system: pepatcha.com / legal
~ /privacy
// LEGAL • v1.0
// document_type: privacy_policy   •   jurisdiction: Thailand (PDPA)

Privacy Policy

effective: 2026-01-01 last_updated: 2026-01-01 contact: [email protected]
i

The short version

This is a personal portfolio site. I want to keep it simple, transparent, and minimal:

01 Who I am

// the controller of your data

This site (pepatcha.com) is operated personally by Patchara Suwanbordin, an individual full-stack engineer based in Bangkok, Thailand. There is no company entity behind this domain — it is a personal portfolio and contact surface.

For the purposes of Thailand's Personal Data Protection Act B.E. 2562 (PDPA) and analogous concepts in the EU GDPR, I act as the data controller for any personal data processed through this site.

02 What I collect

// only what's needed to run the site and reply to you

CategoryExamples
Contact dataYour name, email, message body, and any project details you voluntarily share when you email [email protected] (see the contact section at the bottom of this page) or submit the contact form.
Technical dataIP address, user-agent string, referrer, requested page, response code, and timestamp — stored briefly in standard server logs.
Analytics dataAggregated pageview counts, anonymous device class (mobile/desktop), country (city-level only), and approximate session duration. No cross-site tracking, no fingerprinting.
PreferencesA small localStorage entry remembering your light/dark theme choice and music auto-play state. Stays on your device — never sent to a server.

I do not knowingly collect: government IDs, financial details, health data, biometric data, or any "sensitive" personal data category under PDPA / GDPR. Please don't put any of that into the contact form.

03 Why I collect it

// the purpose for each category

  • To reply to you. If you reach out, I need your contact info to write back.
  • To run the site. Server logs help me debug crashes, block abuse, and keep the site available.
  • To understand what's useful. Aggregate analytics tells me which case studies people actually read, so I can write better ones.
  • To remember your preferences. If you toggle dark mode once, you shouldn't have to do it again.

05 Cookies & storage

// no third-party trackers — promise

This site uses the bare minimum:

KeyPurpose • Lifetime
theme
localStorage		Remembers your light/dark choice. Lives on your device until you clear it. Never transmitted.
bg-music-state
localStorage		Remembers whether the lo-fi player was muted and where it was paused. Stays local.
Analytics ping
cookieless		A single anonymous request per pageview to a privacy-respecting analytics provider. No cookies, no cross-site identifier.
!

No advertising cookiesThis site sets zero advertising, retargeting, or social-media tracking cookies. If a cookie banner ever appears, it's because a third-party embed required it — never because I want one.

06 Who I share with

// processors I rely on to run a static personal site

  • Hosting / CDN provider — serves the static HTML and assets. Sees IP + user-agent for each request.
  • Email provider — handles inbound mail to [email protected].
  • Analytics provider — receives anonymized, aggregate pageviews.

Each of these is bound by a Data Processing Agreement (or its provider equivalent). I do not sell, rent, license or trade your personal data with anyone, and I don't share it with advertisers.

If a freelance engagement requires sharing project details with a sub-contractor, I'll tell you up front and only share what's necessary for that work.

07 How long I keep it

// retention windows

DataKept for
Contact-form / email enquiriesUp to 24 months after our last exchange, then deleted.
Active client correspondenceDuration of the engagement + 5 years for tax/accounting compliance under Thai law.
Server logs30 days, then auto-rotated.
Aggregate analyticsIndefinite, but already non-identifying by design.

08 Your rights

// what you can ask me to do

Under PDPA (and GDPR if you're an EU resident), you have the right to:

  • Access the personal data I hold about you.
  • Correct data that's inaccurate or incomplete.
  • Delete ("right to be forgotten") your data, subject to legal retention obligations.
  • Restrict or object to certain processing.
  • Port your data — receive a copy in a machine-readable format.
  • Withdraw consent at any time, where consent is the basis.
  • Lodge a complaint with the Personal Data Protection Committee of Thailand, or your local supervisory authority.

Email [email protected] with the subject line PDPA REQUEST and I'll respond within 30 days, usually much faster.

09 Security

// what I do to keep things safe

The site is served over HTTPS only. Inbound mail is delivered over TLS. Credentials and access keys for hosting and email are stored in a password manager with 2FA. There is no user account system on this site, so there are no passwords of yours for me to leak.

That said, no system is perfectly secure. If you suspect a security issue, please contact me and I'll investigate quickly.

10 Children

// not for under-13s

This site is aimed at adults — recruiters, hiring managers, and prospective clients. I do not knowingly collect data from anyone under 13. If you believe a child has submitted personal data, contact me and I'll delete it.

11 Changes to this policy

// versioning

If I update this policy, the last_updated date at the top will change. Material changes will be flagged on the homepage for at least 14 days. Your continued use of the site after a change means you accept the new version — but you can always email me to opt out and have your data deleted.

12 Contact

// how to reach me about privacy

For any privacy question, request, or complaint:

Patchara Suwanbordin
Email: [email protected]
Subject line: PDPA REQUEST for a faster response
Location: Bangkok, Thailand

Patchara Suwanbordin // signed and committed
Read Terms of Use →