Privacy Policy

ThinkHuge Ltd. ("Company", "we", "us", or "our"), operating as PingCore, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use our website, platform, APIs, and related services (collectively, the "Service").

We are registered in Hong Kong with our office at 26th Floor, Beautiful Group Tower, 77 Connaught Road Central, Central, Hong Kong.

By using the Service, you consent to the practices described in this Privacy Policy. If you do not agree, please do not use the Service.

ThinkHuge Ltd. is the data controller for the personal data processed through the Service. For questions or requests regarding your data, contact us at [email protected].

3.1 Information You Provide

• Registration data: Company name, contact name, email address, use case, and any additional information you provide in the registration form.
• Account data: Login credentials, API keys, team membership, and permission settings.
• Payment data: Billing information processed through Stripe. We do not store full credit card numbers on our servers.
• Communications: Any messages, support requests, or feedback you send to us.

3.2 Information Collected Automatically

• Usage data: Pages visited, features used, API calls made, and interactions with the platform.
• Device and browser data: IP address, browser type, operating system, device type, and screen resolution.
• Analytics data: We use Google Analytics to understand how visitors interact with our website. This includes information about page views, session duration, referral sources, and geographic location (at a city or region level).
• Log data: Server logs including timestamps, API endpoints accessed, HTTP methods, response codes, and IP addresses.

We use cookies and similar technologies for the following purposes:

You can control cookies through your browser settings. Disabling certain cookies may limit your ability to use some features of the Service. For more information about Google Analytics and how to opt out, visit Google's opt-out page.

We use your personal data to:

• Provide, operate, and maintain the Service
• Process registrations, create accounts, and manage your relationship with us
• Process payments and manage billing
• Respond to your inquiries and provide customer support
• Send service-related communications (e.g., billing alerts, maintenance notices)
• Monitor and improve the performance, security, and reliability of the Service
• Analyze usage trends and optimize the user experience
• Detect, prevent, and address fraud, abuse, and security issues
• Comply with legal obligations

If you are located in the European Economic Area (EEA) or the United Kingdom, we process your personal data on the following legal bases:

• Contract performance: Processing necessary to provide the Service you have requested (e.g., account management, billing, server provisioning).
• Legitimate interests: Processing necessary for our legitimate business interests, such as improving the Service, ensuring security, and fraud prevention, where these interests are not overridden by your rights.
• Consent: Where you have given explicit consent, such as for analytics cookies. You may withdraw consent at any time.
• Legal obligation: Where processing is required to comply with applicable laws.

We share your personal data only in the following circumstances:

• Service providers: We use third-party providers to help operate the Service, including Stripe (payment processing), Cloudflare (security and CDN), and Google (analytics). These providers process data on our behalf and are contractually obligated to protect your data.
• Legal requirements: We may disclose your data if required by law, regulation, or legal process, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
• Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of the transaction.

We do not sell your personal data to third parties.

Our infrastructure operates across multiple global regions including North America, Europe, Oceania, and Asia Pacific. Your data may be transferred to and processed in countries outside your country of residence.

Where data is transferred outside the EEA or UK, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission or other legally recognized transfer mechanisms.

We retain your personal data for as long as necessary to:

• Provide the Service and maintain your account
• Comply with legal, accounting, or reporting obligations
• Resolve disputes and enforce our agreements

When you terminate your account, we will retain your data for a reasonable period to allow for data retrieval (up to 30 days for server content), after which it will be securely deleted or anonymized. Billing records and transaction data may be retained for longer periods as required by applicable law.

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Rectification: Request correction of inaccurate or incomplete data.
• Erasure: Request deletion of your personal data, subject to legal retention requirements.
• Restriction: Request that we limit the processing of your data in certain circumstances.
• Portability: Request your data in a structured, machine-readable format.
• Objection: Object to processing based on legitimate interests or for direct marketing purposes.
• Withdraw consent: Where processing is based on consent, withdraw it at any time.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. If you are in the EEA or UK and are unsatisfied with our response, you have the right to lodge a complaint with your local data protection authority.

We implement appropriate technical and organizational measures to protect your personal data, including:

• Encryption of data in transit (TLS) and at rest
• Role-based access controls and API key scoping
• Regular security assessments and monitoring
• Audit logging of API access and administrative actions
• DDoS protection and network-level security

While we take reasonable precautions, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security of your data.

The Service is not directed at individuals under 18 years of age. We do not knowingly collect personal data from anyone under 18. If we become aware that we have collected data from a minor, we will take steps to delete it promptly.

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Last updated" date at the top of this page. We encourage you to review this policy periodically. Continued use of the Service after changes are posted constitutes your acceptance of the revised policy.

If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact us at: