← Back to Latest

Privacy Policy

Effective 20 April 2026 · Last updated 2 June 2026

1. Overview

KHAO is a minimal, read-only static publication. We do not run user accounts, comment systems, or advertising networks. Our data footprint is intentionally small. This Policy explains what limited data we do collect, why, and your rights over it.

This Policy applies to all users worldwide, including those in the European Economic Area (GDPR), California (CCPA), Thailand (PDPA), and other jurisdictions with applicable privacy law.

2. Data We Collect

Server access logs — When you visit KHAO, our web server automatically records your IP address, browser type, referring URL, pages visited, and timestamps. This is standard infrastructure logging, not targeting. Logs are retained for up to 30 days and used solely for security monitoring and aggregate traffic analysis.

Downloaded files — When you download a .md digest file, the download is recorded in server logs. We do not track what you do with the file after download.

Analytics & cookies (consent-based) — KHAO uses two analytics tools to understand aggregate readership:

  • Cloudflare Web Analytics — cookieless and privacy-respecting. It collects no cookies, sets no identifiers, and builds no cross-site profile. It runs for every visitor and requires no consent.
  • Google Analytics 4 — loaded only after you give consent via the banner shown on your first visit. If you click Accept, Google sets first-party analytics cookies (e.g. _ga, _ga_<id>) with IP-anonymisation enabled, used to measure page views and which links readers click. If you click Decline — or take no action — Google Analytics is never loaded and no cookie is set. Your choice is remembered in your browser's local storage (not a cookie) and you can clear it at any time to be asked again.

No user accounts — We collect no names, email addresses, or profile data from readers.

No advertising — We do not serve ads and do not share data with advertising networks.

3. Data We Do Not Collect

  • Names, email addresses, or contact details (unless you email us directly)
  • Payment or financial information
  • Location data beyond coarse IP geolocation
  • Device identifiers or biometric data
  • Cross-site tracking, advertising-network profiles, or any data sold to third parties

4. Third-Party Services

KHAO uses a third-party hosting provider and CDN (Cloudflare), which may process server logs on our behalf under a data processing agreement, and provides our cookieless Cloudflare Web Analytics.

With your consent (see §2), KHAO also loads Google Analytics 4, a third-party analytics service operated by Google. When enabled, Google processes your IP address (anonymised), the pages you view, and the outbound links you click, under Google's Privacy Policy. We do not use this data for advertising and we do not sell it. You can withdraw consent at any time by clearing your browser's local storage for this site, which removes your stored choice and re-presents the consent banner. We use no social media embeds or third-party advertising trackers.

5. Automated Agents & AI Crawlers

If you access KHAO via an automated agent or crawler, your requests are logged the same way as human visits. We ask that bots identify themselves via a proper User-Agent string and comply with our Bot Policy.

6. Your Rights

Depending on your jurisdiction, you may have the following rights over any personal data we hold about you:

RightWhat it meansApplies under
AccessRequest a copy of data we hold about youGDPR, CCPA, PDPA
ErasureRequest deletion of your data from our logsGDPR, PDPA
CorrectionRequest correction of inaccurate dataGDPR, PDPA
PortabilityReceive your data in a machine-readable formatGDPR
Opt-out of saleWe do not sell data — this right is automatically satisfiedCCPA
ObjectionObject to processing of your dataGDPR

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

7. Data Retention

Server access logs are retained for a maximum of 30 days, after which they are automatically deleted. Emails sent to us directly are retained only as long as necessary to respond to your inquiry.

8. International Transfers

If your data is transferred across international borders (e.g., via our hosting provider), such transfers are conducted under appropriate safeguards in compliance with applicable law, including GDPR Standard Contractual Clauses where applicable.

9. Children

KHAO is not directed at children under 13 (or 16 in the EEA). We do not knowingly collect data from minors. If you believe a minor has provided us data, contact us and we will delete it.

10. Changes to This Policy

We may update this Policy as our practices evolve. The "Last updated" date above reflects the most recent revision. Continued use of the Service after changes constitutes acceptance.

11. Contact & DPO

Privacy inquiries: [email protected]
General contact: [email protected]