At GuestMetrix ("we," "us," or "our"), we are committed to protecting your privacy and handling your personal data with transparency and care. This Privacy Policy explains how we collect, use, disclose, store, and safeguard your information when you use our guest feedback platform, services, and website (collectively, the "Services").

By accessing or using our Services, you agree to this Privacy Policy. If you do not agree with our policies and practices, please do not use our Services.

1. Information We Collect

1.1 Account Information

When you register for an account, we collect:

Full name and job title
Email address and phone number
Company or business name
Business address and location
Industry or vertical (e.g., hotel, restaurant, spa)
Account credentials (encrypted password)
Billing and payment information (credit card details are processed securely by our payment processor)
Tax identification or business registration numbers (if required)

1.2 Survey Response Data

As a feedback platform, we collect and process survey responses submitted by your guests on your behalf. This data is collected at your direction and may include:

Guest feedback, ratings, and satisfaction scores
Open-ended text responses and comments
Guest contact information (name, email, phone) if collected by your surveys
Response timestamps and submission metadata
Device and browser information of survey respondents
IP addresses of survey respondents (for fraud detection and analytics)

Important: You are the data controller for guest survey responses. We act as a data processor, processing this data on your behalf according to your instructions. You are responsible for ensuring you have appropriate consent and legal basis to collect guest feedback through our platform.

1.3 Communications

When you contact us or interact with our Services, we collect:

Support requests and customer service correspondence
Email communications and attachments
Chat transcripts and messages
Phone call recordings (with notice and consent)
Feedback, testimonials, and reviews you provide
Marketing preferences and newsletter subscriptions

1.4 Automatically Collected Information

When you access or use our Services, we automatically collect certain technical and usage information:

Device Information: IP address, device type, unique device identifiers, browser type and version, operating system
Usage Data: Pages and features accessed, time spent on pages, click patterns, navigation paths, feature usage frequency
Log Data: Access times, error logs, system activity logs, API calls and responses
Location Information: General geographic location (country, region, city) derived from IP address
Performance Data: Page load times, system performance metrics, error rates
Referral Information: Referring websites, search terms, marketing campaign sources

1.5 Cookies and Tracking Technologies

We use cookies, web beacons, and similar tracking technologies to collect information and improve our Services:

Website Analytics Cookies:

We use Cloudflare Web Analytics to understand how visitors use our website and improve the user experience. Cloudflare collects the following information:

Page views and visit duration
Referrer information (how you found our site)
Device type and browser information
General geographic location (country and city level only)
Pages visited and navigation patterns

Important: Cloudflare Web Analytics is privacy-first and does not:

Use cookies or persistent identifiers
Track you across websites
Collect personally identifiable information
Sell or share your data with third parties

Analytics data is aggregated and anonymized. Individual visitor sessions cannot be identified. Data is retained for 6 months and then automatically deleted.

Learn more about Cloudflare's privacy practices: Cloudflare Privacy Policy

Functional Cookies:

Session cookies to keep you logged in
Authentication tokens for secure access
Preference cookies to remember your settings (language, currency, etc.)
A/B testing cookies to provide consistent user experience

Marketing Cookies (with your consent):

Advertising and remarketing cookies
Conversion tracking pixels
Social media integration cookies

You can control cookies through your browser settings and opt out of marketing cookies through our cookie preference center. However, disabling essential cookies may affect the functionality of our Services.

