DriftingLightWave ("we," "our," or "us") operates educational programs focused on hashing and digital signatures technology. This Privacy Policy explains how we collect, use, store, and protect your personal information when you interact with our educational services, visit our website at driftinglightwave.com, or engage with our programs in Thailand.

We believe transparency builds trust. That's why we've written this policy in plain language, avoiding legal jargon wherever possible. Our commitment extends beyond compliance with Thailand's Personal Data Protection Act (PDPA) – we genuinely care about your privacy rights and want you to feel confident about how your information is handled.

This policy applies to all personal data we collect through our website, enrollment processes, educational programs, and any communication channels we maintain. By using our services, you acknowledge that you've read and understood these practices.

We collect different types of information to provide you with quality educational services. Understanding what we gather helps you make informed decisions about sharing your data with us.

During the enrollment process, we collect additional details such as your preferred learning schedule, previous experience with cryptographic concepts, and specific areas of interest within hashing and digital signatures. This helps us tailor the curriculum to match your background and objectives.

We may also collect feedback, assignments, project submissions, and participation data during your learning journey. This information helps us assess progress, provide personalized guidance, and improve our educational methods.

Your information serves specific purposes that directly benefit your educational experience. We don't believe in collecting data just because we can – every piece of information we gather has a clear purpose.

• Providing educational services and customizing learning experiences based on your background and goals
• Communicating about course schedules, program updates, and educational opportunities
• Processing enrollments and managing student records throughout your learning journey
• Evaluating and improving our educational programs based on student feedback and performance data
• Ensuring compliance with educational standards and legal requirements in Thailand
• Providing technical support and responding to your questions or concerns

We analyze aggregated, non-personal data to understand trends in digital security education and improve our curriculum. This helps us stay current with industry developments and ensure our programs remain relevant and valuable.

We don't sell or rent your personal information to third parties. When we do share data, it's only for specific purposes that support your educational experience or fulfill legal obligations.

When we work with service providers – such as email systems or learning platforms – we ensure they meet our privacy standards and are contractually bound to protect your information. These partners can only use your data for the specific services they provide to us.

Under Thailand's Personal Data Protection Act and our commitment to privacy, you have several rights regarding your personal information. We've made exercising these rights as straightforward as possible.

Protecting your information is fundamental to our operations, especially given our focus on digital security education. We implement multiple layers of protection to safeguard your personal data.

Our technical safeguards include encrypted data transmission, secure server infrastructure, regular security audits, and access controls that limit who can view your information. We use industry-standard encryption for data storage and transmission, ensuring your information remains protected both at rest and in transit.

From an organizational standpoint, we provide regular privacy and security training to our staff, maintain strict access policies, and conduct background checks for employees who handle personal data. Our team understands the importance of data protection, and we regularly review our practices to ensure they meet current standards.

While we implement robust security measures, we also believe in transparency about risks. No system is completely immune to security threats, which is why we maintain incident response procedures and would notify you promptly if a breach affects your personal information.

We retain your personal information only as long as necessary to provide educational services, comply with legal obligations, or resolve disputes. Our retention periods vary based on the type of information and its purpose.

Student enrollment records and academic progress data are typically retained for five years after program completion to support transcript requests and alumni services. Contact information for inactive prospects is deleted after two years unless you've explicitly requested to remain on our mailing list.

Technical logs and website analytics data are automatically purged after 18 months. Marketing communications data is deleted when you unsubscribe or after three years of inactivity, whichever comes first.

When we delete your information, we ensure it's removed from our active systems and backup storage. Some information may persist in archived backups for technical reasons, but we ensure these are not accessible for normal business operations and are eventually purged according to our backup retention schedule.

Our primary operations and data storage occur within Thailand. However, some of our technology partners and service providers may process data in other countries as part of their normal operations.

When personal data is transferred outside Thailand, we ensure appropriate safeguards are in place. This includes working only with providers that demonstrate adequate data protection measures, implementing contractual protections, and regularly reviewing the security practices of our international partners.

We provide clear notification if your data will be processed outside Thailand and ensure any transfers comply with Thai data protection laws and international standards. You have the right to inquire about these transfers and request information about the protections in place.

Privacy practices evolve as technology and regulations change. We review this policy annually and update it when necessary to reflect changes in our practices, services, or applicable laws.

When we make material changes to this policy, we'll notify you through email (if we have your email address) and post a notice on our website. We'll also update the effective date at the bottom of this policy to indicate when changes were made.

We encourage you to review this policy periodically, especially before sharing additional personal information with us. If you have concerns about policy changes, please contact us to discuss how they might affect your data.