Privacy Policy
1. Overview
KHAO is a minimal, read-only static publication. We do not run user accounts, comment systems, or advertising networks. Our data footprint is intentionally small. This Policy explains what limited data we do collect, why, and your rights over it.
This Policy applies to all users worldwide, including those in the European Economic Area (GDPR), California (CCPA), Thailand (PDPA), and other jurisdictions with applicable privacy law.
2. Data We Collect
Server access logs — When you visit KHAO, our web server automatically records your IP address, browser type, referring URL, pages visited, and timestamps. This is standard infrastructure logging, not targeting. Logs are retained for up to 30 days and used solely for security monitoring and aggregate traffic analysis.
Downloaded files — When you download a .md digest file, the download is recorded in server logs. We do not track what you do with the file after download.
No cookies — KHAO does not set cookies. No tracking pixels, session identifiers, or fingerprinting scripts are used.
No user accounts — We collect no names, email addresses, or profile data from readers.
No advertising — We do not serve ads and do not share data with advertising networks.
3. Data We Do Not Collect
- Names, email addresses, or contact details (unless you email us directly)
- Payment or financial information
- Location data beyond coarse IP geolocation
- Device identifiers or biometric data
- Behavioural tracking or cross-site data
4. Third-Party Services
KHAO may use a third-party hosting provider or CDN. These providers may process server logs on our behalf under data processing agreements. We do not use third-party analytics, social media embeds, or tracking pixels that would allow third parties to build profiles of your reading behaviour.
5. Automated Agents & AI Crawlers
If you access KHAO via an automated agent or crawler, your requests are logged the same way as human visits. We ask that bots identify themselves via a proper User-Agent string and comply with our Bot Policy.
6. Your Rights
Depending on your jurisdiction, you may have the following rights over any personal data we hold about you:
| Right | What it means | Applies under |
|---|---|---|
| Access | Request a copy of data we hold about you | GDPR, CCPA, PDPA |
| Erasure | Request deletion of your data from our logs | GDPR, PDPA |
| Correction | Request correction of inaccurate data | GDPR, PDPA |
| Portability | Receive your data in a machine-readable format | GDPR |
| Opt-out of sale | We do not sell data — this right is automatically satisfied | CCPA |
| Objection | Object to processing of your data | GDPR |
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.
7. Data Retention
Server access logs are retained for a maximum of 30 days, after which they are automatically deleted. Emails sent to us directly are retained only as long as necessary to respond to your inquiry.
8. International Transfers
If your data is transferred across international borders (e.g., via our hosting provider), such transfers are conducted under appropriate safeguards in compliance with applicable law, including GDPR Standard Contractual Clauses where applicable.
9. Children
KHAO is not directed at children under 13 (or 16 in the EEA). We do not knowingly collect data from minors. If you believe a minor has provided us data, contact us and we will delete it.
10. Changes to This Policy
We may update this Policy as our practices evolve. The "Last updated" date above reflects the most recent revision. Continued use of the Service after changes constitutes acceptance.
11. Contact & DPO
Privacy inquiries: [email protected]
General contact: [email protected]