นโยบายความเป็นส่วนตัว

Privacy Policy

Last updated: [DATE]

This Privacy Policy describes how [SITE_NAME] ("the Site", "we", "us", "our") collects, uses, and protects your personal information. By using the Site, you consent to the practices described in this policy.

1. Information We Collect

1.1 Information You Provide

| Data | When Collected | Purpose | |------|---------------|---------| | Email address | Account creation (login form) | Authentication, magic link delivery, account identification | | Profile details (name, date of birth, height, weight, description) | Profile creation | Display on your public profile | | Profile categories and attributes | Profile creation | Search and filtering | | Rates and services | Profile creation | Display on your public profile | | Contact details (phone, email, social media handles) | Profile creation | Allow visitors to contact you | | Photos and videos | Profile media upload | Display on your public profile | | Sender name, email, and message text | Contact form | Deliver messages to profile owners | | Language, unit system, and currency preferences | Account settings | Personalise your experience | | Agency name, description, and location | Agency creation | Display on public agency page |

1.2 Information Collected Automatically

| Data | When Collected | Purpose | |------|---------------|---------| | IP address | Contact reveal actions | Abuse prevention and analytics | | IP address | Login and contact form submissions | Rate limiting (short-lived, not stored permanently) | | Error and performance data | Page loads and interactions | Error monitoring and performance improvement via Sentry | | Session replay recordings | 10% of browsing sessions (production only) | Debugging and user experience improvement via Sentry | | Browser and device information | Error events | Debugging via Sentry |

1.3 Information We Do Not Collect

  • We do not use Google Analytics or similar behavioural tracking tools
  • We do not use advertising pixels (Facebook, Google Ads, etc.)
  • We do not use heatmaps or click-tracking services
  • We do not track your location via GPS or geolocation APIs

2. How We Use Your Information

We use your information to:

  • Operate and maintain the Site
  • Authenticate your identity via passwordless login (magic links)
  • Display your profile and agency information to visitors
  • Deliver contact messages between visitors and profile owners
  • Personalise the Site (language, units, currency, dark mode)
  • Prevent abuse through rate limiting and flagging
  • Monitor errors and improve Site performance
  • Generate thumbnails for uploaded media
  • Translate content into supported languages (when enabled)

3. How We Share Your Information

3.1 Profile Information

Profile details, photos, videos, rates, services, and contact information you add to your profile are publicly visible to all Site visitors.

3.2 Contact Messages

When a visitor sends you a message via the contact form, their name, email, and message text are delivered to your email address after they confirm via double opt-in.

3.3 Third-Party Service Providers

We use the following third-party services to operate the Site:

| Service | Provider | Data Shared | Purpose | |---------|----------|-------------|---------| | Cloud storage (S3) | Amazon Web Services | Photos, videos | Media file storage | | Email delivery (SES) | Amazon Web Services | Email addresses, message content | Sending magic links and contact messages | | Error monitoring | Sentry (Functional Software, Inc.) | Error data, performance traces, user ID and email (authenticated users), session replays | Error tracking and debugging | | Content delivery | Amazon CloudFront | Static assets, media files | Fast global content delivery | | Translation | Amazon Translate | Profile and content text (when enabled) | Automatic content translation |

3.4 Legal Requirements

We may disclose your information if required by law, subpoena, court order, or government request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

3.5 No Sale of Data

We do not sell, rent, or trade your personal information to third parties for marketing or advertising purposes.

4. Data Retention

| Data | Retention Period | |------|-----------------| | User accounts | Until you request deletion or the account is pruned for inactivity | | Unconfirmed accounts (never logged in, no profile or agency) | Automatically deleted shortly after creation | | Profile data and media | Until you delete your profile or request account deletion | | Contact messages | Indefinitely (until manually deleted by admin) | | Contact reveal logs (IP address) | Indefinitely | | Sentry error data | 90 days (Sentry's default retention) | | Sentry session replays | 30 days (Sentry's default retention) | | Rate limiting data (IP address) | 15-60 minutes (per rate limit window) | | Session data | Until browser session ends or logout |

5. Data Security

We implement the following security measures:

  • HTTPS encryption for all data in transit (HSTS enforced)
  • Passwordless authentication (no passwords stored)
  • HTTP-only, secure, SameSite session cookies
  • CSRF protection on all forms
  • Content Security Policy (CSP) headers
  • Rate limiting on login and contact endpoints
  • Server-side encryption for stored media (AES-256)

6. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal information we hold about you
  • Correct inaccurate personal information
  • Delete your account and associated data
  • Object to or restrict the processing of your data
  • Data portability -- receive your data in a structured, machine-readable format
  • Withdraw consent at any time

To exercise any of these rights, contact us at [CONTACT_EMAIL].

7. International Data Transfers

Your data may be processed and stored in regions outside your country of residence, including the United States, European Union, and other regions where our infrastructure providers operate. We rely on the data protection mechanisms of our service providers (including AWS and Sentry) to safeguard transferred data.

8. Children's Privacy

The Site is not intended for individuals under 18 years of age. We do not knowingly collect personal information from minors. If we become aware that we have collected data from a person under 18, we will take steps to delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Changes take effect when posted on this page. We encourage you to review this policy periodically. Your continued use of the Site after changes are posted constitutes acceptance of the updated policy.

10. Contact

For questions about this Privacy Policy or to exercise your data rights, contact us at [CONTACT_EMAIL].