Legal Document v2.0

Privacy Policy

Plain-language summary of what we collect, why we collect it, who we share it with, and the rights you have over your data.

Last updated
2026-04-14
Effective
2026-04-14
Reading time
~6 min

In a nutshell

The 30-second version

We store contact-form submissions to respond to you, server logs for debugging and abuse prevention, and use Google Analytics 4 for anonymous visitor counts.

  • We don't sell your data
  • We don't build marketing lists
  • We don't use cross-site tracking
  • You can access, correct, or delete your data anytime

This policy explains how palakorn.com collects and uses your personal information when you visit the site, contact us via the form, or use other features. By using the site, you agree to the practices described below.

01

Data Controller

This site is operated by Palakorn Voramongkol, an independent software engineer based in Bangkok, Thailand.

02

Data We Collect

We collect only what is necessary to operate the site and respond to inquiries.

Information you provide

  • Contact form — name, email, phone (optional), company (optional), budget range (optional), and your message. We store this to reply to you. We do not build marketing lists from it.

Automatic collection

  • Server access logs — the nginx web server records IP, timestamp, URL, HTTP method, user agent, and referrer for debugging, monitoring, and abuse prevention.
  • Google Analytics 4 — we include a GA4 tag to measure aggregate visitor statistics. Google sets anonymous client-ID cookies. You can opt out via the Google Analytics Opt-out Browser Add-on.
  • Cloudflare Turnstile (when enabled) — verifies you are not a bot when submitting the contact form.
  • Sentry (when enabled) — records JavaScript stack traces and anonymized session data to help fix bugs. Retained up to 90 days.
  • Giscus (blog comments) — backed by GitHub Discussions; you need a GitHub account to post.
03

How We Use Your Data

  • Respond to inquiries — contact-form data is used solely to reply to you.
  • Debug and monitor — server logs and Sentry help us troubleshoot technical issues.
  • Improve the site — Google Analytics tells us which content is useful.
  • Prevent abuse — Turnstile blocks spam on the contact form.
  • Legal obligations — when required by law.
04

Third-party Sub-processors

We use the following services to operate the site:

Service Purpose Location
VultrServer hosting (VPS)USA / global
CloudflareDNS, bot check (Turnstile)USA (global edge)
Google (Analytics 4)Visitor analyticsUSA
mailbux.comOutbound email (SMTP)Europe
SentryBrowser error monitoring (optional)USA / EU
GitHub (Giscus)Blog commentsUSA
Cal.comMeeting scheduling (if used)USA / EU

These providers operate under their own privacy policies; we use them only as needed.

05

Cookies & Browser Storage

We use a small number of cookies and local-storage entries:

  • localStorage (locale) — the language you chose (en or th), kept on your device only.
  • Google Analytics cookies — Google sets _ga and _ga_* to distinguish visitors (anonymous).
  • Cloudflare cookies — may set cf_clearance and Turnstile-related cookies for security checks.

You can clear cookies at any time in your browser settings.

06

Data Sharing

We do not sell, rent, or trade your personal data.

Data is shared only:

  • With the sub-processors listed above, as needed to run the service.
  • When required by law (e.g. court order, lawful government request).
  • To protect the rights, property, or safety of palakorn.com or others.
07

International Transfers

Some servers and sub-processors are located in the United States, the European Union, or other regions. By submitting data, you consent to cross-border transfer. We choose providers that maintain comparable data-protection standards (Standard Contractual Clauses, GDPR-adequate regions).

08

Data Retention

Contact submissions

Up to 2 years

Or until you request deletion

Server access logs

Up to 30 days

Analytics data

14 months

GA4 default

Sentry events

Up to 90 days

Blog comments (via GitHub) — until you delete them yourself.

09

Your Rights (GDPR / PDPA)

Under the GDPR (EU / UK), Thailand's PDPA, and similar laws, you have the right to:

  • Access — request a copy of the data we hold about you.
  • Rectification — have inaccurate data corrected.
  • Erasure / Right to be Forgotten — request deletion.
  • Object — object to specific processing activities.
  • Withdraw consent — where processing is based on consent.
  • Data portability — receive data in a machine-readable format.
  • Lodge a complaint — with your local supervisory authority.
To exercise any of these rights, email contact@palakorn.com. We respond within 30 days.
10

Security

We apply reasonable technical and organisational measures, including:

  • HTTPS with a valid TLS certificate and HSTS preload.
  • Strict Content Security Policy (CSP) to prevent XSS.
  • Rate limiting on the contact form to deter spam.
  • Least-privilege access control for servers.
  • Regular backups.

No system can guarantee absolute security. If you suspect a data leak, please inform us immediately.

11

External Links

The site links to external profiles (GitHub, LinkedIn, etc.) and may embed third-party content. Those services operate under their own privacy policies; we have no control over them.

12

Children's Privacy

This site is not directed at children under 13 and we do not knowingly collect data from children. If you are a parent and aware that your child has provided us data, please contact us to have it removed.

13

Changes to This Policy

We may update this policy from time to time. Material changes will be reflected in the "Last updated" date above. Previous versions are available by email on request.

14

Contact

For any questions about this policy or your data:

PV

Palakorn Voramongkol

Independent Software Engineer · Bangkok, Thailand

contact@palakorn.com

Questions? Contact me or read the Terms of Service.

v2.0 · 2026-04-14