Data Sovereignty &
Privacy Architecture
At Crimson Sun Analytics, we treat enterprise performance data with the same rigor required for clinical or financial instrumentation. Our privacy framework ensures that your strategic intelligence remains secure, transparent, and compliant with global standards.
The Intelligence Inventory
To deliver high-fidelity kpi analytics, we collect data that falls into three specific categories. We do not engage in broad-spectrum tracking; every data point must serve a quantifiable metric within your performance ecosystem.
We distinguish between 'Identity Data' used for platform access and 'Operational Data' used for enterprise performance modeling. Your operational data is siloed and encrypted at the database level, ensuring that analytical insights are decoupled from personal identifiers whenever possible.
Administrative Identity
Name, corporate email, role, and authentication logs required to maintain secure access to data dashboards.
System Telemetry
IP addresses, browser signatures, and interaction heatmaps used to optimize dashboard rendering and detect unauthorized access attempts.
Integration Metadata
Schema structures and API handshake logs from your connected ERP or CRM systems, used to troubleshoot data synchronicity.
Processing Foundations
Legitimate Interest
We process data to fulfill our contractual obligation to provide performance intelligence. This includes the automated calculation of KPIs and the generation of strategic reports.
Model Training Isolation
Analytic models are trained per-client. Your data is never pooled with other organizations to improve general algorithms without explicit, high-level written consent and anonymization.
No Third-Party Monetization
Crimson Sun Analytics is not an advertising or data-brokerage firm. We never sell, lease, or trade your personal or organizational intelligence to outside marketing entities.
Encryption & Access Tiers
A visual representation of our "Zero-Trust" architecture for analytical data handling.
TLS 1.3 & Mutually-Authenticated Channels
All data moving between your enterprise servers and our analytics engine is protected by AES-256 encryption. We utilize certificate pinning to prevent man-in-the-middle interceptions on all KPI data streams.
Hardware Security Modules (HSM)
Database records are encrypted using keys managed via dedicated HSMs located in Tier-4 data centers. Even in the event of physical drive seizure, your performance data remains a cryptographic noise field.
Granular Role-Based Access (RBAC)
Access to client environments by Crimson Sun engineers is permitted only for diagnostic purposes via temporary, just-in-time tokens with full session logging. All employees undergo quarterly security vetting.
AUTH_EVENT: TOKEN_GRANTED_FOR_DIAGNOSTICS
EXPIRY: 3600 SECONDS
Subject Rights & Portability
Under the PDPA (Thailand) and GDPR equivalents, our clients reserve the right to audit their own data trail. This includes the right to request a complete export of all raw performance inputs processed during the contract tenure.
You may exercise your right to rectification if any historical KPI data is found to be based on inaccurate source feeds. We provide tools for correction that maintain the integrity of longitudinal trends.
Erasure & Retention
We maintain data only as long as necessary to provide current and historical performance comparisons. Standard retention periods for inactive accounts is 24 months, after which data is purged at the physical block level.
Upon termination of service, customers can request 'Immediate Permanent Erasure'. All backups and failover snapshots will cycle out the deleted records within 30 days of the request.
Privacy Governance
For formal inquiries regarding our data handling practices, sub-processor lists, or to submit a Subject Access Request (SAR), contact our designated privacy team.
- info@crimsonsunanalytics.digital
- +66 2 242 8708
- Phaya Thai Road 380, Bangkok
- Mon-Fri: 9:00-18:00