Information Emergence and Capture

Details about you materialize in our systems through three distinct pathways. The first occurs when you deliberately submit information—creating an account, completing forms, initiating support conversations, or configuring project settings. These moments generate identity markers (name, email address, company affiliation) and technical specifications (project requirements, system preferences, support inquiries).

A second stream emerges automatically whenever your browser communicates with our servers. Technical identifiers appear: IP addresses that reveal geographic regions, device fingerprints, browser configurations, timestamp sequences documenting when interactions occurred. We also capture usage patterns—which features received attention, how long sessions persisted, navigation sequences through our platform.

The third pathway involves external sources. Payment processors relay transaction confirmations. Authentication providers share validated credentials when you choose federated login options. Professional networking platforms contribute profile details if you've authorized such connections.

• Identity markers — full names, email addresses, company names, job titles, phone numbers (when provided for account recovery or support escalation)
• Access credentials — encrypted password hashes, authentication tokens, multi-factor verification settings
• Project specifications — technical requirements you document, configuration choices, resource allocation preferences
• Communication records — support ticket content, email correspondence, chat transcripts from assistance sessions
• Technical telemetry — IP addresses, browser user agents, device types, operating system versions, screen resolutions, referring URLs
• Behavioral traces — feature usage frequency, session durations, click patterns, navigation paths, error encounters
• Transaction history — billing details, payment method tokens (not full card numbers), invoice records, subscription status changes

Information intake happens at registration, during active platform use, when you contact support channels, through payment processing, and via automated system logging. Geographic context matters because we operate in Thailand's market while serving international clients—IP geolocation helps us comply with region-specific regulations and optimize infrastructure routing.

Operational Application and Internal Movement

Once details exist within our infrastructure, they fuel distinct operational processes. Account identifiers enable authentication systems to recognize returning users without requiring repeated verification. Project specifications guide our platform in allocating appropriate resources and configuring development environments. Communication records ensure support continuity—new agents can review previous conversations without forcing you to repeat context.

Technical telemetry serves diagnostic purposes. When errors occur, we correlate browser configurations and network conditions with failure patterns to identify root causes. Usage patterns inform infrastructure scaling—sudden traffic surges to specific features trigger capacity adjustments. Behavioral traces reveal which interface elements cause confusion, guiding redesign priorities.

Payment information follows a restricted pathway. Transaction processors handle sensitive card details directly; we receive only confirmation tokens and transaction identifiers. These limited references allow us to match payments to accounts, generate invoices, and manage subscription status without accessing full payment credentials.

Not everyone within meshnet-portal sees everything. Account managers access identity markers and subscription details but cannot view project code or technical specifications. Support staff see communication history and basic account profiles. Engineering teams work with anonymized usage patterns and technical telemetry stripped of direct identifiers. Payment processing remains isolated—finance personnel handle transaction records, but card details never enter our internal systems.

Access controls operate through role-based permissions. Each staff position receives minimum necessary visibility. Audit logs track who accessed which records and when. Two-factor authentication protects administrative interfaces. Database queries require justified business purposes documented in access request systems.

External Information Transfer

Some details move beyond our direct control under specific circumstances. Infrastructure providers—the companies supplying servers, databases, and content delivery networks—necessarily access information residing on their hardware. We've selected partners committed to equivalent protection standards, but physical hosting introduces third-party contact points.

Payment processors receive transaction-essential details: billing names, amounts, invoice identifiers. They operate under financial services regulations that impose strict handling requirements. Email delivery services touch communication content when transmitting notifications, password resets, or support responses.

Legal obligations occasionally compel disclosure. Thai regulatory authorities can request records relevant to investigations. Intellectual property disputes might require sharing details about specific accounts. Tax compliance demands transaction documentation. We resist overly broad requests but ultimately comply with valid legal mandates.

Business structure changes represent another transfer scenario. If meshnet-portal merges with another entity or transfers ownership, account records would move to successor organizations. Such transitions would occur only after ensuring the new custodian maintains comparable protection practices.

Our Thailand-based operations mean information often resides within Thai data centers. Some infrastructure partners maintain servers in Singapore, Japan, and other Asia-Pacific locations for redundancy and performance optimization. Cross-border transfers follow contractual frameworks ensuring recipient jurisdictions provide adequate legal protections. European users benefit from standard contractual clauses approved under GDPR. We avoid routing data through jurisdictions with poor privacy track records unless technical necessity demands it and appropriate safeguards exist.

Retention Logic and Deletion Triggers

Information persistence follows functional timelines rather than arbitrary calendars. Active account details remain accessible throughout your relationship with meshnet-portal. Once you terminate service, different elements disappear at varying speeds.

Identity markers and access credentials vanish within 90 days after account closure unless legal holds prevent deletion. Project specifications might persist longer if associated with ongoing contractual obligations or intellectual property documentation. Communication records typically survive 12 months beyond final contact to support dispute resolution, then face permanent removal.

Technical telemetry undergoes progressive anonymization. Recent logs retain full detail to support immediate troubleshooting. After 30 days, direct identifiers get stripped while behavioral patterns remain for trend analysis. Beyond 6 months, even anonymized usage data faces aggregation into statistical summaries, with granular records discarded.

Transaction history follows accounting regulations. Thai tax law mandates seven-year retention of financial records, so invoice details and payment confirmations persist accordingly. After regulatory requirements expire, systematic purging occurs.

Backup systems complicate immediate deletion. Information removed from production databases might linger in backup snapshots until those archives age out—typically 90 days for incremental backups. During this window, deleted details technically exist within recovery systems but remain inaccessible for normal operations.

Control Mechanisms and Access Requests

You hold several levers over information we maintain. Account dashboards provide direct access to identity markers and project specifications—edit capabilities let you correct inaccuracies or update outdated details without contacting support.

For deeper interventions, reach us at support@meshnet-portal.app. Requests for comprehensive data exports typically complete within 72 hours—you'll receive machine-readable files containing everything associated with your account. Deletion requests trigger the retention timelines described above, though legal or contractual obligations might delay complete removal.

You can object to specific processing activities. If usage pattern analysis feels uncomfortable, we can flag your account to exclude behavioral data from aggregation—though this might limit our ability to troubleshoot issues you encounter. Marketing communications carry unsubscribe mechanisms; opt-outs stop promotional messages while preserving essential service notifications.

Correction requests warrant documentation supporting your claimed accurate version—especially for details like company affiliations or project specifications where conflicting records might exist. We investigate discrepancies before making changes that could affect service delivery.

Thailand's Personal Data Protection Act (PDPA) grants residents specific rights. You can request disclosure of processing purposes, data categories we hold, recipient lists for shared information, and retention periods. Complaints about our handling practices can escalate to Thailand's Personal Data Protection Committee—contact details appear below. For users outside Thailand, comparable rights exist under local regulations, and we honor equivalent requests even when not legally mandated.