2. How We Use Your Information

We use the information we collect for the following purposes:

2.1 Service Provision and Performance

Create, maintain, and manage your account
Provide access to our feedback platform and features
Process and store survey responses on your behalf
Generate analytics, reports, and insights from feedback data
Enable survey distribution via QR codes, email, SMS, and web links
Facilitate integrations with third-party systems (CRM, property management systems)
Provide customer support and respond to your inquiries

2.2 Billing and Transactions

Process payments and manage subscriptions
Send invoices, receipts, and billing notifications
Detect and prevent fraudulent transactions
Manage upgrades, downgrades, and plan changes

2.3 Communications

Send transactional emails (account confirmations, password resets, service notifications)
Provide technical notices, updates, and security alerts
Send marketing communications about new features, promotions, and events (with your consent)
Request feedback about our Services
Send newsletters and educational content (if you opted in)

2.4 Analytics and Improvement

Analyze usage patterns and trends to improve user experience
Conduct research and development for new features
Perform statistical analysis and aggregated reporting
Test new features and optimize performance
Benchmark industry trends and best practices

2.5 Security and Fraud Prevention

Detect, prevent, and address security incidents and fraud
Monitor and analyze security threats
Verify identity and prevent unauthorized access
Enforce our Terms of Service and policies
Protect our rights, property, and safety

2.6 Legal Compliance

Comply with legal obligations and regulatory requirements
Respond to legal requests and court orders
Establish, exercise, or defend legal claims
Maintain records for tax and accounting purposes

2.7 Legal Basis for Processing (GDPR & PDPA)

We process your personal data based on the following legal grounds:

Contractual Necessity: Processing necessary to perform our contract with you (providing the Services)
Consent: You have given explicit consent for specific processing activities (e.g., marketing communications)
Legitimate Interests: Processing necessary for our legitimate business interests (e.g., improving Services, fraud prevention)
Legal Obligation: Processing required to comply with legal or regulatory obligations

3. How We Share Your Information

We do not sell, rent, or trade your personal information to third parties.

We may share your information only in the following limited circumstances:

3.1 Service Providers and Business Partners

We engage trusted third-party service providers to perform functions and provide services on our behalf. These providers have access to your information only to perform specific tasks and are obligated to protect your data. Our service providers include:

Cloud Infrastructure and Hosting: Railway, Netlify, or similar cloud platforms for secure application hosting, data storage, and serverless functions
CDN and Security: Cloudflare and/or Netlify for content delivery, DDoS protection, and web application security
Payment Processing: Stripe or similar PCI-DSS compliant payment processors for secure payment transactions
Email Services: Maileroo or similar transactional email providers for survey invitations, notifications, and account communications
Messaging Services: Twilio, LINE, WhatsApp Business API, or similar providers for SMS, WhatsApp, and LINE message delivery
AI and Language Processing: OpenAI or similar AI providers for sentiment analysis, language translation, and survey response insights
Analytics: Cloudflare Analytics (privacy-first, no cookies) for understanding website usage patterns
Customer Support: Help desk and live chat tools to provide customer service
Authentication Services: OAuth providers (Google, Microsoft) if you use social login
Data Backup: Encrypted backup services for disaster recovery

Note: Specific service providers may change as we improve our platform. We maintain equivalent or higher standards of data protection when changing providers. This list represents categories of services we use or may use.

All service providers are contractually required to:

Maintain appropriate security measures and data protection standards
Process data only according to our instructions
Not use your information for their own purposes
Comply with applicable data protection laws (GDPR, PDPA, etc.)
Notify us of any data breaches or security incidents

3.2 Your Customers and End Users

Survey responses collected through your account are shared with you as the data controller. You have full access to feedback data submitted by your guests and are responsible for how you use that data.

3.3 Legal Obligations and Rights Protection

We may disclose your information when required or permitted by law, including to:

Comply with legal obligations, court orders, subpoenas, or other legal processes
Respond to valid requests from law enforcement, government agencies, or regulatory authorities
Enforce our Terms of Service, policies, and user agreements
Investigate and prevent fraud, security threats, or illegal activities
Protect the rights, property, safety, or security of GuestMetrix, our users, or the public
Establish, exercise, or defend legal claims

3.4 Business Transfers

If GuestMetrix is involved in a merger, acquisition, reorganization, sale of assets, bankruptcy, or other business transaction, your information may be transferred or disclosed as part of that transaction. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

3.5 Aggregated and De-identified Data

We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you. This may include industry benchmarks, usage statistics, trend analyses, and research insights.

