Security & PDPA

Your data is safe with OneMember

We take data protection seriously. OneMember is built to comply with Thailand's PDPA and industry security standards.

PDPA Compliance

OneMember is designed to comply with Thailand's PDPA. Consent captured at enrolment. Members can request data access or deletion at any time.

Data Encryption

All data encrypted in transit (TLS 1.2+) and at rest. Passwords hashed with bcrypt. No plain-text credentials ever stored.

Email Verification

All merchant accounts require verified email addresses before access is granted.

Multi-Tenant Isolation

Every merchant's data is strictly isolated. All resource access is authorised at the query level.

Secure Payments

Billing handled by Stripe (PCI-DSS Level 1). OneMember never stores card numbers.

No Developer Tools in Production

Debug tools and developer routes are completely disabled in production.

PDPA — Thailand Personal Data Protection Act

OneMember is built to comply with the PDPA (พระราชบัญญัติคุ้มครองข้อมูลส่วนบุคคล พ.ศ. 2562). Key protections:

  • Explicit consent is obtained from every member at enrolment
  • Members can access their own data via their QR card portal
  • Merchants can process member data deletion requests from the dashboard
  • Data is processed only for the purpose stated at enrolment
  • Data is not sold or shared with third parties
  • Breach notification procedures are documented internally

PDPA compliant since launch

Responsible Disclosure

We take security vulnerabilities seriously. If you discover a security issue in OneMember, please report it responsibly.

What to report
  • Authentication or authorisation bypasses
  • Cross-tenant data access
  • SQL injection or XSS vulnerabilities
  • Sensitive data exposure
How to report

Email us at security@onemember.co

We will acknowledge your report within 48 hours and aim to resolve critical issues within 7 days.

Questions about security or privacy?

Our team is happy to answer security questions or discuss data processing agreements for enterprise customers.