Privacy Policy

SangLoeiQR (สั่งเลย QR) Effective Date: April 21, 2026

1. Introduction

SangLoeiQR ("we", "us", "our") operates an online menu management platform for restaurants through the website sangloei.com ("Website") and related services ("Service"). This Privacy Policy describes how we collect, use, disclose, and protect your personal data in accordance with Thailand's Personal Data Protection Act B.E. 2562 (PDPA).

Data Controller: Pun (operating as a sole proprietor) Data Protection Officer (DPO) Contact: dpo@sangloei.com General Contact: support@sangloei.com

2. Data We Collect

2.1 Data You Provide Directly

  • Account Information: Full name, email address
  • Restaurant Information: Restaurant name, menu items, prices, menu images, restaurant description

2.2 Data Collected Automatically

  • Website usage data (pages visited, duration of use) — only when you consent to analytics cookies
  • Device information (browser type, operating system)

2.3 Payment Data

We use Omise as our payment service provider. Your credit/debit card information is processed directly by Omise. We do not store your payment card details on our systems.

3. How We Use Your Data

We use your data for the following purposes:

  • To create and manage your user account
  • To provide the online menu management platform
  • To process subscription payments
  • To communicate with you regarding the Service, updates, and technical support
  • To improve and develop our Service (with your consent for analytics)
  • To comply with applicable laws and regulations

4. Legal Basis for Processing

We process your personal data on the following legal bases:

  • Contract: To provide the Service under our agreement with you
  • Consent: For analytics cookies, newsletters, marketing, or promotional communications
  • Legitimate Interest: To prevent fraud and ensure security
  • Legal Obligation: To comply with tax laws and other regulations

5. Data Processors and Third Parties

We share your data with the following processors:

  • Firebase (Google LLC) — Authentication and real-time database. Data may be stored in the US.
  • Google Analytics (Google LLC) — Website usage analytics (only with your consent). Data may be stored in the US.
  • Cloudinary (Cloudinary Ltd) — Image hosting for menu images. Data may be stored in the US/EU.
  • Omise (Omise Co., Ltd) — Payment processing. Data stored in Thailand/Singapore.
  • Google Fonts (Google LLC) — Font delivery. IP address may be logged.
We will not sell your personal data to third parties.

6. Cross-Border Data Transfers

Some of our data processors are located outside Thailand (United States, European Union, Singapore). We ensure that such transfers comply with PDPA requirements by verifying that the destination country has adequate data protection standards or that appropriate safeguards are in place.

7. Data Retention

  • Active accounts: Data is retained for the duration of your account.
  • After cancellation: Account data is retained for 90 days to allow recovery, then deleted.
  • Tax and financial records: Retained for 5 years as required by Thai Revenue Code.
  • Analytics data: Anonymized and aggregated; not linked to individual accounts after deletion.

8. Your Rights

Under the PDPA, you have the following rights:

  • Right of Access: Request a copy of your personal data
  • Right to Rectification: Request correction of inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data
  • Right to Restriction: Request limitation of data processing
  • Right to Data Portability: Request your data in a machine-readable format (JSON export available in account settings)
  • Right to Object: Object to the processing of your data
  • Right to Withdraw Consent: Withdraw consent at any time (e.g., via cookie preferences)
To exercise these rights, please contact dpo@sangloei.com or use the self-service options in your account settings.

9. Data Security

We implement appropriate security measures, including:

  • Data encryption (SSL/TLS) for data transmitted through the Website
  • Content Security Policy (CSP) headers to prevent injection attacks
  • Restricted data access to authorized personnel only
  • Use of PCI-DSS compliant payment provider (Omise)

10. Cookies and Local Storage

10.1 Cookies

  • Necessary: Authentication token stored in localStorage (required for the Service to function)
  • Analytics: Google Analytics cookies (only loaded with your consent)
  • Marketing: Currently none; will request consent before adding
You can manage your cookie preferences at any time via the "Cookie Preferences" link in the sidebar/footer.

10.2 Local Storage

Our Website uses browser local storage to store your authentication token, language preferences, and cookie consent choices. This data is stored locally on your device.

11. Changes to This Policy

We may update this Policy from time to time. Significant changes will be communicated via email or notice on the Website at least 15 days before taking effect. Continued use of the Service after changes constitutes acceptance of the updated Policy.

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data subject rights, please contact:

  • Data Protection Officer: dpo@sangloei.com
  • General Support: support@sangloei.com
  • LINE Official Account: @sangloei (or search for SangLoeiQR)
  • Website: https://sangloei.com