We take data protection seriously. OneMember is built to comply with Thailand's PDPA and industry security standards.
OneMember is designed to comply with Thailand's PDPA. Consent captured at enrolment. Members can request data access or deletion at any time.
All data encrypted in transit (TLS 1.2+) and at rest. Passwords hashed with bcrypt. No plain-text credentials ever stored.
All merchant accounts require verified email addresses before access is granted.
Every merchant's data is strictly isolated. All resource access is authorised at the query level.
Billing handled by Stripe (PCI-DSS Level 1). OneMember never stores card numbers.
Debug tools and developer routes are completely disabled in production.
OneMember is built to comply with the PDPA (พระราชบัญญัติคุ้มครองข้อมูลส่วนบุคคล พ.ศ. 2562). Key protections:
PDPA compliant since launch
We take security vulnerabilities seriously. If you discover a security issue in OneMember, please report it responsibly.
Email us at security@onemember.co
We will acknowledge your report within 48 hours and aim to resolve critical issues within 7 days.
Our team is happy to answer security questions or discuss data processing agreements for enterprise customers.