3.6 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so, such as when you authorize integrations with third-party platforms or services.

4. Data Storage and Security

4.1 Where We Store Your Data

Your data is stored on secure cloud infrastructure provided by industry-leading providers:

Primary Data Centers: Located in secure, SOC 2 Type II certified facilities
Geographic Locations: Data may be stored in data centers in the United States, European Union, Singapore, or other regions
Redundancy: Data is replicated across multiple availability zones for reliability and disaster recovery
Backup Storage: Encrypted backups are stored in geographically separate locations

4.2 Security Measures

We implement comprehensive technical and organizational security measures to protect your information from unauthorized access, use, disclosure, alteration, or destruction:

Technical Security:

Encryption: All data is encrypted in transit using TLS 1.2+ and at rest using AES-256 or equivalent encryption
Network Security: Firewalls, intrusion detection/prevention systems, DDoS protection
Access Controls: Role-based access control (RBAC), multi-factor authentication (MFA) for employees
Authentication: Secure password hashing (bcrypt), session management, automatic logout
Application Security: Regular security patching, vulnerability scanning, penetration testing
Database Security: Encrypted database connections, parameterized queries to prevent SQL injection
Logging and Monitoring: Comprehensive audit logs, real-time security monitoring, anomaly detection

Organizational Security:

Employee Training: Regular security awareness training and data protection education
Access Management: Principle of least privilege, regular access reviews, prompt deprovisioning
Background Checks: Screening of employees with access to sensitive data
Confidentiality Agreements: All employees sign NDAs and data protection agreements
Vendor Management: Security assessments of third-party providers
Incident Response: Documented incident response plan, security incident team, breach notification procedures
Business Continuity: Disaster recovery plan, regular backup testing, failover capabilities

Compliance and Certifications:

SOC 2 Type II compliance (planned or in progress)
GDPR-compliant data processing practices
PDPA-compliant for Thailand operations
PCI-DSS compliance for payment processing (through certified payment processors)
Regular third-party security audits and assessments

4.3 Data Breach Notification

In the event of a data breach that affects your personal information, we will:

Notify affected users without undue delay and within legally required timeframes (72 hours under GDPR)
Notify relevant supervisory authorities as required by law
Provide information about the nature of the breach, affected data, and remediation steps
Take immediate action to contain and remediate the breach
Offer assistance such as credit monitoring or identity protection services if appropriate

4.4 Security Limitations

Important: While we implement industry-standard security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your information. You are responsible for maintaining the confidentiality of your account credentials and should notify us immediately of any unauthorized access to your account.

5. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected and to comply with legal, regulatory, and business requirements.

5.1 Retention Periods

Account Data: Retained for the duration of your active account plus 90 days after account closure
Survey Response Data: Retained for the duration of your subscription plus 90 days, unless you request earlier deletion
Billing and Transaction Records: Retained for 7 years to comply with tax and accounting regulations
Communications: Support requests and correspondence retained for 3 years
Marketing Data: Retained until you unsubscribe or withdraw consent, then deleted within 30 days
Log and Security Data: Retained for 12 months for security monitoring and incident response
Analytics Data: Cloudflare Analytics data retained for 6 months (aggregated and anonymized)

5.2 Account Closure and Data Deletion

When you close your account or request data deletion:

We will delete or anonymize your personal information within 90 days
Survey response data will be permanently deleted unless you export it before closure
Some information may be retained in encrypted backups for up to 90 additional days before permanent deletion
Data required for legal compliance (e.g., transaction records) will be retained for applicable legal periods
Aggregated, anonymized data that cannot identify you may be retained indefinitely

5.3 Legal and Regulatory Retention

We may retain certain information beyond standard retention periods when:

Required by applicable laws, regulations, or legal obligations
Necessary to resolve disputes, enforce agreements, or establish legal claims
Needed for fraud prevention, security investigations, or regulatory compliance
Subject to legal hold or pending litigation

6. Your Rights and Choices

You have important rights and choices regarding your personal information. Depending on your location and applicable laws (GDPR, PDPA, CCPA, etc.), you may have the following rights:

6.1 Access and Portability Rights

Right to Access: Request a copy of the personal information we hold about you
Right to Data Portability: Receive your data in a structured, commonly used, machine-readable format (e.g., CSV, JSON)
Export Data: Download your survey responses, account data, and analytics through our platform

6.2 Correction and Deletion Rights

Right to Rectification: Correct inaccurate or incomplete personal information
Right to Erasure ("Right to be Forgotten"): Request deletion of your personal information
Account Deletion: Permanently delete your account and associated data

6.3 Objection and Restriction Rights

Right to Object: Object to processing based on legitimate interests or for direct marketing
Right to Restrict Processing: Request limitation of how we process your data
Withdraw Consent: Withdraw previously given consent at any time (does not affect lawfulness of prior processing)

6.4 Marketing and Communications Preferences

Opt-out of Marketing Emails: Click "unsubscribe" in any marketing email or manage preferences in your account
Opt-out of SMS Marketing: Reply "STOP" to any marketing SMS message
Cookie Preferences: Manage cookie settings through your browser or our cookie preference center
Push Notifications: Disable through your device or browser settings

Note: Even if you opt out of marketing communications, we will still send you essential transactional emails related to your account, orders, and service updates.

6.5 Lodging Complaints

You have the right to lodge a complaint with a supervisory authority if you believe we have violated your privacy rights:

EU/EEA Users: Contact your local data protection authority or the lead supervisory authority in Ireland
Thailand Users: Contact the Personal Data Protection Committee (PDPC) of Thailand
Other Jurisdictions: Contact your local privacy or data protection regulator

6.6 How to Exercise Your Rights

To exercise any of these rights, you may:

Access your account settings and privacy controls within our platform
Email us at privacy@guestmetrix.com
Submit a request through our support channel at support@guestmetrix.com

Response Time: We will respond to your request within:

30 days for most requests
1 month (extendable to 3 months for complex requests) under GDPR
45 days (extendable to 90 days) under CCPA

Verification: To protect your privacy, we may need to verify your identity before fulfilling your request. We may ask for additional information such as account details, email confirmation, or government-issued ID in limited circumstances.

No Discrimination: We will not discriminate against you for exercising your privacy rights. You will not receive different pricing or service quality for making privacy requests.

7. Cookies and Tracking Technologies

This section provides detailed information about cookies and tracking technologies. For a complete overview, please also see Section 1.5 above.

7.1 What Are Cookies

Cookies are small text files stored on your device when you visit websites. We use cookies and similar technologies (web beacons, pixels, local storage) to enhance your experience, provide functionality, and analyze usage.

7.2 Types of Cookies We Use

Essential Cookies (Required):

Session cookies to maintain your logged-in state
Security cookies to prevent fraud and protect your account
Authentication tokens for secure API access
CSRF tokens to prevent cross-site request forgery

Functional Cookies (Optional):

Language preference cookies
Currency preference cookies
Display settings and customization preferences
A/B test variant cookies for consistent experience

Analytics Cookies (Privacy-First):

Cloudflare Web Analytics (does NOT use cookies or track individual users)
Performance monitoring and error tracking
Aggregated usage statistics

Marketing Cookies (With Consent):

Advertising cookies from Google Ads, Facebook Pixel, LinkedIn Insight Tag
Retargeting and remarketing cookies
Conversion tracking pixels
Social media integration cookies

7.3 How to Control Cookies

You have several options to manage cookies:

Browser Settings: Configure your browser to accept, reject, or delete cookies
Cookie Preference Center: Manage your cookie preferences through our website
Opt-out Tools: Use industry opt-out tools like NAI, DAA, or Your Online Choices (EU)
Do Not Track: Enable "Do Not Track" in your browser (though not all sites honor it)

Browser-Specific Instructions:

Note: Disabling essential cookies may affect core functionality of our Services. Disabling functional or marketing cookies will not impact your ability to use our platform.

8. International Data Transfers

GuestMetrix operates globally, and your personal information may be transferred to, stored in, and processed in countries other than your country of residence, including the United States, European Union, Singapore, and other jurisdictions where our service providers operate.

8.1 Cross-Border Data Transfers

When we transfer personal data across borders, we ensure appropriate safeguards are in place to protect your information in accordance with this Privacy Policy and applicable data protection laws, including GDPR and PDPA.

8.2 Transfer Mechanisms and Safeguards

We rely on the following legal mechanisms for international data transfers:

Standard Contractual Clauses (SCCs): EU Commission-approved model contracts for transfers outside the EEA
Adequacy Decisions: Transfers to countries deemed to have adequate data protection by the EU Commission
Data Processing Agreements: Contracts with service providers requiring GDPR and PDPA compliance
Binding Corporate Rules: For transfers within our corporate group (if applicable)
Your Consent: Where permitted by law, we may transfer data based on your explicit consent

8.3 Protection Standards

Regardless of where your data is processed, we maintain the same high standards of data protection outlined in this Privacy Policy. Our service providers are contractually obligated to implement appropriate technical and organizational measures to protect your data.

8.4 Specific Regional Transfers

EU to Non-EU Countries: We use Standard Contractual Clauses and ensure adequate protections
Thailand to Other Countries: We comply with PDPA requirements for cross-border data transfers
U.S. Data Transfers: We follow applicable frameworks and ensure contractual protections

For more information about our data transfer practices or to obtain a copy of relevant safeguards, please contact us at privacy@guestmetrix.com.

9. Children's Privacy

Our Services are designed for businesses and are not intended for or directed to individuals under the age of 16 (or under 18 in some jurisdictions). We do not knowingly collect, use, or disclose personal information from children.

9.1 Age Restrictions

You must be at least 16 years old (or 18 in some jurisdictions) to create an account or use our Services
Our Services are business-to-business (B2B) solutions not marketed to children
We do not knowingly process data of individuals under the legal age in their jurisdiction

9.2 Parental Notice

If you are a parent or guardian and believe your child has provided us with personal information without your consent, please contact us immediately at privacy@guestmetrix.com. We will take prompt steps to delete such information from our systems.

9.3 Guest Survey Responses

If you use our platform to collect guest feedback, you are responsible for ensuring compliance with children's privacy laws (such as COPPA in the U.S., GDPR's special protections for children, etc.). You must not use our Services to knowingly collect personal information from children without appropriate parental consent as required by law.

10. GDPR Compliance (European Users)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, the General Data Protection Regulation (GDPR) and equivalent UK data protection laws provide you with specific rights and protections regarding your personal data.

10.1 Your GDPR Rights

Under GDPR, you have the following rights (also outlined in Section 6):

Right to Access: Obtain confirmation of whether we process your data and receive a copy
Right to Rectification: Correct inaccurate or incomplete personal data
Right to Erasure: Request deletion of your personal data ("right to be forgotten")
Right to Restrict Processing: Limit how we use your data in certain circumstances
Right to Data Portability: Receive your data in a structured, machine-readable format
Right to Object: Object to processing based on legitimate interests or for direct marketing
Right to Withdraw Consent: Withdraw consent at any time (without affecting prior processing)
Right to Lodge a Complaint: File a complaint with your local data protection authority
Rights Related to Automated Decision-Making: Not be subject to solely automated decisions with legal effects

10.2 Legal Basis for Processing

We process your personal data based on the following legal grounds under GDPR:

Contractual Necessity (Article 6(1)(b)): Processing necessary to perform our contract with you and provide the Services
Consent (Article 6(1)(a)): You have given explicit consent for specific processing (e.g., marketing, cookies)
Legitimate Interests (Article 6(1)(f)): Processing necessary for our legitimate business interests, such as:
- Improving and optimizing our Services
- Fraud prevention and security
- Analytics and business intelligence
- Direct marketing (where permitted)
Legal Obligation (Article 6(1)(c)): Processing required to comply with legal or regulatory obligations
Vital Interests (Article 6(1)(d)): Processing necessary to protect vital interests (rare circumstances)

