Privacy Policy
นโยบายความเป็นส่วนตัว
Last updated: 16 May 20261. Introduction
NubSatang (“we”, “us”, or “our”) operates an online shop management platform through nubsatang.com and related services. This policy describes how we collect, use, and protect your personal data in accordance with the Personal Data Protection Act B.E. 2562 (PDPA) of Thailand.
By using our services, you acknowledge and accept this Privacy Policy. If you do not accept these terms, please discontinue use of our services.
2. Data Controller
- Name: NubSatang (นับสตางค์)
- Email: contact@nubsatang.com
- Location: Bangkok, Thailand
3. Information We Collect
We collect the following categories of personal data:
- Account data: email address, password (hashed), display name, profile picture
- Shop data: shop name, shop URL, bank account details for receiving payments, product listings, order records, inventory data
- Customer data (shop end-customers): LINE display name, LINE User ID, purchase history, loyalty points
- Usage data: IP address, browser type, pages visited, access timestamps
- Payment data: processed through Stripe - we do not store credit card numbers or raw card details directly
4. Purpose and Legal Basis
| Purpose | Legal Basis |
|---|---|
| Providing the platform service | Contract |
| Identity verification and security | Legitimate Interest |
| Sending service-related notifications | Contract |
| AI processing for business chat assistant | Consent |
| Sending LINE messages to shop customers | Contract |
| Usage analytics to improve the service | Legitimate Interest |
| Processing payments | Contract |
5. Disclosure to Third Parties
We may disclose personal data to the following trusted service providers solely to fulfil the purposes described in this policy:
- Supabase (Singapore) - database and authentication infrastructure
- Vercel (Global Edge Network) - website hosting and edge delivery
- Google Gemini AI (United States) - AI processing for the chat assistant; only summarised business data is transmitted - end-customer personal data is not sent to this service
- LINE Messaging API (Japan) - automated message delivery
- Stripe (United States) - payment processing
We do not sell your personal data to any third party.
6. Cross-Border Data Transfers
Your data may be processed outside Thailand, including in Singapore, the United States, Japan, and via Vercel's Global Edge Network. We apply appropriate safeguards for such transfers, including standard contractual clauses and encryption in transit, to ensure your data receives an adequate level of protection.
7. Data Retention Periods
- Account data: for the duration the account remains active, plus 30 days after account deletion
- Shop and order data: for the duration the account remains active
- Usage logs: 90 days
- Payment data: as required by law (no less than 5 years under Thai tax legislation)
8. Data Subject Rights under PDPA
As a data subject, you have the following rights:
- Right of access - request a copy of your personal data
- Right to rectification - request correction of inaccurate or incomplete data
- Right to erasure - request deletion of your personal data
- Right to restriction - request that we restrict processing while a review is pending
- Right to data portability - request your data in a machine-readable format
- Right to object - object to processing based on Legitimate Interest
- Right to withdraw consent - withdraw any consent previously given at any time, without affecting the lawfulness of prior processing
To exercise any of these rights, please email contact@nubsatang.com. We will respond within 30 days of receiving your request.
9. Cookies
We use only strictly necessary cookies required for the platform to function - specifically authentication cookies issued by Supabase to maintain your login session. We do not use cookies for advertising or behavioural tracking.
10. Data Security
We implement appropriate technical and organisational security measures, including:
- Encryption of data in transit (TLS/SSL)
- Password hashing (bcrypt)
- Row Level Security (RLS) to isolate data between shops
- Session-based authentication
- No direct storage of credit card data (handled by Stripe)
No system is 100% secure. If you suspect your account has been compromised, please contact us immediately.
11. Minors
This service is not intended for persons under the age of 18. If we become aware that we have collected personal data from a minor without verified parental consent, we will delete that data promptly. If you believe such data has been collected, please contact us at contact@nubsatang.com.
12. Changes to This Policy
We may update this policy from time to time to reflect changes to our services or applicable law. Where changes are material, we will notify you by email or an in-product notice before they take effect. The “Last updated” date at the top of this page always reflects the most current version.
13. Contact Information
For questions about this policy or to exercise your rights under PDPA, please contact us:
- Email: contact@nubsatang.com
- Website: nubsatang.com
Note: In case of any conflict or discrepancy between this English version and the Thai version, the Thai version shall prevail.