Privacy Policy

Thodigital ("we", "us", or "our") operates the website thodigital.com, a digital product store selling Google Sheets Templates, Digital Planners, and Google Sheets Add-ons. This Privacy Policy explains how we handle your personal data.

If you have any questions about this policy, please contact us at support@thodigital.com.

We collect the following types of information:

• Account information: Email address and display name when you create an account or place an order.
• Order information: Products purchased, order amounts, payment method (card or bank transfer), and order status.
• Technical data: IP address, browser type, device type, and pages visited — collected automatically by our hosting provider (Vercel).
• Payment data: We do not store payment card details. Card payments are processed by Lemon Squeezy. Bank transfer payments are processed by SePay. Each processor has its own privacy policy governing payment data.

We use your information only for the following purposes:

• Order fulfillment: Processing your payment and delivering your digital download link and receipt via email.
• Account management: Maintaining your purchase history and license keys in your account dashboard.
• Customer support: Responding to inquiries, refund requests, and technical issues.
• Legal compliance: Retaining transaction records as required by applicable law.

We do not use your data for advertising, sell it to third parties, or share it except as described in Section 4.

We share data with third-party service providers only to the extent necessary to operate our store:

• Supabase — Database and authentication. Stores user accounts, orders, and license keys. Data is encrypted at rest.
• Vercel — Website hosting and serverless infrastructure.
• Lemon Squeezy — Payment processor and Merchant of Record for international customers. They handle all VAT/tax compliance. Review their privacy policy at lemonsqueezy.com.
• SePay — Bank transfer payment processing for Vietnamese customers. They process VietQR transactions.
• Resend — Transactional email delivery. Used only to send order confirmations and download links.

We use minimal browser storage to provide core functionality:

• Session cookies: Set by Supabase to maintain your login session. These are essential for account access and expire when your session ends.
• Cart storage: Your shopping cart is saved in your browser's local storage so items persist across page navigations. No personal data is included.

We do not use tracking cookies, advertising cookies, or analytics cookies that identify you personally.

We retain your data for as long as necessary to provide our services and comply with legal obligations:

• Account data: Retained while your account is active. You may delete your account at any time by contacting us.
• Order records: Retained for a minimum of 5 years for accounting and legal compliance.
• Download tokens: Short-lived signed URLs expire within 5 minutes of generation.

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate data.
• Deletion: Request deletion of your account and associated personal data (subject to legal retention requirements).
• Portability: Request your data in a structured, machine-readable format.
• Objection: Object to processing of your data where we rely on legitimate interests.

To exercise any of these rights, contact us at support@thodigital.com. We will respond within 30 days.

We implement appropriate technical and organizational measures to protect your personal data:

• All data is transmitted over HTTPS/TLS encryption.
• Database access is protected by Row Level Security (RLS) policies — you can only access your own data.
• Digital files are stored in a private bucket and served only via short-lived signed URLs — they are never publicly accessible.
• Service role database credentials are never exposed to the browser.

Our services are not directed to children under the age of 13. We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a child, please contact us and we will promptly delete it.

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically. Continued use of our services after changes are posted constitutes acceptance of the updated policy.

For any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

Email: support@thodigital.com

We aim to respond to all privacy-related inquiries within 30 days.