CoreFlareSec ("we", "us", "our"), operated by Atipong Kankang, is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect your information in accordance with Thailand's Personal Data Protection Act (PDPA) B.E. 2562 (2019).
By using our website and services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please discontinue use of our services.
2. Data We Collect
We may collect the following categories of personal data:
Name — provided when you submit our contact form
Email address — used for communication and OTP verification
IP address — collected automatically through server logs
User agent — browser and device information from server logs
Service interest — the type of service you are inquiring about
Budget range — an optional field on our contact form
Support conversation messages — messages exchanged through our support chat system
3. How We Collect Data
We collect personal data through the following methods:
Contact form — when you submit an inquiry through our contact form, which includes OTP email verification to confirm your identity
Support chat system — when you interact with our built-in support chat to ask questions or request assistance
Server logs — automatically collected when you visit our website, including IP address and user agent information
4. Purpose of Collection
We collect and use your personal data for the following purposes:
To respond to your inquiries and provide information about our services
To provide customer support through our chat system
To improve our website, services, and user experience
To monitor and maintain the security of our systems
To send service-related communications, such as project updates and follow-ups
5. Legal Basis
We process your personal data on the following legal grounds under the PDPA:
Consent — when you voluntarily submit your information through our contact form or support chat, you provide explicit consent for us to process that data
Legitimate interest — we collect server logs and technical data to monitor and maintain the security of our infrastructure and to protect against unauthorized access
Contractual necessity — when processing is necessary to fulfill or prepare a service agreement between you and CoreFlareSec
6. Data Storage & Security
We take the security of your personal data seriously and implement appropriate technical and organizational measures to protect it:
All data is stored on Cloudflare infrastructure, including Cloudflare D1 database and Workers KV
Data is encrypted in transit using TLS (Transport Layer Security)
Access to personal data is restricted to authorized personnel only
Our admin panel is protected by Cloudflare Access for authentication and authorization
7. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes outlined in this policy:
Inquiry data (contact form submissions) — retained for 2 years from the date of submission
Support conversations — retained for 1 year after the last message in the conversation
Server logs — retained for 90 days
After the retention period, personal data will be securely deleted or anonymized.
8. Your Rights Under PDPA
Under Thailand's Personal Data Protection Act, you have the following rights regarding your personal data:
Right to access — request a copy of the personal data we hold about you
Right to correction — request that we correct any inaccurate or incomplete data
Right to deletion — request that we delete your personal data, subject to legal obligations
Right to withdraw consent — withdraw your consent at any time for data processing based on consent
Right to data portability — request your data in a structured, commonly used, machine-readable format
Right to restrict processing — request that we limit the processing of your data in certain circumstances
Right to object — object to the processing of your personal data based on legitimate interests
Right to lodge a complaint — file a complaint with the Personal Data Protection Committee (PDPC) if you believe your rights have been violated
To exercise any of these rights, please contact us using the details provided in Section 14 below. We will respond to your request within 30 days.
9. Third-Party Services
We use the following third-party services in the operation of our website:
Cloudflare — infrastructure provider for hosting, CDN, DNS, and security (D1 database, Workers, Workers KV, Cloudflare Access)
Resend — email delivery service used for sending OTP verification emails and service-related communications
Google Fonts — typography service for loading the Inter typeface used on our website
We do not sell, trade, or otherwise transfer your personal data to third parties for marketing or advertising purposes. Third-party services are used solely for the operational purposes described above.
10. Cookies
CoreFlareSec uses minimal browser storage:
localStorage — used exclusively to store a support chat session token, enabling continuity of your support conversations
We do not use tracking cookies, analytics cookies, or any third-party advertising cookies. We do not use any cookie-based tracking or profiling technologies.
11. International Transfers
Your personal data may be processed on Cloudflare's global edge network, which includes servers located outside of Thailand. Cloudflare maintains appropriate technical and organizational security measures to protect your data during such transfers, in compliance with applicable data protection standards.
12. Children's Privacy
Our website and services are not directed at children under the age of 20, which is the threshold defined by Thailand's PDPA for minors. We do not knowingly collect personal data from children under 20. If we become aware that we have collected personal data from a child under 20 without appropriate parental consent, we will take steps to delete that information promptly.
13. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. When we make changes, we will update this page and revise the "Effective" date at the top. We encourage you to review this policy periodically to stay informed about how we protect your data.
14. Contact Us
If you have any questions about this Privacy Policy, wish to exercise your rights under the PDPA, or have concerns about our data practices, please contact us: