Privacy Policy.

RIDEN (Thailand) Co., Ltd. ("Riden", "we", "our") is the data controller of personal information collected through our website, portal, and LINE integrations. We are registered in Bangkok, Thailand.

Contact for data matters: hello@riden.me. Data Protection Officer: dpo@riden.me.

Account data: name, email, phone, company, country, LINE user ID (if linked).

Booking data: client names, contact numbers, pickup/dropoff locations, trip dates, pax counts, special requirements, vehicle types, and notes.

Payment data: subscription plan, amount, reference numbers, proof-of-payment file references. We do NOT store full card numbers.

Operational data: GPS locations of drivers during active trips, photo timestamps, device user-agent, IP address, country of access.

Marketing data: demo requests, contact form submissions, UTM parameters, referrer.

To provide the Riden service: create bookings, dispatch to operators, track trips, generate invoices.

To communicate: service notifications via LINE and email, support responses, billing.

To improve the product: aggregate analytics on platform usage. We never sell individual data.

To comply with legal obligations in Thailand.

We share booking and trip details with the operators and drivers you choose to dispatch to — this is the core function of the platform.

We use Supabase (AWS Singapore) for data hosting, LINE (for messaging), Vercel (for hosting the web portal), and email providers (for transactional email). Data leaves Thailand only to these trusted processors.

We do not sell data to third parties. We do not share personal data with advertisers.

We may disclose data if required by Thai law, a valid court order, or to protect our users' safety.

Access: you can request a copy of the personal data we hold about you.

Rectification: you can correct inaccurate data.

Erasure: you can request deletion of your account and associated personal data, subject to legal retention requirements.

Portability: you can receive your data in a machine-readable format.

Objection: you can object to processing for specific purposes.

Withdrawal of consent: where processing is based on consent, you can withdraw at any time.

To exercise any of these rights, email dpo@riden.me with your request. We respond within 30 days as required by PDPA Section 30.

Active account data: retained while your account is active.

Trip and booking records: retained for 7 years after trip completion, for accounting and legal purposes as required by Thai tax law.

Marketing leads (demo requests, contact forms): retained for 2 years or until you request deletion.

Deleted account data: permanently removed from our primary systems within 30 days, except where retention is legally required.

We use strictly-necessary cookies for authentication, language preference (riden_lang), and session management. These are required for the platform to function.

We use analytics cookies (via Vercel Analytics) to understand aggregate traffic patterns. These do not identify individuals.

We do not use third-party advertising cookies.

Data in transit is encrypted via TLS 1.3.

Data at rest is encrypted in Supabase (AWS Singapore).

Access to production data is restricted to a small number of authorized Riden staff. Access is logged.

We do not store payment card numbers. Subscription payments are handled via bank transfer or Stripe (for international Pro customers).

We may update this policy. Material changes will be announced via email to registered DMCs and prominently on this page. The date at the top reflects the most recent update.

RIDEN (Thailand) Co., Ltd.

Sukhumvit Soi 23, Klongtoey, Bangkok 10110, Thailand

Email: dpo@riden.me · hello@riden.me