Privacy Policy

This Privacy Policy explains how SCAI Security (“we”, “us”, “our”) collects, uses, discloses, and protects information when you use the SC Security web application (the “App”).

The App is a role-based administrative dashboard designed to support security operations, including management of accounts, sites, users, patrol operations, devices, visitor management (VMS), reports, and related security workflows.

If you do not agree with this Privacy Policy, please do not use the App.

1) Who is responsible for your data

SCAI Security acts as a data controller or data processor, depending on the deployment model and contractual arrangement with your organization.

In many enterprise deployments, your organization (such as an employer or customer) acts as the data controller for operational and security data entered into the App, while SCAI Security acts as a service provider / data processor.

Contact:
Email: sc.info@scai.co.th

(or your organization’s system administrator)

2) Information we collect

A. Information you provide

Depending on your role, permissions, and enabled features, you may provide:

• Account and company information (e.g., company name, address, tax ID, account or site identifiers)
• User and profile information (e.g., name, email or username, role assignments, associated accounts or sites)
• Operational and security data, such as:
  • checkpoints and QR codes
  • patrol sessions, patrol reports, and incident records
  • security devices and VMS devices (e.g., kiosks, tablets, mobile devices)
  • visitor management data (e.g., visitor bookings or booking links), where enabled
  • files and images uploaded to the App, such as company logos
  • assistant/chat content (if enabled), including messages or prompts you submit through the App

B. Information collected automatically

When you use the App, we may automatically collect:

• Authentication and session data required to maintain login sessions
• Device and usage information, such as browser type, pages or screens accessed, timestamps, and diagnostic data (typically via standard server or application logs)
• Identifiers stored in your browser, including:
  • an authentication token stored in localStorage
  • a chat session identifier stored in localStorage to maintain chat continuity
  • a language or locale preference stored via cookies

3) How we use information

We use the collected information to:

• Provide, operate, and maintain the SC Security App
• Authenticate users and enforce role-based access control
• Process actions initiated by authorized users, such as managing users, sites, devices, patrol operations, visitor records, and reports
• Upload, store, and display files or assets within the App
• Provide assistant or chat functionality and generate responses to user queries (where enabled)
• Maintain system security, prevent unauthorized access, detect misuse, and support audit or monitoring activities
• Troubleshoot issues and improve system performance, reliability, and user experience

3.1 Legal basis for processing

Where required by applicable data protection laws (including PDPA or GDPR), personal data is processed based on one or more of the following legal bases:

• Performance of a contract to provide and operate the App
• Legitimate interests, such as security monitoring, fraud prevention, and system improvement
• Compliance with legal obligations
• Consent, where explicitly obtained (for example, optional assistant or chat features)

4) How we share information

We may share or disclose information:

• With backend services required for the App to function, including APIs used for authentication, authorization, feature access, reporting, file uploads, and assistant/chat requests
• With Google Cloud Platform (GCP) services, including Cloud Run, which host and operate the App’s backend infrastructure
• With Google Cloud AI services (Gemini), where the assistant/chat feature is enabled, to process user inputs and generate responses
• With storage or hosting providers used to store and serve uploaded files or assets
• With service providers that support infrastructure operations, monitoring, or technical support, under appropriate security and confidentiality protections
• When required by law or necessary to protect the rights, safety, or integrity of users, organizations, or the service

We do not sell personal information.

5) Assistant and AI processing

Where the assistant or chat feature is enabled:

• User inputs may be processed using Google Cloud AI services (Gemini) to generate responses within the App
• Chat and assistant data is processed solely for the purpose of providing the requested functionality
• Such data is not used by SCAI Security to train public or general-purpose AI models
• Processing is subject to applicable agreements, safeguards, and security controls provided by Google Cloud

6) Cookies and similar technologies

The App uses cookies and browser storage to support core functionality:

• Cookies (such as locale cookies) to store language preferences
• localStorage or sessionStorage to store authentication tokens, application state, and chat session identifiers

You may manage cookies and site data through your browser settings. Disabling cookies or browser storage may prevent login or cause certain features to function incorrectly.

7) Data retention

We retain information:

• For as long as necessary to provide the App and fulfill legitimate business or security purposes
• In accordance with your organization’s data retention policies in enterprise deployments
• Until authentication or session data stored in your browser is cleared, expired, or removed when you log out or clear site data

8) Security

We implement reasonable technical and organizational measures designed to protect information from unauthorized access, use, alteration, or disclosure.

The SC Security backend is deployed on Google Cloud Platform, benefiting from Google Cloud’s physical, network, and infrastructure security controls. Communications with the App are protected using encrypted connections (HTTPS/TLS), and access is governed by authentication and role-based authorization.

Important:
The App stores an authentication token in the browser (localStorage). You should protect your device, keep software up to date, and log out when using shared or public computers.

9) Data breach notification

In the event of a data breach that poses a risk to individuals’ rights and freedoms, we will take appropriate steps to investigate, mitigate, and notify affected parties and relevant authorities in accordance with applicable law.

10) Your rights and choices

Depending on applicable law and your organization’s deployment model, you may have rights to:

• Access, correct, or delete personal information
• Object to or restrict certain processing
• Request data portability, where applicable

In enterprise environments, most user accounts and operational data are managed by your organization’s administrator. Please contact your administrator first, or reach us using the contact details above.

11) Children’s privacy

The App is not intended for children, and we do not knowingly collect personal information from children.

12) International data transfers

The App backend is hosted on Google Cloud Platform (Cloud Run). Depending on system configuration, information may be processed in data centers located outside your country.

We rely on Google Cloud’s contractual, technical, and organizational safeguards to support international data transfers in compliance with applicable data protection laws.

13) Changes to this Privacy Policy

We may update this Privacy Policy from time to time. Any updates will be published with a revised Effective date.

14) Contact us

If you have questions, requests, or concerns regarding this Privacy Policy:
Email: sc.info@scai.co.th