Skip to content
PETDERR.
06นโยบาย · 2026
อัปเดต 23 พ.ค. 2026

Your data.
Stays yours.

DRAFT — pending legal review. This document is a working draft. It has not been reviewed by a Thai-licensed attorney. Do not rely on it as legal advice or final policy until it has been reviewed.

Last updated: 17 May 2026 Effective date: to be set on publish

PETDERR. is an independent community project run by a small group of volunteers in Thailand (the "Team", "we", "us"). PETDERR. is a community for owners of dogs and cats. This Privacy Policy describes what personal data we collect when you use petderr.com (the "Service"), how we use it, who we share it with, and the rights you have over it.

PETDERR. is not yet a registered company. If we incorporate later — for example to take on sponsors, hire staff, or scale up — this Policy will be updated and you will be notified in line with Section 11.

1. Scope

This Policy applies to everyone who visits petderr.com, every registered member of the Service, and to anyone whose photograph may appear in an event gallery we publish. It does not cover the privacy practices of third parties (Facebook, Google, LINE, payment processors, carriers) — please review their own policies if you use them.

2. Information We Collect

We collect only what we need to run the Service.

When you create an account

  • Email address (always)
  • Display name (always)
  • Password — never seen by us; only the hash is stored (when you sign up with email + password)
  • Phone number (optional, via your profile page)
  • Profile photo (optional)

When you sign in with Facebook, Google, or LINE

  • The provider's stable user identifier
  • The email address the provider returns (if any)
  • The display name and profile photo the provider returns
  • Nothing else — we do not request friend lists, posts, contacts, or other scopes

When you add a pet

  • Pet name, breed, age (all optional)
  • Pet photos you upload to your profile (optional)

When you register for and attend events

  • Event registrations (which events, when, group size)
  • QR check-in timestamp at the event — this is how we award a stamp
  • Attendance records visible to event hosts and our admins

Photographs of you at our events

  • PETDERR. event photographers may take photos of attendees and pets for the event gallery and for PETDERR. marketing. We strip GPS and EXIF metadata before storage. You can ask us to remove a specific photo at any time — see Section 6.

Stamps and merchandise redemptions

  • A log of stamps earned and redeemed, with timestamps
  • The shipping address you give us when you redeem merchandise

Communications you send us

  • Messages submitted via the contact form (including the email and topic you provide)

Technical data

  • IP address, browser user-agent, device type
  • Pages you view and when you view them
  • Cookies — see Section 8

We do not intentionally collect any "sensitive personal data" as defined in PDPA Section 26 (race, religious belief, political opinion, sexual orientation, criminal record, health data, genetic or biometric data). Pet ownership is not sensitive data under Thai law.

3. Why We Collect It — Lawful Basis under PDPA Section 24

PurposeLawful basis
Creating and operating your accountContractual necessity
Sending you a 24-hour reminder before a booked eventContractual necessity
Awarding and redeeming stampsContractual necessity
Shipping merchandise you redeemContractual necessity
Showing the events you attended on your member profileContractual necessity
Including your photo in an event gallery on the ServiceConsent — granted at event registration, withdrawable per Section 6
Showing your photo to other members in the event galleryConsent — as above
Including your photo in PETDERR. marketing materialConsent — as above
Audit logs of admin actions affecting your accountLegitimate interest — security and accountability
Anonymous traffic analytics (Google Analytics 4)Consent — granted via the cookie banner; default-deny until you accept
Responding to your contact-form messagesLegitimate interest

You can withdraw consent for any consent-based processing at any time (see Section 6). Withdrawing consent does not affect the lawfulness of processing done before the withdrawal.

4. Who We Share It With

We do not sell, rent, or trade your personal data to any third party.

We share data with the following service providers, who process it on our behalf under contract:

ProviderWhat is sharedRegion
Amazon Web Services (S3, RDS, CloudFront, App Runner, Amplify)All Service dataAWS Asia Pacific region; CloudFront edge cache globally
Amazon Simple Email Service (SES)Your email address and the message we are sendingAWS region — SES infrastructure may route through the United States
Google Analytics 4 (only after you accept the cookie banner)IP-anonymised browsing data — page views, device class, country-level locationGoogle global infrastructure (includes the United States)
Facebook, Google, LINEThe OAuth handshake — see Section 2The provider's own infrastructure (only if you choose that provider)

We will disclose your data without your consent only when legally required to do so by a Thai court order, Thai law-enforcement request, or other binding legal process, and only to the extent that request requires.

