/Privacy Policy
Draft — pending legal review. Not yet legally binding; final wording is under review by Thai counsel before launch.
Legal

Privacy Policy

อัปเดตล่าสุด 6 July 2026

Data we collect

We collect information you provide when making a booking (name, email, phone), contact details for your LOCKR account, and payment intent data processed securely via Stripe — LOCKR never stores your card number or CVV. With your consent, we also collect device and analytics data to improve the service.

Why we collect it

Your data is used to create and manage your bookings, communicate booking confirmations and QR codes, process payments and refunds, provide customer support, and — with your consent — send marketing communications and measure how travellers discover LOCKR.

How we share your data

We share the minimum necessary data with your storage Partner so they can verify and accept your booking. Payment data flows through Stripe under their privacy policy. With your consent, anonymised analytics data is shared with Google Analytics / GA4 under our Cookie Policy. Our service providers (processors) also include Google Cloud Platform and Firebase (hosting and infrastructure), Cloudflare (network security and content delivery), Resend (transactional email such as booking confirmations), Google Tag Manager (tag delivery, consent-gated), and CookieHub (consent management). Each processes data only on our instructions. We do not sell your data.

Retention

Booking records are retained for 7 years to meet Thai tax and accounting obligations. Account data is held while your account is active and for 1 year after deletion. Analytics data is retained for 14 months under our GA4 configuration.

Your PDPA rights

Under the PDPA you have the right to access, correct, or delete your personal data; to restrict or object to processing; to data portability; and to withdraw consent at any time (without affecting prior processing). To exercise your rights, email [email protected]. We will respond within 30 days.

Cookies

We use cookies for essential platform function and, with your consent, for analytics and marketing. You can manage your preferences via our cookie banner or at any time through our Cookie Policy.

Minors

LOCKR is a travel service intended for adults. We do not knowingly collect personal data from children. If you are under 20 (the age of majority in Thailand), please book with the involvement of a parent or guardian; where the PDPA requires it, we rely on parental or guardian consent. If you believe a minor has provided us personal data without such consent, contact [email protected] and we will delete it.

Data location & transfers

LOCKR stores and processes data on Google Cloud Platform in the asia-southeast1 (Singapore) region. Because this involves transferring personal data outside Thailand, we do so under PDPA section 28: our providers are bound by data-processing agreements and maintain internationally recognised security certifications, and we transfer only what the service requires. Stripe processes payment data in accordance with their global infrastructure and PCI DSS compliance programme.