Security & Compliance

Regulatory Compliance

CryptoThailand operates under the full supervision and regulation of Thailand's Securities and Exchange Commission (SEC Thailand). We maintain the highest standards of compliance with Thai financial laws and regulations.

Thai Regulatory Framework

• Licensed Digital Asset Exchange under Thai SEC oversight
• Full compliance with Foreign Exchange Act B.E. 2508 (1965)
• Adherence to Anti-Money Laundering (AML) Act B.E. 2542 (1999)
• Complete Know Your Customer (KYC) verification procedures
• Regular regulatory reporting and compliance audits
• Bank of Thailand coordination for cross-border payments

International Compliance Standards

• FATF (Financial Action Task Force) AML/CFT recommendations compliance
• EU GDPR principles for data protection
• ISO 27001 Information Security Management
• PCI DSS Level 1 compliance for payment processing
• SOC 2 Type II certification (audited annually)

Our Compliance Certifications

Data Protection & Privacy

We strictly comply with Thailand's Personal Data Protection Act (PDPA) B.E. 2562 (2019) and international data protection standards.

Data Protection Measures

• Role-based access control (RBAC) for all staff members
• Multi-factor authentication (MFA) enforcement for employees
• Encrypted backups stored in secure, redundant facilities
• Regular data security audits and vulnerability assessments
• Strict employee training on data protection protocols
• 30-day incident response SLA for data breaches

Your Privacy Rights

Under Thai PDPA, you have the right to:

• Access your personal data at any time
• Request correction of inaccurate information
• Request deletion of your data (where legally permitted)
• Restrict data processing for specific purposes
• Obtain your data in a portable format
• Object to specific types of data processing

For privacy inquiries, contact our Data Protection Officer at dpo@cryptothailand.com

Security Incident Response

We maintain comprehensive incident response procedures to handle any security incidents swiftly and transparently.

Our Incident Response Protocol

Security Best Practices for Users

While we provide enterprise-grade security, user account security is equally important. Follow these best practices:

Account Security

• Enable two-factor authentication (2FA) on your account immediately
• Use a strong, unique password (16+ characters with mixed case, numbers, symbols)
• Never share your password or 2FA codes with anyone
• Update your password every 90 days
• Use a password manager to store your credentials securely

Device Security

• Keep your operating system and applications updated
• Use reputable antivirus and anti-malware software
• Use a VPN on public WiFi networks
• Avoid accessing your account on public or shared computers
• Enable firewall protection on your personal devices

Phishing Prevention

• Always verify the URL before entering sensitive information
• Never click links in unsolicited emails from unknown senders
• Be wary of requests to "verify" account information
• Report suspicious emails to security@cryptothailand.com
• Bookmark our official website and use it directly

Audit & Attestation

We maintain transparency through regular independent audits and security certifications.

Recent Audits & Certifications

Vulnerability Disclosure Program

We take security research seriously. If you discover a security vulnerability, please report it responsibly:

• Email security@cryptothailand.com with vulnerability details
• Include proof of concept where applicable
• Do not publicly disclose the vulnerability until we've had 90 days to fix it
• Eligible researchers may receive bug bounty rewards

We appreciate responsible disclosure and will acknowledge all submissions within 24 hours.

Contact Information

For security-related inquiries:

• Security Issues: security@cryptothailand.com
• Compliance Questions: compliance@cryptothailand.com
• Data Protection: dpo@cryptothailand.com
• General Inquiries: support@cryptothailand.com