น จำกัด) — a software studio registered in Bangkok, Thailand.

Company registration number: 0105563079499.

Address: 107 Soi Rama II 69-2, Samae Dam, Bang Khun Thian, Bangkok 10150.

For any privacy-related question, write to hello@bytemotion.co with the subject line “Data request”. A real person reads every email.

Contact form: your name, work email, company, role, the project description you write, your selected indicative budget band (e.g. Discovery only / ฿1–3M / not sure yet), and your timeline preference (e.g. this month / this quarter / just exploring). These are submitted only when you click Send. No silent collection.

Network metadata: your IP address is held in server memory for up to one minute as part of a small rate-limit (3 submissions / minute / IP) so the form isn’t abused. The IP is never written to disk and is wiped on every server cold-start.

Browser preferences: a single cookie named bm_theme (value: "light" or "dark") so the server can render the right theme on first paint with no flicker. The cookie is sent only to bytemotion.co and contains no personal data. A second value, bm_cookie_consent, is kept in your browser localStorage and never sent to the server.

To reply to your enquiry, with the minimum context needed to make that reply useful.

Lawful basis under Thai PDPA: legitimate interest (responding to an unsolicited business enquiry you initiated) and consent (you submit the form voluntarily).

Lawful basis under EU GDPR: Article 6(1)(f) legitimate interest, balanced against your reasonable expectation when sending a contact form to a studio.

Nobody for marketing or sales. The contact form posts to a private inbox we read ourselves. There are no analytics services, no ad networks, no third-party trackers, and no data brokers in the loop.

Two service providers act as data processors on our behalf (PDPA §6 / GDPR Art. 28). Vercel Inc. (US, with edge servers globally) hosts the website and sees standard server logs (timestamp, IP, requested URL) for the duration of each request. Google LLC operates the Gmail inbox where contact-form submissions are delivered. We rely on their published data-processing terms; both are listed here for transparency.

Vercel does not see the contents of your contact form submission — those are sent server-side over SMTP directly to the Gmail inbox.

Emails sent through the contact form land in our inbox and are kept indefinitely unless you ask us to delete them.

If you would prefer a hard retention limit (for example, 24 months), tell us in your message — we will honour the request.

Rate-limit IPs are held in server memory for at most 60 seconds and never written to disk.

You have the right to: access the personal data we hold about you, ask us to correct it, ask us to delete it, ask us to send it to you in a machine-readable format, object to processing, and withdraw any consent you previously gave us.

Withdrawing consent does not affect the lawfulness of processing we did before you withdrew. After withdrawal we will stop using the data for the purposes covered by that consent.

To exercise any right, email hello@bytemotion.co with subject line “Data request”. We may need to ask one or two short questions to confirm you are who you say you are before we act, so we don’t hand your data to someone else by mistake. We will respond within 30 days (the PDPA timeline).

If you believe we’ve mishandled your data, you may complain to the Thai Personal Data Protection Committee (PDPC) at pdpc.or.th.

We use two small storage entries. Neither is used for tracking, advertising, or analytics:

• bm_theme — a first-party cookie that holds "light" or "dark". The server reads it to render the matching theme on first paint, so you don’t see a flash on every visit.

• bm_cookie_consent — a localStorage entry that remembers whether you accepted or declined this banner so we don’t pester you. It never leaves your device.

We do not set any third-party cookies, and we don’t use the cookie or storage entries to track you across the web.

Vercel’s edge network may serve our pages from servers outside Thailand. The pages we serve are static HTML and CSS — they do not contain personal data.

Email replies are sent via Gmail. If you write to us from outside Thailand or we reply to a non-Thai email address, the standard Google cross-border safeguards apply.

Bytemotion provides services to businesses. The site is not directed at users under 13, and we do not knowingly collect personal data from children. If you believe a child has submitted the form, contact us and we will delete the record.

Please don’t put sensitive personal data — race, religion, political views, sexual orientation, health, biometric or genetic data, criminal record — into the contact form. The form is meant for project briefs.

If your project genuinely involves sensitive data (for example, a healthcare app), mention the topic in general terms and we’ll arrange a more appropriate intake channel before you share specifics.

We do not use automated decision-making or profiling on your data. Every email you send us is read by a person who decides whether and how to reply.

We use your contact details only to reply to your enquiry. We will not add you to a newsletter, marketing list, or sales sequence without your separate, explicit opt-in. If we ever introduce a newsletter, subscribing will require ticking a box — never automatic.

If we become aware of a personal-data breach that is likely to affect you, we will notify you and the Thai Personal Data Protection Committee (PDPC) within 72 hours of becoming aware, as required by PDPA §37.

When we update this policy, we will bump the “Last updated” date at the top of this page. Material changes (anything that meaningfully expands what we collect or how we use it) will get a notice posted at the top of this page for at least 30 days.

Privacy questions, deletion requests, complaints: hello@bytemotion.co (subject: “Data request”).

For the Thai-language data subject request form, write to us in Thai — we reply in either language.