Privacy Policy

Last updated: March 4, 2026

This language is not published yet. Showing English content.

EnglishThaiChineseKoreanJapanese

Privacy Policy

B-Drink Platform

Last updated: February 12, 2026

1. Introduction

B-Drink ("we," "us," or "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application, website, and related services (collectively, the "Service"). This policy is designed to comply with Thailand's Personal Data Protection Act (PDPA) B.E. 2562 (2019) and other applicable data protection laws.

By using the Service, you consent to the collection and use of information as described in this Privacy Policy.

2. Information We Collect

2.1 Information You Provide Directly

  • Account Information: Email address, username, display name, password (encrypted).
  • Profile Information: Profile photo, gender, personal description/bio.
  • Event Information: Event title, description, location, date/time, category, cover image, tags, privacy settings.
  • Communications: Chat messages, text content, and images sent through event group chats.
  • Report Information: Reports filed against other users or content, including report images and descriptions.
  • Consent Records: Your acceptance or rejection of legal documents (Terms of Service, Privacy Policy), including the version consented to.

2.2 Information Collected Automatically

  • Device Information: Device type, operating system, unique device identifiers, app version.
  • Location Data: GPS coordinates (when location permissions are granted) for event discovery and distance calculations.
  • Usage Data: App interactions, features used, events viewed/joined, search queries, time spent in the app.
  • Log Data: IP address, browser type, access times, pages viewed, referring URL, crash reports and diagnostics.
  • Push Notification Tokens: Device tokens for delivering push notifications.

2.3 Information from Third Parties

  • Social Login Providers: If you sign in via Google or Apple, we receive your name, email, and profile photo as authorized by you.
  • Payment Providers: Apple App Store and Google Play Store provide subscription status and transaction identifiers. We do NOT receive or store your credit card numbers or payment details.
  • Google Maps / Places: Venue names, addresses, and coordinates for event locations.

3. Lawful Basis for Processing (PDPA)

Under the PDPA, we process your personal data based on the following lawful bases:

  • Consent: Your explicit consent for profile data, location services, push notifications, and marketing communications.
  • Contractual Necessity: Processing necessary to perform the contract (these Terms) between you and B-Drink, such as account management, event services, and subscription management.
  • Legitimate Interest: Analytics, service improvement, fraud prevention, and security monitoring, where such interests are not overridden by your fundamental rights.
  • Legal Obligation: Compliance with applicable laws, court orders, or law enforcement requests.

4. How We Use Your Information

We use the information we collect to:

  • Create and manage your user account
  • Provide, operate, and maintain the Service and its features
  • Enable event creation, discovery, and participation
  • Facilitate chat and messaging between event participants
  • Process and manage subscriptions and tier-based features
  • Deliver push notifications about events, chats, and account activity
  • Calculate distances and show nearby events using location data
  • Personalize your experience and content recommendations
  • Respond to user reports and enforce community guidelines
  • Analyze usage patterns to improve the Service and user experience
  • Detect, prevent, and address fraud, abuse, and technical issues
  • Comply with legal obligations and respond to lawful requests
  • Manage consent records and legal document versioning

5. Data Sharing & Disclosure

We do NOT sell your personal data to third parties. We may share your information only in the following circumstances:

5.1 With Other Users

  • Your public profile information (display name, profile photo, gender) is visible to other users.
  • When you join an event, your profile is visible to other participants.
  • Chat messages are visible to all participants of the event group chat.
  • Event information you create is visible to other users based on your privacy settings.

5.2 With Service Providers

  • Google Cloud / Firebase: Cloud infrastructure, authentication, data storage, analytics, crash reporting, and push notifications.
  • Google Maps Platform: Location and venue services.
  • Apple / Google App Stores: Subscription billing and payment processing.

5.3 For Legal Reasons

We may disclose your data if required to do so by law, legal process, court order, or governmental request, or when we believe disclosure is necessary to protect our rights, your safety, the safety of others, investigate fraud, or respond to government requests.

5.4 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of such transaction. We will notify you before any such transfer takes effect.

