Privacy policy.

CERØ Co., Ltd., Bangkok, Thailand, is the data controller for everything you share with us through this website, the members portal, email, or any of our calls. The person responsible day-to-day is the founder, David Blanco — reachable at info@cero.agency.

Only what we need to do the work, in three buckets:

• Identity. Name, date of birth, nationality, passport details, current address, family members travelling with you.
• Financial. Income sources and amounts, current tax residency and filings, banking arrangements, company structures, anything else that affects how we structure your move.
• Operational. Email correspondence, call recordings (only with your consent, only on the diagnosis call), documents you upload to the members portal, status updates from embassies and banks.

We do not run third-party advertising trackers on this site. We do not sell or rent any of this information.

We collect identity and financial data to provide the relocation service you've asked us to provide. That's the legal basis: performance of a contract under Thai PDPA and, where relevant, GDPR Art. 6(1)(b).

We collect operational data to keep an audit trail of what we did and when — both for your protection (when an authority asks years later, we have the paperwork) and for ours.

Only the people and institutions that need to act on your file:

• Government bodies. Embassies, immigration offices, tax authorities, and registries in your old and new jurisdictions, only as required for filings and applications.
• Local agents. Lawyers, accountants, and notaries we work with in each destination, under written confidentiality.
• Our infrastructure. Email (Google Workspace), document storage (1Password Teams, Google Drive), accounting (Xero), members portal (custom-built, hosted on Vercel).

We do not share your data with any party that has no operational reason to see it. If a government or court compels disclosure, we will tell you about it unless we are legally prohibited from doing so.

For active members: the duration of the engagement plus seven years, which is the longest audit window in any jurisdiction we operate in. After that, we anonymise or delete.

For people who only had a diagnosis call and didn't proceed: 12 months, then deletion. If you'd like us to delete sooner, write and ask.

You have the right to ask us, at any time, for a copy of everything we hold on you, to correct anything that's wrong, to ask us to delete anything we no longer need, and to ask us to stop processing in some specified way.

Email info@cero.agency with the subject line "Privacy request" and we'll respond within 14 days.

This marketing site uses one first-party analytics cookie (a privacy-respecting one — no IP storage, no cross-site tracking) so we can see which pages people read and which they bounce from. We do not use Facebook Pixel, Google Ads, LinkedIn Insight, or any retargeting tool.

The members portal uses a session cookie to keep you logged in. That's it.

Operationally, in the European Union (Vercel and Google Workspace EU regions). For Thai-tax-residency files, copies are kept on a server in Singapore as required by Thai PDPA. We do not transfer personal data to the United States.

If we change anything material in this policy, we will email all active members at least 14 days before it takes effect. The current version is always live on this page, with the date at the top.