Privacy Policy

Privacy Policy
Last updated: August 10, 2025

This Privacy Policy explains how Strathex Systems LLC (“Company,” “we,” “us,” or “our”) collects, uses, discloses, and safeguards Personal Information when you use The Thai Road (the “Site”) or purchase Access Passes. By using the Site, you agree to this Policy.

Controller / Merchant of Record: Strathex Systems LLC (Wyoming, USA)
Business Address: (BUSINESS ADDRESS COMING SOON)
Contact (all privacy requests): support@thethairoad.com | +1 (417) 741-3339
Website: https://thethairoad.com

We operate an editorial, age-restricted directory. We do not host user-generated content, we do not host explicit content, and we do not facilitate illegal services.

1) Scope

This Policy covers Personal Information processed through the Site. It includes required notices for U.S. state privacy laws (e.g., CA/VA/CO/CT/UT) and additional disclosures for EU/UK visitors under GDPR/UK GDPR. It does not cover third-party websites we link to—review their policies separately.

2) Key Definitions

Personal Information (PI/Personal Data): information that identifies or can reasonably be linked to an individual or household.

Access Pass: a one-time, time-limited digital right to view gated content (no auto-renew).

Process/Processing: any operation performed on Personal Information.

Sale / Share (CPRA): “sale” = disclosure for monetary/other valuable consideration; “share” = disclosure for cross-context behavioral advertising.

3) What We Collect & Sources

We collect only what we need to operate the service, prevent fraud, and meet legal/PSP obligations.

A. You provide directly

  • Account & contact: email, optional display name, country/state, messages sent to support@thethairoad.com.
  • Purchase details: product, amount, timestamp, non-PAN transaction metadata.
  • Age/ID verification (only if requested): limited attributes to confirm 18+ (e.g., name, DOB, document type/issuer, last4), processed by a verification provider.

B. Automatically

  • Device/usage: IP address, user agent, device/OS/browser, language, referrer, pages viewed, session IDs, time on page.
  • Approximate location: derived from IP (compliance, fraud prevention, localization).
  • Cookies/SDKs: essential cookies for login, purchase flow, security; analytics cookies to understand performance (no ad targeting).

C. From third parties

  • Payment processors/acquirers: authorization/settlement tokens, fraud signals (we do not store full card numbers).
  • Fraud/abuse & age-verification vendors.
  • Hosting/ops/communications: cloud logs, email delivery status.

Sensitive data: we do not intentionally collect Sensitive Personal Information except what is strictly necessary for age/ID or fraud checks; when collected, use is limited to that purpose.

4) Why We Use Personal Information (Purposes)

  • Provide/operate the Site (accounts, deliver Access Passes).
  • Payments & billing (via PCI-DSS compliant processors).
  • Fraud prevention & security (detect abuse, scraping, chargebacks, sanctions/geo controls).
  • Age/ID verification when required by law, risk, or card-network rules.
  • Customer support & communications (confirmations, receipts, service messages).
  • Legal & compliance (tax/bookkeeping, AML/sanctions screening, lawful requests).
  • Analytics & performance (aggregate usage to improve the Site).
  • Safety & enforcement (investigate Terms/AUP violations, protect users and the public).

Automated decisions: we do not use automated decision-making producing legal/similar significant effects, beyond limited fraud/abuse and sanctions/geo screening; where required, you can request human review.

5) Legal Bases (EU/UK)

  • Contract (Art. 6(1)(b)): provide the Site and fulfill purchases.
  • Legitimate interests (Art. 6(1)(f)): security/fraud prevention, analytics, communications, record-keeping (balanced against your rights).
  • Legal obligation (Art. 6(1)(c)): tax, accounting, lawful requests, sanctions/AML.
  • Consent (Art. 6(1)(a)): non-essential analytics cookies; certain verification flows where mandated.

6) How We Disclose Information

We disclose Personal Information to service providers (processors) under written contracts, restricted to our instructions:

  • Payment processing & acquiring banks (PCI-DSS compliant).
  • Fraud/abuse & age-verification vendors.
  • Hosting, email delivery, customer support tools.
  • Analytics (aggregate/limited).
  • Professional advisors (legal/accounting) under confidentiality.
  • Authorities/law enforcement when legally required or to protect rights/safety.
  • Corporate transactions (merger/acquisition/financing) with appropriate safeguards.

We do not sell Personal Information and do not share it for cross-context behavioral advertising as defined by CPRA. If this changes, we will update this Policy, add a “Do Not Sell or Share” link, and continue honoring Global Privacy Control (GPC).

7) Cookies & Similar Technologies

We use:

  • Essential cookies (authentication, purchase flow, security/rate-limit).
  • Analytics cookies (aggregate usage; no ad targeting).