10.3 Data Controller and Processor Roles

GuestMetrix as Data Controller: For your account information, we are the data controller
GuestMetrix as Data Processor: For guest survey responses, you are the data controller and we process data on your behalf
Data Processing Agreement: Available upon request for our processor relationships

10.4 Data Protection Officer

For GDPR-related inquiries or to exercise your rights, contact our Data Protection Officer at: dpo@guestmetrix.com

10.5 Supervisory Authority

You have the right to lodge a complaint with a data protection supervisory authority in your country. A list of EU data protection authorities is available at: EDPB Member List

11. PDPA Compliance (Thailand Users)

If you are located in Thailand, the Personal Data Protection Act B.E. 2562 (2019) (PDPA) provides you with specific rights and protections regarding your personal data. GuestMetrix is committed to full compliance with Thailand's PDPA.

11.1 Your PDPA Rights

Under the PDPA, you have the following rights:

Right to Access: Request access to your personal data and information about how we process it
Right to Data Portability: Receive your data in a structured, commonly used format and transfer it to another service
Right to Object: Object to processing of your personal data for legitimate purposes
Right to Erasure: Request deletion of your personal data when it is no longer necessary or processing is unlawful
Right to Restrict Processing: Request suspension or restriction of data processing
Right to Rectification: Correct or update inaccurate or incomplete personal data
Right to Withdraw Consent: Withdraw previously given consent at any time
Right to Complaint: Lodge a complaint with the Personal Data Protection Committee (PDPC) of Thailand

11.2 Legal Basis for Processing Under PDPA

We process your personal data based on the following legal grounds under PDPA:

Consent: You have given clear consent for us to process your personal data for specific purposes
Contractual Necessity: Processing necessary to perform a contract with you or take steps at your request before entering a contract
Legal Obligation: Processing required to comply with legal obligations under Thai or other applicable laws
Legitimate Interests: Processing necessary for legitimate interests pursued by us or third parties (balanced against your rights)
Vital Interests: Processing necessary to protect vital interests of you or another person

11.3 Sensitive Personal Data

We do not intentionally collect sensitive personal data (such as race, religion, health data, biometric data) unless:

You explicitly provide it in survey responses or communications
We have obtained your explicit consent
Processing is permitted by law or necessary for legal claims

11.4 Cross-Border Data Transfers from Thailand

When transferring your personal data outside Thailand, we ensure:

Destination countries have adequate data protection standards as determined by the PDPC
Appropriate contractual safeguards are in place (Standard Contractual Clauses)
We have obtained your consent for the transfer (where required)
The transfer is necessary for contract performance or legal compliance

11.5 Contact for PDPA Matters

For PDPA-related inquiries, to exercise your rights, or to file a complaint, contact us at:

Email: privacy@guestmetrix.com
PDPA Officer: dpo@guestmetrix.com

You may also file a complaint with the Personal Data Protection Committee (PDPC) of Thailand: www.pdpc.or.th

12. California Privacy Rights (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with specific rights regarding your personal information.

12.1 Your California Privacy Rights

Right to Know: Know what personal information we collect, use, disclose, and sell
Right to Access: Request access to specific pieces of personal information we hold about you
Right to Deletion: Request deletion of your personal information (subject to exceptions)
Right to Opt-Out: Opt-out of the sale or sharing of your personal information
Right to Correct: Request correction of inaccurate personal information
Right to Limit Use of Sensitive Personal Information: Limit our use and disclosure of sensitive personal information
Right to Non-Discrimination: Not receive discriminatory treatment for exercising your privacy rights

12.2 Categories of Personal Information

We collect and process the following categories of personal information (as defined by CCPA):

Identifiers (name, email, IP address, account ID)
Commercial information (transaction history, subscription details)
Internet or network activity (browsing history, interactions with our Services)
Geolocation data (general location from IP address)
Professional or employment information (job title, company)
Inferences (preferences, characteristics, behavior)

12.3 Sale of Personal Information

We do not sell your personal information. We do not share personal information with third parties for monetary or other valuable consideration as defined by CCPA.

