Privacy Policy

1. Introduction

Rukter ("we," "our," or "us") operates an e-commerce platform that enables merchants to create and manage online stores. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform at rukter.com.

This policy is in accordance with the Thailand Personal Data Protection Act B.E. 2562 (PDPA) and applicable international data protection standards. By using Rukter, you consent to the practices described in this policy.

If you do not agree with the terms of this Privacy Policy, please discontinue use of our services.

2. Information We Collect

We collect information you provide directly to us and information generated through your use of our services.

Account Information:

Name, email address, and password when you register
Business name, store description, and logo
Phone number and contact details
Google account information (if you use Google Sign-In)

Store & Transaction Data:

Product listings, prices, inventory, and descriptions you create
Order details, customer names, shipping addresses, and payment records
Payment slip images uploaded for bank transfer verification
PromptPay QR code images

Usage Information:

Log data including IP address, browser type, pages visited, and timestamps
Device information (device type, operating system)
Feature usage patterns and navigation within the dashboard

3. How We Use Your Information

We use the information we collect to:

Provide, operate, and maintain the Rukter platform
Process subscriptions and billing
Enable order management and payment verification between sellers and customers
Send transactional emails (order confirmations, account notifications)
Provide customer support and respond to inquiries
Improve platform features and user experience through analytics
Detect and prevent fraud, abuse, or unauthorized access
Comply with legal obligations under Thai law and PDPA

We do not use your data for automated decision-making that produces legal or similarly significant effects without human review.

5. Data Storage and Security

Your data is stored on Amazon Web Services (AWS) infrastructure, primarily in the Asia Pacific (Singapore) region. We implement the following security measures:

Encryption in transit (TLS 1.2+) for all data communications
Encryption at rest for sensitive data including payment records
Access controls restricting data access to authorized personnel only
Regular security audits and vulnerability assessments

We retain your account data for as long as your account is active. If you close your account, we will retain transaction records for 7 years as required by Thai Revenue Department regulations, then securely delete remaining personal data.

While we implement industry-standard security measures, no system is completely secure. We cannot guarantee absolute security of your information.

6. Your Rights Under PDPA

Under the Thailand Personal Data Protection Act (PDPA B.E. 2562), you have the following rights:

Right of Access: Request a copy of the personal data we hold about you
Right of Rectification: Request correction of inaccurate or incomplete data
Right of Erasure: Request deletion of your personal data, subject to legal retention requirements
Right of Restriction: Request that we limit how we process your data
Right of Portability: Receive your data in a structured, machine-readable format
Right to Object: Object to processing of your data for direct marketing or analytics
Right to Withdraw Consent: Withdraw consent at any time where processing is consent-based

To exercise any of these rights, contact us at [email protected]. We will respond to your request within 30 days.

7. Cookies and Tracking Technologies

We use the following types of cookies and tracking technologies:

Essential Cookies: Required for authentication sessions (rk_session) and core platform functionality. These cannot be disabled.
Analytics Cookies: Used to understand how users navigate the platform and improve features. You may opt out of analytics by contacting us.
Preference Cookies: Store your language and display preferences.

We do not use advertising or cross-site tracking cookies. Most browsers allow you to control cookies through their settings. Disabling essential cookies may prevent you from using certain platform features.

8. Third-Party Services

Our platform integrates with the following third-party services, each with their own privacy policies:

Amazon Web Services (AWS): Cloud infrastructure and file storage — aws.amazon.com/privacy
Google OAuth: Optional single sign-on authentication — policies.google.com/privacy
Cloudflare: Content delivery network and DDoS protection — cloudflare.com/privacypolicy

We are not responsible for the privacy practices of third-party services. We encourage you to review their privacy policies before use.

9. Children's Privacy

Rukter is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us immediately at [email protected] and we will promptly delete it.

Merchant sellers are responsible for ensuring their storefronts comply with applicable laws regarding children's data and online services for minors.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we make material changes, we will:

Update the "Last updated" date at the top of this page
Send an email notification to registered account holders at least 30 days before the change takes effect
Display a prominent notice on the Rukter dashboard

Your continued use of Rukter after the effective date of a revised policy constitutes acceptance of the updated terms.

