Table of Contents
1. General Information
1StopService provides an IT Helpdesk and Ticket Management system as a SaaS platform via 1stopservice.click.
This policy explains how we collect, use, and protect your personal data in accordance with the Personal Data Protection Act B.E. 2562 (PDPA).
2. Data We Collect
- Identity data: Full name, email address, phone number
- LINE data: LINE User ID, display name, profile picture (when registering via LINE OA)
- Usage data: Tickets, comments, file attachments, login history
- Technical data: IP address, browser type, pages visited, session duration
- Payment data: Bank transfer slip images (we do not store credit card data)
3. Purpose of Use
- Providing the IT Helpdesk system and managing tickets
- Authenticating users and controlling system access
- Sending ticket status notifications via email and LINE
- Processing payments and issuing invoices
- Improving service quality and developing the platform
- Complying with applicable laws and regulations
4. Legal Basis for Processing
- Contractual necessity: Required to provide the services you subscribed to
- Consent: Non-essential cookies (consent may be withdrawn at any time)
- Legitimate interests: Maintaining security and preventing fraud
- Legal obligation: When required by law to disclose data
5. Third-Party Disclosure
We do not sell your personal data. We share data only with the following service providers:
- Google Firebase / Firestore — Data storage and Authentication (Singapore)
- Google Drive — File attachment storage
- LINE Corporation — LINE OA and LIFF
- Slipok — Payment slip verification
- Google Gemini API — AI processing (RCA, FAQ, Auto-categorize)
6. Cookies
| Type | Purpose | Required |
|---|---|---|
| Authentication | Firebase Auth session token | ✓ Required |
| Preference | Saves user settings | ✓ Required |
| Cookie Consent | Records your consent | ✓ Required |
| Analytics | Usage analytics (future) | Optional |
7. Data Retention
- Account data: for the duration of the account + 30 days after cancellation
- Tickets and comments: 3 years from the date the ticket is closed
- Access logs: 90 days
- Payment data: 7 years as required by accounting law
8. Your Rights (PDPA)
- Right of access: Request to view data we hold about you
- Right of rectification: Correct inaccurate or incomplete data
- Right of erasure: Request deletion of your personal data
- Right of portability: Receive your data in machine-readable format
- Right to object: Object to processing in certain circumstances
- Right to withdraw consent: Withdraw at any time without affecting prior rights
To exercise your rights, contact privacy@1stopservice.click — we will respond within 30 days.
9. Data Security
All data is transmitted over HTTPS (TLS 1.2+) and stored in Google Firebase (Singapore), which holds ISO 27001 and SOC 2/3 certifications. Access is controlled via Firestore Security Rules and Firebase Authentication.