12.4 How to Exercise Your Rights

To exercise your California privacy rights, contact us at: privacy@guestmetrix.com or call our toll-free number (if applicable).

We will respond to verifiable consumer requests within 45 days (extendable to 90 days for complex requests).

13. Third-Party Links and Services

Our Services may contain links to third-party websites, applications, or services that are not owned or controlled by GuestMetrix.

13.1 No Responsibility for Third Parties

We are not responsible for the privacy practices, content, or security of third-party sites or services. This Privacy Policy applies only to information collected by GuestMetrix through our Services.

13.2 Third-Party Integrations

If you integrate our Services with third-party platforms (e.g., property management systems, CRM systems, social media), those third parties may collect information according to their own privacy policies. We encourage you to review their privacy practices before connecting your account.

13.3 Recommendation

We strongly advise you to review the privacy policies of any third-party sites or services you visit or interact with. GuestMetrix has no control over and assumes no responsibility for third-party privacy practices.

14. Marketing Communications

14.1 Opt-In and Consent

We will only send you marketing communications if you have opted in or provided consent (as required by applicable law). Marketing communications may include:

Product updates and new feature announcements
Educational content, webinars, and best practices
Promotional offers and special discounts
Industry news and trends
Event invitations and newsletters

14.2 Opt-Out Options

You can opt out of marketing communications at any time by:

Clicking the "unsubscribe" link at the bottom of any marketing email
Managing your email preferences in your account settings
Replying "STOP" to marketing SMS messages
Contacting us at privacy@guestmetrix.com

14.3 Transactional Communications

Note: Opting out of marketing communications does not affect transactional or service-related emails, which are necessary for account management and service provision (e.g., password resets, billing receipts, service updates, security alerts). You cannot opt out of transactional communications while maintaining an active account.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We encourage you to review this policy periodically.

15.1 How We Notify You of Changes

Last Updated Date: We will update the "Last updated" date at the top of this policy
Website Posting: The updated Privacy Policy will be posted on this page
Email Notification: For material changes that significantly affect your rights, we will send email notification to your registered email address at least 30 days before the changes take effect
In-App Notice: We may display prominent notices within our Services about significant changes

15.2 Material Changes

Material changes may include (but are not limited to):

Changes in how we collect, use, or share your personal information
New categories of data collected
Changes to data retention periods
Changes in your rights or how to exercise them
Changes to international data transfers

15.3 Your Acceptance

Your continued use of our Services after the effective date of the updated Privacy Policy constitutes your acceptance of the changes. If you do not agree with the updated policy, you should discontinue using our Services and may request deletion of your account.

15.4 Previous Versions

Previous versions of this Privacy Policy are archived and available upon request by contacting privacy@guestmetrix.com.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data protection practices, please contact us through any of the following channels:

16.1 General Privacy Inquiries

Email: privacy@guestmetrix.com
Support: support@guestmetrix.com

16.2 Data Protection Officer

For GDPR, PDPA, or other data protection matters:

Email: dpo@guestmetrix.com

16.3 Mailing Address

GuestMetrix
[Street Address]
[City, State/Province, Postal Code]
[Country]

Note: Please update the mailing address with actual company address details.

16.4 Response Time

We strive to respond to all privacy-related inquiries within:

General inquiries: 5-7 business days
Data subject access requests: 30 days (or as required by applicable law)
GDPR requests: 1 month (extendable to 3 months for complex requests)
CCPA requests: 45 days (extendable to 90 days for complex requests)
PDPA requests: 30 days (or as required by Thai law)

Thank you for trusting GuestMetrix with your personal information. We are committed to protecting your privacy and handling your data with care and transparency.