Privacy Policy

We collect information you provide directly to us:

• Account information: Your name and email address when you create an account or sign in with Google OAuth.
• Purchase information: Email address and order details when you make a purchase. Payment processing is handled by our payment providers — we do not store card numbers or banking credentials.
• Communications: Messages you send us via email or contact forms.
• Newsletter subscription: Your email address if you opt in to our mailing list.

We also collect certain information automatically:

• Log data such as IP address, browser type, referrer URL, and pages visited.
• Usage analytics via Vercel Analytics (aggregated, no personal identifiers stored by us).
• Session cookies required to keep you signed in and process transactions securely.

• To process and fulfill your orders.
• To send transactional emails: order confirmation, download links, and license keys.
• To send our newsletter if you have subscribed (you can unsubscribe at any time via the link in each email).
• To respond to your support requests.
• To improve our website and products based on aggregated usage data.
• To detect and prevent fraud or unauthorized access.

We do not use your information for automated decision-making or profiling that produces legal effects.

We do not sell your personal information. We share it only with trusted service providers who help us operate our business, each bound by their own privacy commitments:

• Lemon Squeezy — payment processing and tax handling for international orders (Merchant of Record).
• SePay — payment processing for Vietnam bank transfers (VietQR).
• Supabase — database, authentication, and file storage infrastructure (hosted in AWS us-east-1).
• Resend — transactional email delivery.
• Vercel — website hosting and edge delivery.
• Cloudflare — bot protection (Turnstile) on forms.

We may also disclose your information if required by law or to protect the rights and safety of Thodigital and its users.

Some of our products are Google Workspace Add-ons. When you install and authorize an add-on:

• The add-on requests access to specific Google services via OAuth scopes. The exact scopes for each add-on are listed on its individual privacy page at thodigital.com/addons/[addon-name]/privacy.
• Access to your Google data is used solely to perform the add-on's advertised functionality. We do not store, sell, share, or transfer your Google Workspace data to any third party.
• We do not use your Google data to serve advertisements or for any purpose unrelated to the feature you requested.
• We do not use your Google data to train machine learning models.
• Data from Google APIs is processed in real-time within your active session and is not retained on our servers beyond what is strictly necessary to complete the requested operation.
• Our use of Google APIs strictly complies with the Google API Services User Data Policy, including the Limited Use requirements.

You can revoke an add-on's access to your Google account at any time via Google Account → Security → Third-party apps with account access.

We retain your data for the following periods:

• Account and order records: Retained for as long as your account is active, or for 7 years after your last purchase (for tax and legal compliance).
• Download tokens: Expire after 5 minutes (or the period configured in our system).
• License keys: Retained for the duration of the license (lifetime for one-time purchases; until cancellation for subscriptions).
• Support emails: Retained for 2 years.
• Newsletter subscribers: Retained until you unsubscribe.
• Google API session data: Not retained on our servers beyond the active request.

We use the following types of cookies:

• Essential cookies: Required to keep you signed in and to process transactions securely. These cannot be disabled without breaking core site functionality.
• Analytics cookies: Vercel Analytics collects anonymized, aggregated data about page visits. No personal identifiers are stored.

You can disable non-essential cookies in your browser settings. This will not affect your ability to browse or purchase.

Depending on your location, you may have the following rights over your personal data:

• Access: Request a copy of the personal data we hold about you.
• Correction: Ask us to correct inaccurate or incomplete data.
• Deletion: Request that we delete your account and personal data (subject to legal retention requirements).
• Data portability: Request your data in a machine-readable format.
• Objection / Restriction: Object to or restrict certain processing activities.
• Withdraw consent: Unsubscribe from marketing emails at any time via the link in any email we send.

EU/EEA residents have additional rights under the General Data Protection Regulation (GDPR). California residents have rights under the California Consumer Privacy Act (CCPA). To exercise any of these rights, contact us at support@thodigital.com.

To request deletion of your account and all associated personal data, email us at support@thodigital.com with the subject line "Data Deletion Request". Include the email address associated with your account. We will process your request within 30 days.

Note: We may retain certain data (e.g., purchase records) for the minimum period required by tax law even after account deletion.

Our services are not directed to children under the age of 13. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, please contact us immediately.

This Privacy Policy is governed by the laws of Vietnam. For users in the European Economic Area, we process personal data in compliance with the General Data Protection Regulation (GDPR).

We may update this Privacy Policy from time to time. We will notify you of significant changes by updating the date at the top of this page. Continued use of our services after any changes constitutes acceptance of the updated policy.

If you have questions about this policy or our data practices, please contact us at support@thodigital.com.