Your choices: manage cookies in your browser/device. If you enable GPC or Do Not Track, we treat it as an opt-out of analytics cookies to the extent feasible. Blocking essential cookies may impair the Site. (If you maintain a separate Cookie Policy page, link it here and in your footer.) See our Cookie Policy.

8) Data Retention

We retain Personal Information only as long as needed for the purposes above, then delete or de-identify it.

Record TypeTypical RetentionRationale
Transaction records7 yearsTax/bookkeeping; chargeback defense
Account & contactActive + 24 monthsSupport history; audit
Support tickets24 months post-closureQA, dispute traceability
Security/access logs12–24 monthsThreat investigation
Age/ID artifactsShortest necessary; then deleted/hashedEligibility, legal/PSP needs

Retention periods may be extended where required by law, dispute, or enforcement.

9) Security

We use administrative, technical, and physical safeguards appropriate to risk (TLS/HTTPS site-wide, least-privilege access, MFA for admin, logging/alerting). Card data is processed by PCI-DSS compliant processors; we do not store full PAN, CVV, or track data. No system is 100% secure; we maintain an incident response process and will notify you of a breach as required by law.

10) Age, Safety & Prohibited Use

The Site is 18+ only. We maintain an age-gate and may request age/ID verification. We do not knowingly collect data from minors; if we learn we have, we will delete it. The Site may not be used to solicit, promote, or facilitate illegal services, including prostitution or trafficking. Report safety concerns to support@thethairoad.com (include URLs, timestamps).

11) International Transfers

We are U.S.-based. Your data may be processed in the United States and other countries where our providers operate. For EU/UK transfers, we rely on appropriate safeguards (e.g., Standard Contractual Clauses and supplementary measures) where required.

12) Your Rights & How to Exercise Them

A. U.S. State Rights (e.g., CA, VA, CO, CT, UT)

  • Know/Access: categories and specific pieces of Personal Information; sources; purposes; categories of disclosures.
  • Correct inaccurate Personal Information.
  • Delete Personal Information (subject to legal/operational exceptions, e.g., tax records, fraud defense).
  • Data portability: receive certain information in a portable format.
  • Opt-out of sale/share/targeted advertising: we do not sell/share Personal Information as defined by CPRA.
  • Limit use of Sensitive PI: not applicable; we do not use Sensitive PI for purposes requiring a right to limit.

How to submit: email support@thethairoad.com with your request type.
Verification: we may verify via email challenge and/or known transaction facts.
Timelines: we aim to respond within 45 days (may extend once by 45 days with notice).
Authorized agents: may submit with proof of authority; we may require direct user verification.
Appeals (VA/CO/CT): reply to our response to appeal; we will provide the outcome and further options.

B. EU/UK GDPR Rights

You may have rights to access, rectify, erase, restrict, portability, object, and withdraw consent (where processing relies on consent). You may object to processing based on legitimate interests, and to certain automated decisions. Submit requests to support@thethairoad.com. You can lodge a complaint with your supervisory authority (e.g., ICO or your local DPA).

13) Global Privacy Control & “Do Not Track”

We treat a valid GPC signal as an opt-out of analytics cookies (and as a “do not sell/share” preference where applicable). Industry DNT standards vary; we will continue to monitor and update our handling.

14) Third-Party Links

We may link to third-party sites/services. Their privacy practices are not our responsibility; review their policies.

15) Non-Discrimination

We will not discriminate against you for exercising your privacy rights (e.g., no denial of goods/services, different prices, or quality). If we ever offer a program that constitutes a financial incentive under CPRA, we will present a separate notice and opt-in.

16) Subprocessors & Disclosures

We work with vetted service providers. A current list of core categories (payments, hosting, email delivery, analytics, fraud/ID verification) is available on request at support@thethairoad.com. We will provide material updates as required by law.

17) Law-Enforcement, Legal Requests & Safety

We may preserve or disclose information if we reasonably believe it is necessary to: comply with applicable law, regulation, legal process, or governmental request; enforce our Terms; address fraud, security, or technical issues; or protect the rights, property, or safety of users or the public.

18) Changes to this Policy

We may update this Policy from time to time. Material changes will be posted with a new “Last updated” date and, where appropriate, additional notice. Continued use after changes become effective constitutes acceptance.

19) Controller & Contact

Strathex Systems LLC
(BUSINESS ADDRESS COMING SOON)
support@thethairoad.com | +1 (417) 741-3339

20) California Notice at Collection (CPRA)

Categories collected (last 12 months): identifiers (email, IP), commercial info (purchase records), internet activity (usage logs), general geolocation (from IP), and info you provide for age/ID verification if requested.

Purposes: see Section 4. Retention: see Section 8. Sources: you; your device; processors; fraud/verification vendors.

Sensitive PI: only if strictly necessary for age/ID or fraud checks; used solely for those purposes.

Sale/Share: we do not sell or share Personal Information as defined by CPRA.

How to exercise rights: support@thethairoad.com.