Privacy Policy
Effective Date: March 12, 2026
Last Updated: March 2, 2026
Nightkun is operated by Nightkun (an individual), who takes your privacy seriously. This policy is prepared in compliance with the Personal Data Protection Act B.E. 2562 (PDPA) of Thailand, and explains how we collect, use, disclose, and protect your personal data as a Data Subject.
1. Data Controller
Pursuant to Section 23 of PDPA, the Data Controller details are as follows:
- Operator Name: Nightkun (individual)
- Type: Individual operator of the Nightkun platform
- Address: Ubon, Thailand
- Contact Email: [email protected]
- Website: nightkun.com
2. Personal Data We Collect
In accordance with Section 23 of PDPA, we collect the following categories of personal data:
2.1 Data You Provide Directly
- Account Data: Username, email address, encrypted password (bcrypt), and profile picture
- User Content: Posts, comments, and community interactions
- Shop Data: Affiliate links and products you share on the platform
2.2 Automatically Collected Data
- Usage Data: Pages visited, time spent, and interactions with content
- Device Data: Browser type, operating system, and IP address
- Cookies: To remember your preferences and improve your experience
2.3 Data from Third Parties
- Profile data from social logins via Google or Facebook, limited to what you have consented to share with those platforms
PDPA Note: We do not collect Sensitive Personal Data under Section 26 (e.g., race, religion, health information) without your explicit consent.
3. Legal Basis for Processing
Pursuant to Section 24 of PDPA, we process your personal data based on the following legal grounds:
| Legal Basis | Purpose |
|---|---|
| Consent (Section 19) | Marketing emails, non-essential cookies |
| Contract (Section 24(3)) | Account creation and core service delivery |
| Legitimate Interests (Section 24(5)) | Usage analytics, fraud prevention |
| Legal Obligation (Section 24(6)) | Compliance with court orders or authorities |
4. Purposes of Processing
We use personal data only for the purposes specified, in accordance with the Purpose Limitation principle of PDPA:
- Service Delivery: Operating your account, displaying content, and managing platform features
- Personalization: Recommending anime content and posts you may find interesting
- Security: Detecting and preventing fraud, spam, and suspicious activity
- Communication: Notifying you of activity and system updates (service-related only)
- Marketing: Sending news and promotions only when you have given explicit consent
5. Disclosure and Transfer of Personal Data
Pursuant to Section 27 of PDPA, we do not sell your personal data. We disclose data only in the following circumstances:
5.1 Necessary Service Providers (Data Processors)
We may use third-party services that are necessary for operation, such as hosting and analytics. These providers are bound to protect your data in accordance with PDPA Section 40.
5.2 Legal Compliance
We may disclose data upon orders from competent authorities, courts, or government agencies as required by law.
5.3 International Data Transfer
If data is transferred internationally, we comply with Section 28 of PDPA by ensuring the destination country provides an adequate level of data protection.
6. Cookies and Tracking
6.1 Types of Cookies We Use
| Type | Legal Basis | Purpose |
|---|---|---|
| Essential Cookies | Legitimate Interest | Core platform functionality |
| Preference Cookies | Contract | Remember language and theme |
| Analytics Cookies | Consent | Measure usage and performance |
| Marketing Cookies | Consent | Display relevant content |
6.2 Managing Cookie Consent
You can manage cookie consent through the banner shown on your first visit, or in your account settings. You may withdraw consent at any time.
7. Security Measures
Pursuant to Section 37 of PDPA, we implement appropriate technical and organizational security measures including:
- SSL/TLS Encryption for all data in transit
- Password Hashing using bcrypt
- Two-Factor Authentication (2FA) for enabled accounts
- Regular Security Audits to identify vulnerabilities
- Access Controls limiting data access to authorized persons only
In the event of a personal data breach, we will notify the Personal Data Protection Committee (PDPC) within 72 hours and inform you without undue delay, per Section 37(4).
8. Rights of the Data Subject
Pursuant to Sections 30–36 of PDPA, you as a Data Subject have the following rights:
- Right to be Informed (Section 23): Receive details about how your data is collected
How to exercise your rights: Contact [email protected]. We will respond within 30 days from the date of receipt.
9. Data Retention
Pursuant to the Storage Limitation principle of PDPA, we retain data only as long as necessary:
| Data Type | Retention Period | Reason |
|---|---|---|
| Active account data | Duration of account | Service provision |
| Deleted account data | 30 days | Prevent accidental deletion |
| Usage logs | 90 days | Security and analytics |
| Payment data | 7 years | Accounting and tax law |
| Consent records | 3 years after withdrawal | PDPA compliance evidence |
10. Minors
Our services are not intended for individuals under the age of 14, consistent with international social media platform standards (e.g., TikTok, Meta). If we discover that personal data has been collected from a child under 14 without parental consent, we will delete that data immediately.
For users aged 14–20 who are still considered minors under Thai Civil and Commercial Law, use of the service requires consent from a parent or legal guardian pursuant to Section 20 of PDPA.
11. External Links and Affiliates
Nightkun contains links to external websites and affiliate programs (such as Shopee). We are not responsible for the privacy practices of those platforms, which may be governed by data protection laws different from PDPA. We encourage you to review each platform's privacy policy before use.
12. Policy Changes
We may update this policy to reflect changes in PDPA regulations or our services. We will notify you at least 30 days in advance via email and in-platform announcement.
13. Contact Us
If you have questions, concerns, or wish to exercise any rights under PDPA, please contact:
- Email: [email protected]
We will respond within 30 days from the date of receipt.