Legal & compliance
Privacy Policy
How Skylance collects, uses, and protects your personal information — in plain language, under Thailand’s PDPA and applicable US law.
1. Who we are
Skylance is an independent strategy practice operated by Bryan Alexandros, with offices in Austin, Texas (USA) and Bangkok, Thailand. Skylance acts as the data controller for personal information collected through this website (www.skylance.org) and any communications you initiate with us.
For purposes of Thailand’s Personal Data Protection Act B.E. 2562 (PDPA), Skylance is the data controller. For US visitors, this policy reflects our practices under applicable federal and state law.
2. What we collect
We only collect information you provide directly or that arises as a technical byproduct of visiting the site.
| Category | Examples | How collected |
|---|---|---|
| Contact data | Name, email address, WhatsApp / phone number, message content, preferred contact method | Contact form submission |
| Technical data | IP address, browser type, device type, page visited, timestamp | Automatic — collected by Cloudflare (our hosting and security provider) and Google (Fonts CDN) |
| Communications | Content of emails, WhatsApp, or Signal messages you send us | Direct communication you initiate |
We do not collect sensitive personal data (health, financial, biometric, or political data), and we do not use tracking pixels, advertising tags, or behavioral profiling tools.
3. How we use your information
| Purpose | Legal basis (PDPA) | Legal basis (US) |
|---|---|---|
| Responding to your inquiry or request for a conversation | Consent (Section 19) / Contractual necessity | Legitimate business interest |
| Maintaining records of client communications | Legitimate interest (Section 24(5)) | Legitimate business interest |
| Site security and fraud prevention (via Cloudflare Turnstile) | Legitimate interest (Section 24(5)) | Legitimate business interest |
| Delivering website fonts and content reliably | Legitimate interest (Section 24(5)) | Legitimate business interest |
We never sell, rent, or trade your personal data to third parties. We do not use your information for automated decision-making or profiling that produces legal effects on you.
4. Third-party service providers
We share data with the following sub-processors solely to operate this website. Each is bound by its own privacy commitments.
| Provider | Purpose | Data shared |
|---|---|---|
| Cloudflare | Website hosting, CDN, DDoS protection | IP address, page requests, technical headers |
| Cloudflare Turnstile | Bot / spam protection on the contact form | Browser signals, behavioral interaction data |
| Google LLC (Fonts API) | Delivering web fonts (Inter Tight, Instrument Serif, Roboto Mono) | IP address, browser type |
We do not use Google Analytics, Facebook Pixel, LinkedIn Insight, or any advertising or retargeting platform. If that changes, this policy will be updated and a new consent request issued.
5. Cookies and local storage
Skylance itself sets no persistent tracking cookies. The only browser storage we write is a single key (sl_cookie_consent) that records your response to the cookie consent banner, so we do not ask again on every visit.
Third-party services loaded by this site may set their own cookies:
- Cloudflare — may set
__cf_bm(bot management, session-scoped, deleted when you close your browser) - Cloudflare Turnstile — sets a short-lived token cookie to verify your interaction with the contact form
- Google Fonts — Google states it does not use font requests to build advertising profiles; no persistent cookie is set for fonts alone
You can clear or block cookies at any time in your browser settings. Blocking Cloudflare’s cookies may affect site functionality.
6. How long we keep your data
| Data type | Retention period |
|---|---|
| Contact form submissions and follow-up communications | 36 months from date of last contact, unless a client relationship requires longer retention |
| Technical server logs (Cloudflare) | Per Cloudflare’s retention policy — typically 30 days for raw logs |
| Google Fonts request logs | Per Google’s retention policy |
When retention periods expire, data is deleted or anonymised so it can no longer be attributed to you.
7. Cross-border data transfers
Skylance operates from Thailand and the United States. Your contact form data is processed by Cloudflare’s global network, which may route traffic through data centers in multiple countries. Cloudflare applies Standard Contractual Clauses and participates in applicable cross-border transfer frameworks.
Google Fonts requests are routed through Google’s global CDN. Google LLC is certified under applicable international data transfer mechanisms.
If you are a resident of Thailand, this cross-border transfer is made on the basis of our legitimate interest in delivering a functional and secure website, and the technical necessity of using industry-standard CDN infrastructure.
8. Your rights
Under Thailand’s PDPA (Sections 30–36), you have the following rights regarding personal data we hold about you:
- Right to access — request a copy of the personal data we hold about you
- Right to data portability — receive your data in a structured, machine-readable format
- Right to rectification — ask us to correct inaccurate or incomplete data
- Right to erasure — ask us to delete your personal data (subject to legal obligations)
- Right to restrict processing — ask us to pause processing while a dispute is resolved
- Right to object — object to processing based on legitimate interest
- Right to withdraw consent — where processing is based on consent, withdraw it at any time without affecting prior processing
US residents in states with active privacy laws (e.g., California CCPA/CPRA, Texas TDPSA) may have additional or equivalent rights, including the right to know what data is collected, to delete it, and to opt out of its sale (we do not sell data).
To exercise any of these rights, email contact@skylance.org with the subject line Privacy Request. We will respond within 30 days. There is no charge for a first request in any 12-month period.
9. Security
We take reasonable technical and organisational measures to protect your data against unauthorised access, alteration, disclosure, or destruction. These include TLS encryption for all data in transit, Cloudflare’s DDoS and firewall protection, and access limited to the data controller (Bryan Alexandros).
No method of electronic storage or transmission is 100% secure. If you have concerns about a specific data security matter, please contact us directly.
10. Children
This website is directed at business professionals and executives. We do not knowingly collect personal data from anyone under the age of 18. If you believe we have inadvertently collected data from a minor, please contact us and we will delete it promptly.
11. Changes to this policy
We may update this policy from time to time. If changes are material, we will note the new effective date at the top of the page. Continued use of the site after an update constitutes acceptance of the revised policy. For significant changes affecting how we use your data, we will make reasonable efforts to notify you directly if we hold your contact information.
12. Contact us
For privacy-related requests, questions, or complaints, contact us at:
Bryan Alexandros
Skylance
5900 Balcones Drive, Suite 100, Austin, TX 78731, USA
Sukhumvit Soi 31, Bangkok 10110, Thailand
contact@skylance.org
If you are located in Thailand and believe your PDPA rights have not been respected, you may lodge a complaint with the Personal Data Protection Committee (PDPC).
Effective date: 15 June 2026 · Austin / Bangkok