Skip to main content
01

Privacy Policy

How your personal information is collected, used, and protected.

Last updated January 29, 2026

You are viewing an older version. View current version (v4)

Introduction

This Privacy Policy explains how fasu.dev collects, uses, stores, and protects your personal information when you visit https://fasu.dev or use its services. This policy is designed to comply with the Thailand Personal Data Protection Act B.E. 2562 (PDPA).

By using this website, you acknowledge that you have read and understood this Privacy Policy.

Data Controller

Website: fasu.dev Contact Email: contact@fasu.dev

If you have questions about this Privacy Policy or wish to exercise your data subject rights, please contact me at the email address above.

Personal Data Collected

Data You Provide

  • Account information: name, email address, and password (stored in hashed form)
  • Profile image: obtained from your GitHub account if you sign up via GitHub OAuth
  • Comments: content you post on blog articles
  • Comment reports: reason and description when you report a comment

Data Collected Automatically

  • IP address: recorded when you sign in, post comments, or submit comment reports, for security and abuse prevention purposes
  • User agent: your browser and device information, recorded with each session
  • Session data: authentication tokens and session expiry timestamps
  • Page views: aggregate view counts on blog posts (not linked to individual users)

Data From Third Parties

  • GitHub: if you sign up using GitHub OAuth, your GitHub profile information (name, email, avatar URL) is received as authorized by your GitHub account settings

Analytics Data (Consent Required)

  • Vercel Analytics and Speed Insights: website usage data collected only if you accept analytics cookies via the consent banner. No analytics data is collected if you decline.

Purposes of Data Processing

Data CategoryPurposeLegal Basis (PDPA)
Account informationAccount creation and authenticationConsent (Section 19)
Profile imageDisplay alongside your comments and profileConsent (Section 19)
CommentsEnable discussion on blog postsConsent (Section 19)
Comment reportsContent moderation and community safetyLegitimate interest (Section 24)
IP addressSecurity, abuse prevention, and moderationLegitimate interest (Section 24)
User agentSession management and security monitoringLegitimate interest (Section 24)
Session dataMaintaining your authenticated stateContractual necessity (Section 24)
Analytics dataImproving website performance and user experienceConsent (Section 19)

Cookies and Tracking

The following cookies and local storage are used:

  • Session cookie: an authentication token set on the .fasu.dev domain to maintain your login state across the site. This is a strictly necessary cookie.
  • Analytics consent: your consent preference is stored in your browser's local storage under the key fasu-analytics-consent. This is not a tracking cookie.

Vercel Analytics and Speed Insights are loaded only after you grant consent via the banner displayed at the bottom of the page. You may change your preference at any time by clearing your browser's local storage.

Third-Party Services

The following third-party services are used to operate fasu.dev:

ServicePurposeData Shared
NeonPostgreSQL database hostingAll stored personal data
CloudflareAPI hosting (Workers), file storage (R2), caching (KV), and CDNRequest data, uploaded files
VercelFrontend hosting, analytics, and performance monitoringPage visits, performance metrics (consent required for analytics)
ResendTransactional email deliveryEmail address, email content
GitHubOAuth authenticationOAuth tokens, profile information

Each service processes data under their own privacy policies and data processing agreements.

Cross-Border Data Transfers

In accordance with PDPA Section 28, your personal data may be transferred to and processed in countries outside of Thailand. International service providers are used to operate fasu.dev, and your data may be stored or processed in the following jurisdictions:

ServiceCountry/RegionData TransferredSafeguards
Neon (Database)United States / European UnionAccount data, comments, sessions, IP addressesSOC 2 compliance; data encrypted at rest and in transit
Cloudflare (CDN & Workers)Global edge network (including US, EU, Asia)API requests, uploaded files, cached contentISO 27001 certified; Standard Contractual Clauses (SCCs); global data processing addendum
Vercel (Hosting & Analytics)United StatesPage visits, performance data, frontend assetsSOC 2 Type II; data processing addendum; analytics loaded only with consent
Resend (Email)United StatesEmail address, email content (verification, password reset)Data encrypted in transit; processed only for email delivery
GitHub (OAuth)United StatesOAuth tokens, GitHub profile data (name, email, avatar)SOC 2 certified; data processed only for authentication

Safeguards for Cross-Border Transfers

The following measures are taken to ensure your data is protected when transferred internationally:

  1. Service provider selection: providers are selected that maintain recognized security certifications (SOC 2, ISO 27001) and offer data processing agreements.
  2. Encryption: all data is transmitted using TLS/HTTPS encryption. Database connections use encrypted channels.
  3. Data minimization: only the minimum data necessary for each service to fulfill its purpose is shared.
  4. Contractual protections: service providers are bound by their published data processing agreements and privacy commitments.

If you have concerns about the transfer of your data outside Thailand, you may contact me at contact@fasu.dev.

Data Retention

Data TypeRetention Period
Account dataRetained until you delete your account
Session dataSessions expire after 7 days of inactivity
CommentsRetained until you delete the comment or your account
Comment reportsRetained until reviewed and resolved by an administrator
Verification tokensRetained until used or expired
Analytics dataManaged by Vercel per their retention policy

When you delete your account, all associated personal data (sessions, comments, linked accounts, and reports) is permanently deleted via cascading deletion.

Your Rights Under PDPA

As a data subject under the PDPA, you have the following rights:

  • Right of access (Section 30): Request a copy of the personal data held about you.
  • Right to data portability (Section 31): Export your personal data in a machine-readable format. You can do this from your account settings using the "Export data" feature.
  • Right to rectification (Section 35): Request correction of inaccurate personal data.
  • Right to erasure (Section 33): Request deletion of your personal data. You can delete your account from your account settings.
  • Right to restrict processing (Section 34): Request that processing of your data be limited.
  • Right to object (Section 32): Object to data processing based on legitimate interest.
  • Right to withdraw consent (Section 19): Withdraw your consent at any time. For analytics, you can decline or clear your consent via the cookie banner. For your account, you can delete it from your account settings.

To exercise any of these rights, contact me at contact@fasu.dev. I will respond to your request within 30 days.

Children's Privacy

fasu.dev is not directed at children under the age of 20 (as defined by PDPA Section 4). Personal data from children is not knowingly collected. If you believe a child has provided personal data, please contact me at contact@fasu.dev and it will be promptly deleted.

Changes to This Policy

This Privacy Policy may be updated from time to time. When updated, the "Last Updated" date at the top of this page will be revised and a new version published. Previous versions remain accessible via the version history on the legal page.

Contact

If you have questions, concerns, or wish to exercise your data subject rights, please contact:

02

Data Controller

Under the Personal Data Protection Act (PDPA), the data controller for this website is:

For data protection inquiries, rights requests, or complaints, contact the address above.