Privacy Policy

PrideShow.org ("PrideShow", "we", "us") is operated by Messe Asia Co., Ltd., a company registered in Bangkok, Thailand. We act as the data controllerfor the personal data described in this policy under the Personal Data Protection Act B.E. 2562 (2019) (the "PDPA").

Contact our privacy team: privacy@prideshow.org

We collect personal data in three ways:

• When you sign in. If you sign in with Google or LINE, we receive your email address, name, and profile photo from that provider. If you use our email magic-link sign-in instead, we only receive the email address you type in.
• When you claim or register a listing. We collect the information you provide in the claim or registration form — typically business name, role, website, social handles, and verification evidence (such as a company email address or a social-media post).
• When you use the platform. Our servers automatically log basic request metadata (IP address, user-agent, timestamps) for security and abuse prevention.

Sensitive data. Because PrideShow catalogues the LGBTQ+ ecosystem in Thailand, the fact that you hold an account or claim a listing may reveal information about sexual orientation or gender identity — a category treated as sensitive personal data under the PDPA. By creating an account or submitting a claim, you give explicit consent to our processing of this information for the purposes described in section 4.

When you first visit the site you will see a cookie banner. You can accept all, reject non-essential, or customise your choices by category. Your decision is stored in a first-party cookie (ps-cookies) for 12 months; you can change or withdraw consent at any time via the “Cookie settings” link in the footer.

We group cookies into four categories:

• Strictly necessary(always on, exempt from consent under PDPA §24(5) and GDPR recital 30) — NextAuth session cookie, CSRF cookie, theme preference (ps-theme), 18+ age-gate cookie (ps-18plus) on adults-only pages, and the consent record itself (ps-cookies).
• Analytics(opt-in) — anonymous first-party usage signals such as which directories are most visited. We do not run analytics today; your choice applies the moment we enable any.
• Preferences(opt-in) — non-essential settings such as saved directory filters or language.
• Marketing(opt-in) — campaign-response measurement so we can avoid over-emailing supporters. Not currently active.

We do not use advertising cookies or third-party analytics that track you across other websites. If that ever changes we will bump the consent version and re-prompt you before loading any new category.

We process personal data on the following PDPA legal bases:

• Contractual necessity— to create and operate your account, verify ownership of listings, and deliver features you request.
• Legitimate interest— to prevent fraud and abuse, secure the platform, and improve the service. We balance this against your privacy rights before relying on it.
• Explicit consent— for the inference, if any, about sexual orientation or gender identity that may arise from your use of a platform dedicated to the LGBTQ+ ecosystem. You can withdraw this consent at any time by deleting your account (section 7).
• Legal obligation— where we must retain records to comply with Thai law (e.g. tax, accounting).

We share personal data only with the service providers we rely on to run the platform, under written contracts that oblige them to protect your data:

• Cloudflare, Inc.— hosting, database (D1), object storage (R2), and DNS. Primary storage is in the Asia-Pacific region.
• Resend, Inc.— transactional email, including magic-link sign-in emails and notifications.
• Google LLC and LINE Corporation— as OAuth providers when you choose to sign in with their services. Their own privacy policies govern what they share with us.

We do not sell personal data. We do not share personal data with advertisers. Listings marked as published in our public directories are visible to anyone who visits the site — that is the point of a directory, but it is not the same as sharing your private data.

Your account data and listing data are stored in Cloudflare D1 databases located in the Asia-Pacific region (primary). Email delivery via Resend may transit servers in other regions. Where data leaves Thailand, we rely on the safeguards required by the PDPA (standard contractual terms with our subprocessors).

As a data subject in Thailand, you have the right to:

• Access — obtain a copy of your personal data.
• Rectify — correct data that is inaccurate or incomplete.
• Erase — ask us to delete your data (subject to legal retention requirements).
• Restrict — limit how we process your data.
• Object — object to processing based on legitimate interest.
• Portability — receive your data in a machine-readable format.
• Withdraw consent — at any time, with effect from the point of withdrawal.
• Lodge a complaint — with the Personal Data Protection Committee (PDPC) of Thailand.

You can exercise most of these rights directly from your privacy dashboard (download your data, delete your account), or by emailing privacy@prideshow.org. We will respond within 30 days.

We retain your account data for as long as your account is active. When you delete your account, we remove your personal data within 30 days, except where Thai law requires us to keep specific records (e.g. financial records for tax audits — typically up to 10 years). Anonymised, aggregated statistics about platform use may be kept indefinitely.

We take reasonable technical and organisational measures to protect your data: TLS everywhere, passwordless authentication (no password databases to leak), scoped access to the production database, and regular review of our third-party subprocessors. No system is perfectly secure — if we ever discover a breach that affects your data, we will notify you and the PDPC in line with PDPA section 37.

PrideShow is not intended for people under 20 years of age (the age of majority in Thailand). If you are aged 10–20, the PDPA requires parental consent for us to process your personal data. If we learn that we hold data on a child without the required consent, we will delete it.

We may update this policy from time to time. If the changes are material we will notify you by email (to the address on your account) at least 14 days before they take effect. The current version number and effective date are shown at the top of this page.

Messe Asia Co., Ltd.
Bangkok, Thailand
Email: privacy@prideshow.org

Regulator: Office of the Personal Data Protection Committee (PDPC), Ministry of Digital Economy and Society, Thailand.