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Data Protection team:

Email: [email protected]
Website: rukter.com

We are committed to resolving privacy concerns and will respond within 30 business days of receiving your inquiry.

Terms & Conditions →↑ Back to top

1. Introduction

If you do not agree with the terms of this Privacy Policy, please discontinue use of our services.

2. Information We Collect

We collect information you provide directly to us and information generated through your use of our services.

Account Information:

Name, email address, and password when you register
Business name, store description, and logo
Phone number and contact details
Google account information (if you use Google Sign-In)

Store & Transaction Data:

Product listings, prices, inventory, and descriptions you create
Order details, customer names, shipping addresses, and payment records
Payment slip images uploaded for bank transfer verification
PromptPay QR code images

Usage Information:

Log data including IP address, browser type, pages visited, and timestamps
Device information (device type, operating system)
Feature usage patterns and navigation within the dashboard

3. How We Use Your Information

We use the information we collect to:

Provide, operate, and maintain the Rukter platform
Process subscriptions and billing
Enable order management and payment verification between sellers and customers
Send transactional emails (order confirmations, account notifications)
Provide customer support and respond to inquiries
Improve platform features and user experience through analytics
Detect and prevent fraud, abuse, or unauthorized access
Comply with legal obligations under Thai law and PDPA

We do not use your data for automated decision-making that produces legal or similarly significant effects without human review.

5. Data Storage and Security

Your data is stored on Amazon Web Services (AWS) infrastructure, primarily in the Asia Pacific (Singapore) region. We implement the following security measures:

Encryption in transit (TLS 1.2+) for all data communications
Encryption at rest for sensitive data including payment records
Access controls restricting data access to authorized personnel only
Regular security audits and vulnerability assessments

While we implement industry-standard security measures, no system is completely secure. We cannot guarantee absolute security of your information.

6. Your Rights Under PDPA

Under the Thailand Personal Data Protection Act (PDPA B.E. 2562), you have the following rights:

Right of Access: Request a copy of the personal data we hold about you
Right of Rectification: Request correction of inaccurate or incomplete data
Right of Erasure: Request deletion of your personal data, subject to legal retention requirements
Right of Restriction: Request that we limit how we process your data
Right of Portability: Receive your data in a structured, machine-readable format
Right to Object: Object to processing of your data for direct marketing or analytics
Right to Withdraw Consent: Withdraw consent at any time where processing is consent-based

To exercise any of these rights, contact us at [email protected]. We will respond to your request within 30 days.

7. Cookies and Tracking Technologies

We use the following types of cookies and tracking technologies:

Essential Cookies: Required for authentication sessions (rk_session) and core platform functionality. These cannot be disabled.
Analytics Cookies: Used to understand how users navigate the platform and improve features. You may opt out of analytics by contacting us.
Preference Cookies: Store your language and display preferences.

8. Third-Party Services

Our platform integrates with the following third-party services, each with their own privacy policies:

Amazon Web Services (AWS): Cloud infrastructure and file storage — aws.amazon.com/privacy
Google OAuth: Optional single sign-on authentication — policies.google.com/privacy
Cloudflare: Content delivery network and DDoS protection — cloudflare.com/privacypolicy

We are not responsible for the privacy practices of third-party services. We encourage you to review their privacy policies before use.

9. Children's Privacy

Merchant sellers are responsible for ensuring their storefronts comply with applicable laws regarding children's data and online services for minors.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we make material changes, we will:

Update the "Last updated" date at the top of this page
Send an email notification to registered account holders at least 30 days before the change takes effect
Display a prominent notice on the Rukter dashboard

Your continued use of Rukter after the effective date of a revised policy constitutes acceptance of the updated terms.

1. Introduction

2. Information We Collect

3. How We Use Your Information

4. Information Sharing and Disclosure

5. Data Storage and Security

6. Your Rights Under PDPA

7. Cookies and Tracking Technologies

8. Third-Party Services

9. Children's Privacy

10. Changes to This Policy

11. Contact Us

1. Introduction

2. Information We Collect

3. How We Use Your Information

4. Information Sharing and Disclosure

5. Data Storage and Security

6. Your Rights Under PDPA

7. Cookies and Tracking Technologies

8. Third-Party Services

9. Children's Privacy

10. Changes to This Policy

11. Contact Us