Privacy Policy
Last updated: June 7, 2026
1. Who we are
This Policy explains how the TorYod platform ("TorYod", "we", "us") handles your personal data. It applies to the website, web app, and all related services. It follows Thailand's Personal Data Protection Act (PDPA). For any data request, contact us at toryod.group@gmail.com.
2. Data we collect
- Account data — name, email, password (stored hashed), profile details, and the role(s) you choose.
- Identity verification (KYC) — collected and processed by our verification provider Didit. TorYod stores only the verification status and timestamp, not your ID documents.
- Build activity — read-only data from the integrations you connect (GitHub, Figma, Notion): commit/edit timestamps, counts, and contributor info used to compute your Trust Score. Access tokens are encrypted at rest.
- Usage data — pages viewed, actions taken, and device/browser info, used to operate and improve the service.
- Payment data — when you subscribe, billing is handled by a third-party payment processor. TorYod does not store full card numbers.
3. How we use your data
- To compute and display your Trust Score and Verified Venture Certificate.
- To verify identity, prevent fraud, and keep scores hard to game.
- To match founders, builders, and investors and enable direct messages after a match.
- To process subscriptions and send service emails and notifications.
- To secure, maintain, and improve the platform, and to comply with the law.
4. Legal basis (PDPA)
We process your data based on your consent (e.g. connecting an integration or KYC), the performance of our contract with you (running your account), our legitimate interests (security and fraud prevention), and legal obligations. You can withdraw consent at any time, which may limit some features.
5. Who we share data with
We share data only with the service providers needed to run TorYod, under data-processing terms:
- Didit — identity verification (KYC).
- Supabase — database, authentication, and file storage.
- GitHub / Figma / Notion — read-only activity, only for integrations you connect.
- Resend — transactional email delivery.
- A payment processor — to handle subscription billing.
We do not sell your personal data, and we do not share it for third-party advertising.
6. Data retention & security
We keep your data while your account is active and as needed to meet legal obligations. Integration tokens are encrypted (AES-256). Access is restricted by row-level security. When you delete your account, we delete or anonymise your personal data except where the law requires us to keep it.
7. Your rights
Under the PDPA you may, at any time, request to:
- access and obtain a copy of your data;
- correct inaccurate data;
- delete your data or withdraw consent;
- object to or restrict certain processing;
- port your data to another service.
To exercise any right, email toryod.group@gmail.com. You can also delete your account from your account settings.
8. Cookies
We use essential cookies to keep you signed in and to operate the service. We default to the most privacy-preserving settings and do not use non-essential tracking cookies for advertising.
9. Changes & contact
We may update this Policy and will post the new "Last updated" date here. Questions or data requests: toryod.group@gmail.com. See also our Terms of Service and Refund & Cancellation Policy.