6. Data Retention

We retain your personal data for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. Specifically:

  • Account Data: Retained for the duration of your account and for a reasonable period after deletion to address legal claims.
  • Chat Messages: Retained for the life of the associated event chat.
  • Event Data: Retained for the duration the event is active and for analytics purposes thereafter.
  • Consent Records: Retained indefinitely for compliance and audit purposes.
  • Log Data & Analytics: Retained for up to 24 months.
  • Report Data: Retained for up to 36 months for safety and enforcement purposes.

When you delete your account, we will delete or anonymize your personal data within a reasonable timeframe, except where retention is required by law.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Data encryption in transit (TLS/SSL) and at rest
  • Firebase Authentication with secure token-based access
  • Firestore Security Rules restricting data access to authorized users only
  • Storage Security Rules ensuring users can only access their own uploaded files
  • Server-side validation and Cloud Functions for sensitive operations (subscriptions, quotas, ownership transfers)
  • Regular security reviews and updates

While we take reasonable measures to protect your data, no method of electronic storage or transmission over the Internet is 100% secure. We cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials.

8. Your Rights Under PDPA

Under the Personal Data Protection Act (PDPA), you have the following rights regarding your personal data:

  • Right of Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Request correction of inaccurate or incomplete personal data.
  • Right to Erasure: Request deletion of your personal data, subject to legal retention requirements.
  • Right to Restrict Processing: Request that we limit how we process your data in certain circumstances.
  • Right to Data Portability: Request to receive your personal data in a structured, commonly used format.
  • Right to Object: Object to the processing of your personal data based on legitimate interest.
  • Right to Withdraw Consent: Withdraw your consent at any time, which will not affect the lawfulness of processing based on consent before its withdrawal.
  • Right to Complain: Lodge a complaint with the Personal Data Protection Committee (PDPC) of Thailand if you believe your rights have been violated.

To exercise any of these rights, please contact us at privacy@b-drink.com. We will respond to your request within 30 days.

9. Children's Privacy

The Service is not intended for anyone under the age of 18. We do not knowingly collect personal data from anyone under 18 years of age. If we become aware that we have inadvertently collected personal data from a minor, we will take steps to delete such information as soon as possible. If you believe that a minor has provided us with personal data, please contact us immediately at privacy@b-drink.com.

10. Cookies & Tracking Technologies

Our website may use cookies and similar tracking technologies to enhance your experience. The mobile app uses Firebase Analytics to collect usage data. Specifically:

  • Essential Cookies: Required for the website to function properly (authentication, session management).
  • Analytics: Firebase Analytics and Crashlytics for app performance monitoring and crash reporting.
  • Push Notification Tokens: Used solely for delivering notifications you have opted into.

You can control cookies through your browser settings. Disabling cookies may affect some website functionality. For the mobile app, you can manage analytics and notification preferences through your device settings.

11. International Data Transfers

Your data may be stored and processed on servers located outside of Thailand through our use of Google Cloud (Firebase) infrastructure. When your data is transferred internationally, we ensure that appropriate safeguards are in place in compliance with the PDPA, including Google Cloud's data processing agreements and security certifications. By using the Service, you consent to the transfer and processing of your data in jurisdictions where our service providers operate.

12. Data Breach Notification

In the event of a personal data breach that may pose a risk to your rights and freedoms, we will notify the Personal Data Protection Committee (PDPC) within 72 hours of becoming aware of the breach, as required by the PDPA. We will also notify affected users without undue delay if the breach is likely to result in a high risk to their rights and freedoms.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational needs. Material changes will be communicated through in-app notifications and may require re-consent through our versioned legal document system. The "Last updated" date at the top of this page indicates when this policy was last revised. Your continued use of the Service after any changes constitutes your acceptance of the revised Privacy Policy.

14. Data Protection Officer (DPO)

In accordance with the PDPA, B-Drink has designated a Data Protection Officer (DPO) responsible for overseeing compliance with data protection obligations. The DPO is your primary point of contact for:

  • Questions about how your personal data is processed
  • Exercising your data protection rights (access, rectification, erasure, portability, etc.)
  • Filing complaints about data protection practices
  • Requesting information about data processing activities

Data Protection Officer

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

By using B-Drink, you acknowledge that you have read and understood this Privacy Policy.

Last Updated: February 12, 2026