Legal · Privacy

Privacy Policy

Last updated: June 16, 2026 · Governed by the laws of the Kingdom of Thailand

This Privacy Policy is prepared in compliance with Thailand's Personal Data Protection Act B.E. 2562 (PDPA). It describes how Sixsheet Tech Co., Ltd. collects, uses, and protects your personal data when you use MARKO. Please read it carefully.

1. Data Controller

Data ControllerSixsheet Tech Co., Ltd.
Addressเลขที่ 15 ห้องเลขที่ A124 ซอยประดิพัทธ์ 17 ถนนประดิพัทธ์ แขวงพญาไท เขตพญาไท กรุงเทพมหานคร 10400
Contact Email[email protected]
Websitehttps://sxtech.me/

If you have any questions about how we handle your personal data, or wish to exercise your rights under PDPA, please contact us at the email above.

2. Personal Data We Collect

Data you provide directly:

  • Account information: name, email address, profile picture (via Google OAuth).
  • Brand data: brand name, description, tone, visual references, and product information you enter.
  • Content: captions, topics, and campaign plans you save within the platform.
  • Payment records: invoice number, credit package purchased, payment amount (we do not store card or bank details directly).
  • Communications: messages or inquiries you send to our support team.

Data collected automatically:

  • Log data: IP address, browser type, operating system, pages visited, and timestamps.
  • Usage data: feature interactions, credit consumption events, and session duration.
  • Device information: screen resolution, language preferences.
  • Cookies and similar technologies (see our Cookie Policy).

Data from third parties:

  • Google: name, email, and profile photo when you sign in via Google OAuth.
  • Meta (Facebook/Instagram): page and account identifiers when you connect social accounts.

3. Purpose and Legal Basis for Processing

We process your personal data for the following purposes:

Providing the ServicePerformance of contract — to create and manage your account and deliver AI features.
Processing credit purchasesPerformance of contract — to complete transactions and issue invoices.
Sending service communicationsLegitimate interests — notifications about account activity, low credits, and published posts.
Improving the ServiceLegitimate interests — analyzing usage patterns to fix bugs and improve features.
Legal complianceLegal obligation — retaining financial records as required by Thai law.
Marketing communicationsConsent — promotional emails sent only with your explicit opt-in.
AI content generationPerformance of contract — your brand data is processed by AI to generate content for you.

4. Sharing Your Data with Third Parties

We do not sell your personal data. We share data only as follows:

OpenAI (USA)Your brand DNA, product info, and topics are sent to OpenAI's API to generate captions and images. OpenAI does not use API input/output to train its models per their API usage policy.
Google (USA)Authentication only — we receive your basic profile from Google OAuth.
Meta Platforms (USA)When you connect Facebook/Instagram to publish posts, we pass content and tokens to Meta's API.
Payment processorsPayment data is handled by our payment gateway partner. We store only the invoice record.
Cloud infrastructureOur servers are hosted on cloud providers operating under data processing agreements.
Legal authoritiesWe may disclose data when required by Thai law, court order, or government request.

5. International Data Transfers

Some of our third-party service providers (OpenAI, Google, Meta) are based outside Thailand. Where data is transferred internationally, we rely on contractual safeguards, including standard contractual clauses and the data processing policies of those providers, to ensure your data receives an adequate level of protection consistent with PDPA requirements.

6. Data Retention

Account and profile dataRetained for the duration of your account. Deleted within 30 days of account closure.
Brand and content dataRetained while your account is active. Deleted within 30 days of account closure.
Transaction and invoice recordsRetained for 7 years as required by Thai Revenue Code (Revenue Code B.E. 2481).
Log and usage dataRetained for up to 90 days for security and troubleshooting purposes.
Support communicationsRetained for 2 years from the date of the last communication.

7. Your Rights Under PDPA

As a data subject under Thailand's PDPA, you have the following rights:

  • Right to access — request a copy of the personal data we hold about you.
  • Right to rectification — request correction of inaccurate or incomplete data.
  • Right to erasure — request deletion of your personal data (subject to legal retention obligations).
  • Right to data portability — request your data in a structured, machine-readable format.
  • Right to object — object to processing based on legitimate interests.
  • Right to restrict processing — request that we limit how we use your data in certain circumstances.
  • Right to withdraw consent — withdraw consent for marketing communications at any time.
  • Right not to be subject to automated decision-making — request human review of automated decisions that significantly affect you.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. We may need to verify your identity before processing the request.

If you believe we have not handled your data in accordance with PDPA, you have the right to lodge a complaint with the Personal Data Protection Committee (PDPC) of Thailand.

8. Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, disclosure, alteration, or destruction. These include encrypted data transmission (HTTPS), hashed credentials, access controls, and regular security reviews.

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you and the PDPC as required by PDPA within 72 hours of becoming aware of the breach.

9. Children's Privacy

The Service is not directed at persons under 18 years of age. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, please contact us immediately and we will delete it.

10. Cookies

We use cookies and similar tracking technologies. Please refer to our Cookie Policy for full details.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email and/or in-app notice at least 14 days before taking effect. The updated policy will always be available on this page with the revised effective date.

12. Contact and Complaints

For any privacy-related questions, data requests, or complaints, please contact our Data Protection contact point:

CompanySixsheet Tech Co., Ltd.
Email[email protected]
Addressเลขที่ 15 ห้องเลขที่ A124 ซอยประดิพัทธ์ 17 ถนนประดิพัทธ์ แขวงพญาไท เขตพญาไท กรุงเทพมหานคร 10400
© 2025 MARKO by Sixsheet Tech Co., Ltd. · [email protected]