Privacy Policy

How we collect, use, and protect your information

Last updated: January 2025

1. Introduction

This Privacy Policy describes how Krua Pak Thai ("we," "our," or "us") collects, uses, and protects your personal information when you use our website and services (the "Service"). By using our Service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Phone Numbers

  • We collect your phone number when you register or authenticate with our Service
  • Phone numbers are used solely for account verification and authentication purposes
  • We use Twilio's services to send verification codes via SMS

2.2 Verification Data

  • SMS verification codes (temporary, automatically deleted after use)
  • Verification attempt timestamps and success/failure status
  • Device information related to verification attempts

2.3 Usage Information

  • Log data including IP addresses, browser type, and pages visited
  • Device identifiers and operating system information
  • Cookies and similar tracking technologies

2.4 Optional Information

  • Information you voluntarily provide (name, email, profile information)
  • Communications you send to us

3. How We Use Your Information

We use collected information for:

  • Authentication: Verifying your identity through SMS verification
  • Account Security: Protecting your account from unauthorized access
  • Service Delivery: Providing and maintaining our Service
  • Communication: Sending important service-related notifications
  • Compliance: Meeting legal and regulatory requirements
  • Improvement: Analyzing usage to improve our Service

4. Third-Party Services

4.1 Twilio

We use Twilio Inc. for SMS-based phone number verification. When you provide your phone number:

  • Your phone number is transmitted to Twilio for SMS delivery
  • Twilio may process your phone number according to their Privacy Policy
  • Twilio's Privacy Policy: https://www.twilio.com/legal/privacy
  • We have appropriate agreements with Twilio to protect your data

4.2 Other Service Providers

We may use other third-party services for:

  • Analytics and website performance monitoring
  • Hosting and infrastructure services
  • Customer support tools

5. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information. We may share information in these limited circumstances:

  • Service Providers: With trusted partners who assist in operating our Service (like Twilio)
  • Legal Requirements: When required by law, court order, or government request
  • Safety: To protect the safety and security of our users and Service
  • Business Transfers: In connection with a merger, acquisition, or sale of assets
  • Consent: When you have given explicit consent

6. Data Security

We implement appropriate security measures to protect your information:

  • Encryption of data in transit and at rest
  • Access controls and authentication requirements
  • Regular security assessments and updates
  • Secure data storage and transmission protocols
  • Limited access to personal information on a need-to-know basis

7. Data Retention

  • Phone Numbers: Retained for as long as your account is active
  • Verification Codes: Automatically deleted within 24 hours
  • Log Data: Retained for up to 12 months for security and operational purposes
  • Account Data: Deleted within 30 days of account closure (unless legally required to retain)

8. Your Rights

Depending on your location, you may have the following rights:

8.1 General Rights

  • Access: Request information about data we hold about you
  • Correction: Update or correct inaccurate personal information
  • Deletion: Request deletion of your personal information
  • Portability: Receive your data in a portable format
  • Opt-out: Unsubscribe from non-essential communications

8.2 How to Exercise Your Rights

Contact us at hello@kruapakthai.com to exercise these rights. We will respond within 30 days.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place, including:

  • Standard contractual clauses approved by relevant authorities
  • Adequacy decisions by regulatory bodies
  • Other legally recognized transfer mechanisms

10. Children's Privacy

Our Service is not intended for children under 13 (or 16 in the EU). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

11. SMS and Communication Preferences

  • Verification SMS: Essential for account security and cannot be opted out
  • Marketing Communications: Optional and can be unsubscribed at any time
  • Frequency: Verification SMS sent only during authentication attempts
  • Charges: Standard message and data rates from your carrier may apply

12. Regional Privacy Rights

12.1 California Residents (CCPA)

California residents have additional rights including:

  • Right to know what personal information is collected
  • Right to delete personal information
  • Right to opt-out of the sale of personal information (we do not sell personal information)
  • Right to non-discrimination for exercising privacy rights

12.2 European Union Residents (GDPR)

EU residents have rights including:

  • Lawful basis for processing (legitimate interest for security and service delivery)
  • Right to object to processing
  • Right to restrict processing
  • Right to lodge a complaint with supervisory authorities

12.3 Other Jurisdictions

We comply with applicable privacy laws in all jurisdictions where we operate.

13. Cookies and Tracking

We use cookies and similar technologies for:

  • Essential: Required for Service functionality
  • Analytics: Understanding how you use our Service
  • Preferences: Remembering your settings

You can control cookies through your browser settings.

14. Changes to This Policy

We may update this Privacy Policy periodically. We will:

  • Post the updated policy on our website
  • Update the "Last Updated" date
  • Notify you of material changes via email or Service notification
  • For significant changes, obtain your consent where required by law

15. Contact Information

If you have questions about this Privacy Policy or our data practices:

Email: hello@kruapakthai.com

Company: Krua Pak Thai

16. Compliance and Certifications

We are committed to privacy compliance and maintain:

  • Regular privacy impact assessments
  • Staff training on data protection
  • Appropriate technical and organizational measures
  • Incident response procedures

Note: This Privacy Policy is effective as of the date listed above and governs your use of the Service.