Legal

Privacy Policy

Last updated: April 27, 2026

1. Introduction

Rukter ("we," "our," or "us") operates an e-commerce platform that enables merchants to create and manage online stores. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform at rukter.com.

This policy is in accordance with the Thailand Personal Data Protection Act B.E. 2562 (PDPA) and applicable international data protection standards. By using Rukter, you consent to the practices described in this policy.

If you do not agree with the terms of this Privacy Policy, please discontinue use of our services.

2. Information We Collect

We collect information you provide directly to us and information generated through your use of our services.

Account Information:

  • Name, email address, and password when you register
  • Business name, store description, and logo
  • Phone number and contact details
  • Google account information (if you use Google Sign-In)

Store & Transaction Data:

  • Product listings, prices, inventory, and descriptions you create
  • Order details, customer names, shipping addresses, and payment records
  • Payment slip images uploaded for bank transfer verification
  • PromptPay QR code images

Usage Information:

  • Log data including IP address, browser type, pages visited, and timestamps
  • Device information (device type, operating system)
  • Feature usage patterns and navigation within the dashboard

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Rukter platform
  • Process subscriptions and billing
  • Enable order management and payment verification between sellers and customers
  • Send transactional emails (order confirmations, account notifications)
  • Provide customer support and respond to inquiries
  • Improve platform features and user experience through analytics
  • Detect and prevent fraud, abuse, or unauthorized access
  • Comply with legal obligations under Thai law and PDPA

We do not use your data for automated decision-making that produces legal or similarly significant effects without human review.

4. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

  • Service Providers: We share data with trusted vendors who help us operate the platform (cloud hosting, payment processing, email delivery). These vendors are contractually bound to protect your data.
  • Legal Requirements: We may disclose information if required by Thai law, court order, or government authority.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, user data may be transferred as part of that transaction, with notice provided to affected users.
  • With Your Consent: We may share information for any other purpose with your explicit consent.

Seller storefronts display product and contact information publicly as configured by the seller. Sellers are responsible for the data they display on their storefronts.

5. Data Storage and Security

Your data is stored on Amazon Web Services (AWS) infrastructure, primarily in the Asia Pacific (Singapore) region. We implement the following security measures:

  • Encryption in transit (TLS 1.2+) for all data communications
  • Encryption at rest for sensitive data including payment records
  • Access controls restricting data access to authorized personnel only
  • Regular security audits and vulnerability assessments

We retain your account data for as long as your account is active. If you close your account, we will retain transaction records for 7 years as required by Thai Revenue Department regulations, then securely delete remaining personal data.

While we implement industry-standard security measures, no system is completely secure. We cannot guarantee absolute security of your information.

6. Your Rights Under PDPA

Under the Thailand Personal Data Protection Act (PDPA B.E. 2562), you have the following rights:

  • Right of Access: Request a copy of the personal data we hold about you
  • Right of Rectification: Request correction of inaccurate or incomplete data
  • Right of Erasure: Request deletion of your personal data, subject to legal retention requirements — see our Account & Data Deletion page for step-by-step instructions
  • Right of Restriction: Request that we limit how we process your data
  • Right of Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing of your data for direct marketing or analytics
  • Right to Withdraw Consent: Withdraw consent at any time where processing is consent-based

To exercise any of these rights, contact us at [email protected]. We will respond to your request within 30 days.

7. Cookies and Tracking Technologies

We use the following types of cookies and tracking technologies:

  • Essential Cookies: Required for authentication sessions (rk_session) and core platform functionality. These cannot be disabled.
  • Analytics Cookies: Google Analytics 4 (GA4) and Meta Pixel — used to understand how visitors and merchants interact with the platform so we can improve features and measure marketing performance. For anonymous visitors we ask for explicit consent via a cookie banner before activating these. For signed-in users (storefront customers and dashboard merchants), analytics are activated automatically as part of providing the Service, as outlined in our Terms of Service. You may opt out at any time by emailing [email protected].
  • Preference Cookies: Store your language, theme, and consent (rk-consent) preferences.

Most browsers allow you to control cookies through their settings. Disabling essential cookies may prevent you from using certain platform features.

8. Third-Party Services

Our platform integrates with the following third-party services, each with their own privacy policies:

  • Amazon Web Services (AWS): Cloud infrastructure and file storage — aws.amazon.com/privacy
  • Google OAuth: Optional single sign-on authentication — policies.google.com/privacy
  • Cloudflare: Content delivery network and DDoS protection — cloudflare.com/privacypolicy

We are not responsible for the privacy practices of third-party services. We encourage you to review their privacy policies before use.

9. Children's Privacy

Rukter is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us immediately at [email protected] and we will promptly delete it.

Merchant sellers are responsible for ensuring their storefronts comply with applicable laws regarding children's data and online services for minors.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we make material changes, we will:

  • Update the "Last updated" date at the top of this page
  • Send an email notification to registered account holders at least 30 days before the change takes effect
  • Display a prominent notice on the Rukter dashboard

Your continued use of Rukter after the effective date of a revised policy constitutes acceptance of the updated terms.

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Data Protection team:

We are committed to resolving privacy concerns and will respond within 30 business days of receiving your inquiry.

Terms & Conditions →↑ Back to top