Privacy Policy

Last updated: June 7, 2026

In short: TorYod collects only the data needed to verify that you build, run the platform, and process payments. We never sell your data, and you can access, correct, or delete it at any time.

1. Who we are

This Policy explains how the TorYod platform ("TorYod", "we", "us") handles your personal data. It applies to the website, web app, and all related services. It follows Thailand's Personal Data Protection Act (PDPA). For any data request, contact us at toryod.group@gmail.com.

2. Data we collect

  • Account data — name, email, password (stored hashed), profile details, and the role(s) you choose.
  • Identity verification (KYC) — collected and processed by our verification provider Didit. TorYod stores only the verification status and timestamp, not your ID documents.
  • Build activity — read-only data from the integrations you connect (GitHub, Figma, Notion): commit/edit timestamps, counts, and contributor info used to compute your Trust Score. Access tokens are encrypted at rest.
  • Usage data — pages viewed, actions taken, and device/browser info, used to operate and improve the service.
  • Payment data — when you subscribe, billing is handled by a third-party payment processor. TorYod does not store full card numbers.

3. How we use your data

  • To compute and display your Trust Score and Verified Venture Certificate.
  • To verify identity, prevent fraud, and keep scores hard to game.
  • To match founders, builders, and investors and enable direct messages after a match.
  • To process subscriptions and send service emails and notifications.
  • To secure, maintain, and improve the platform, and to comply with the law.

4. Legal basis (PDPA)

We process your data based on your consent (e.g. connecting an integration or KYC), the performance of our contract with you (running your account), our legitimate interests (security and fraud prevention), and legal obligations. You can withdraw consent at any time, which may limit some features.

5. Who we share data with

We share data only with the service providers needed to run TorYod, under data-processing terms:

  • Didit — identity verification (KYC).
  • Supabase — database, authentication, and file storage.
  • GitHub / Figma / Notion — read-only activity, only for integrations you connect.
  • Resend — transactional email delivery.
  • A payment processor — to handle subscription billing.

We do not sell your personal data, and we do not share it for third-party advertising.

6. Data retention & security

We keep your data while your account is active and as needed to meet legal obligations. Integration tokens are encrypted (AES-256). Access is restricted by row-level security. When you delete your account, we delete or anonymise your personal data except where the law requires us to keep it.

7. Your rights

Under the PDPA you may, at any time, request to:

  • access and obtain a copy of your data;
  • correct inaccurate data;
  • delete your data or withdraw consent;
  • object to or restrict certain processing;
  • port your data to another service.

To exercise any right, email toryod.group@gmail.com. You can also delete your account from your account settings.

8. Cookies

We use essential cookies to keep you signed in and to operate the service. We default to the most privacy-preserving settings and do not use non-essential tracking cookies for advertising.

9. Changes & contact

We may update this Policy and will post the new "Last updated" date here. Questions or data requests: toryod.group@gmail.com. See also our Terms of Service and Refund & Cancellation Policy.