Privacy Policy

Krevio is an AI coaching service for Thai TikTok Shop creators. The Krevio team operates the service; contact [email protected] for any privacy-related inquiry. This policy describes what data we collect from you, why, how long we keep it, and how to exercise your rights under Thailand's Personal Data Protection Act B.E. 2562 (PDPA).

To provide the service, we collect:

• Account data: email address, hashed password (argon2id), chosen locale, tier.
• Channel data: public TikTok profile + up to 20 most recent public videos of channels you add, for analysis and recommendations.
• Usage data: events like analyses run, chat messages sent, scripts generated — used to enforce tier quotas and improve the product.
• Payment data: Stripe handles payment method storage. We store only the Stripe customer ID and top-up transaction metadata — never full card numbers.

We do not collect TikTok login credentials, private messages, or data from accounts you do not explicitly add.

Channel data is used solely to generate analyses, AI chat responses, scripts, and content plans tailored to your channel. Usage data enforces quotas and helps us debug and improve features. Payment data is necessary to deliver paid services.

We use AI providers OpenAI and Anthropic under business API agreements that contractually prohibit using your data to train their models. Your channel content stays within Krevio and is not used to train any AI.

Account data: retained for the lifetime of your account. Delete your account and all account data is removed within 30 days, except records we are legally required to keep (e.g. tax invoices for 5 years under Thai revenue code).

Channel analyses: retained while the channel is linked to your account. Removing a channel deletes its analyses immediately. Anonymized aggregate metrics may be retained for product analytics.

• Right to access: request a copy of your personal data we hold.
• Right to rectification: correct inaccurate personal data.
• Right to erasure: delete your account and personal data (subject to legal retention requirements).
• Right to restrict or object to processing.
• Right to data portability: receive your data in a structured, machine-readable format.

We share data only with processors necessary for the service: Stripe (payments), OpenAI and Anthropic (AI inference under no-train agreements), Resend (transactional email), Sentry (error monitoring), PostHog (product analytics). We do not sell personal data and do not share for advertising targeting on third-party networks beyond the pixel-based retargeting described below.

On marketing pages we load Meta Pixel, TikTok Pixel, Google Ads tag, and Google Analytics 4 when their respective environment variables are configured. These set cookies for attribution and retargeting. A PDPA-compliant consent banner is in progress for Phase 2.

For privacy requests, data access, or complaints, email our team:

[email protected]