Admins of PETDERR. (PETDERR. staff with elevated permissions) can view member profiles, event registrations, attendance logs, contact-form messages, and audit logs as needed to operate the Service.

5. Cross-Border Transfers — PDPA Section 28

Some of your data may be processed outside Thailand:

  • AWS SES may route transactional email through United States infrastructure.
  • Google Analytics 4 is operated from the United States. We send only IP-anonymised browsing data and only after you accept the cookie banner.
  • CloudFront has edge caches in many countries.

These transfers are covered by the standard contractual clauses our service providers publish and the providers commit to security standards comparable to those required under Thai law. If you object to such transfers, please do not use the Service.

6. Your Rights — PDPA Sections 30 to 35

You have the following rights over the personal data we hold about you. To exercise any of them, email us at support@petderr.com. We will respond within thirty (30) days.

  • Right of access — you can ask what data we hold about you and receive a copy in a portable format (JSON).
  • Right of rectification — you can ask us to correct inaccurate data. Most fields are also editable directly from your profile page.
  • Right of erasure — you can ask us to delete your account. We will redact your personally identifying data (name, email, phone, profile photo, pet photos you uploaded) on receipt of the request. We retain anonymised activity records (event-attendance counts, stamp ledger) for up to ninety (90) days to satisfy our audit and legal obligations; after that they are deleted.
  • Right to restrict processing — you can ask us to stop processing your data while a dispute is being resolved.
  • Right to data portability — see right of access.
  • Right to object — you can object to processing based on legitimate interest. We will reconsider and stop unless we have an overriding legal ground.
  • Right to withdraw consent — you can withdraw any consent you previously gave (for example, your photo-gallery inclusion at event registration, or analytics cookies — clear your browser storage for petderr.com to revoke the banner choice).

If you believe we have mishandled your data, you have the right to lodge a complaint with the Office of the Personal Data Protection Committee of Thailand (PDPC, https://www.pdpc.go.th/).

7. How Long We Keep Data

CategoryRetention
Active account (profile, pets, settings)Until you delete your account
Account after deletion (anonymised)Up to 90 days for audit, then deleted
Event registrations1 year after the event, then archived as non-personal aggregate
Stamps and redemption ledger3 years (audit and fraud)
Event photosUntil you ask us to remove the photo, or the event is retired
Audit logs of admin actions2 years
Transactional email logs (SES)30 days
Analytics data (Google Analytics 4)14 months — Google's default retention; data older than this window is automatically purged
Contact-form messages2 years after the matter is resolved

8. Cookies and Similar Technologies

We use a small set of cookies and similar browser storage:

  • Essential — session cookies that keep you logged in and CSRF tokens that protect form submissions. Disabling them will break the Service.
  • Analytics (opt-in) — Google Analytics 4 cookies (_ga, _ga_*). We set these only after you click "Accept all" on the cookie banner. Before you accept (or if you click "Essential only"), no analytics cookies are written. We honor the Google Consent Mode v2 default-deny posture.
  • Preferences — local storage for your saved-events list (your wishlist) and your cookie-banner choice (petder-cookie-consent).

You can clear cookies and local storage from your browser at any time. Clearing them will log you out and remove your saved-events list.

9. Security

We use industry-standard safeguards: TLS in transit, hashed passwords, role-based access for admins, and audit logs of admin actions affecting member data. No online system, however, is one-hundred-percent secure. If we ever discover a personal-data breach that may put your rights at risk we will notify you in line with PDPA Section 37.

10. Children

The Service is intended for adults of eighteen (18) years or older. We do not knowingly collect personal data from children. If you believe we hold data about someone under eighteen, please contact us and we will delete the account.

11. Changes to this Policy

We may update this Policy from time to time. Material changes will be notified by email — to the address on your account — at least thirty (30) days before they take effect, and posted on this page with a new "Last updated" date.

12. Contact

Data privacy questions and rights requests

Email: support@petderr.com

Data controller

The PETDERR. team — an unincorporated community group based in Thailand. Until PETDERR. is formally registered as a legal entity, the founder(s) of the project act as the joint data controllers for the personal data collected via the Service. You can reach us at support@petderr.com.

Regulator

Office of the Personal Data Protection Committee (PDPC), Thailand https://www.pdpc.go.th/

WALKPLAYFUNPETDERR.ACTIVITYMEETUPPEOPLECOMMUNITY