Privacy Policy Copy — /privacy-policy

Privacy Policy

Effective date: [DATE]

Last updated: [DATE]

Klear Vision Co., Ltd. ("Klear", "we", "us", "our") is the data controller for your personal data under the Personal Data Protection Act B.E. 2562 (PDPA).

Registered address: [ADDRESS TBD — pending company registration] Privacy contact: privacy@kleareyes.com

We collect the following data when you use our services or place an order with Klear:

Data you provide directly

• First and last name
• Email address
• Phone number
• Shipping address
• Prescription data (SPH, CYL, Axis, ADD, PD for both eyes) — classified as sensitive personal data under PDPA Section 26
• LINE User ID (if you log in with LINE)

Data generated through your use of our service

• Order history
• Chosen payment method type (type only — card numbers never reach our servers)
• Device and browser data (for product analytics)

We process your personal data for the following purposes and on the following legal bases:

Important: Consent for prescription data is collected via a separate checkbox — it is never bundled with acceptance of our Terms of Service. You may withdraw consent at any time without affecting the lawfulness of any prior processing.

Prescription data is sensitive personal data. We protect it with the highest standards:

• AES-256 encryption via pgcrypto in our database
• Encryption keys held in Supabase Vault — never in source code or configuration files
• Access restricted to only the systems and personnel required to process your order
• Transmitted to the optical lab over a secure channel, for lens manufacturing purposes only
• Retained for 2 years from the date of creation, then deleted or anonymised

We do not sell your personal data. We share it only in the following circumstances:

Service partners required for fulfilment

• Optical lab partner — receives only the prescription data and frame specifications needed for lens production, nothing else
• Payment gateway (Omise / 2C2P / GBPrimePay — TBD) — receives only the order amount and a tokenised payment reference; card numbers never touch Klear's servers
• LINE Corporation — for LINE Login and LINE OA messaging services, under LINE's own privacy policy

Infrastructure providers (Data Processors)

• Vercel (hosting), Railway (backend), Supabase (database), Cloudflare (CDN) — all under data processing agreements

Other circumstances

• When required by law or by a valid court order
• To protect the rights, property, or safety of Klear and our users

We use PostHog for product analytics. Data collected consists of anonymised event data (e.g., pages visited, steps taken in the ordering flow). We do not use cookies for advertising or cross-site tracking.

At launch, we do not use Meta Pixel, Google Ads Remarketing, or any third-party advertising trackers.

You can decline non-essential cookies via our consent banner.

As a data subject, you have the following rights:

To exercise any of these rights: email privacy@kleareyes.com stating which right you wish to exercise. We will respond within 30 days.

In the event of a personal data breach, Klear will notify the Office of the Personal Data Protection Committee (PDPC Thailand) within 72 hours, and will notify affected individuals without undue delay, in accordance with PDPA Section 37.

We may update this policy from time to time. Material changes will be notified to you via email or LINE OA, with a new effective date. Continued use of the service after notification constitutes acceptance of the updated policy.

If you have questions about this Privacy Policy or wish to exercise your rights, contact us at:

Email: privacy@kleareyes.com LINE OA: @kleareyes