Privacy Policy

Last updated: April 14, 2026

1. Data Controller

Hot Thai Girls operates this Platform as the data controller responsible for your personal data under the Personal Data Protection Act B.E. 2562 (2019) ('PDPA'). For questions about data handling, contact us at:

admin@hothaigirls.com

2. Data We Collect

We collect the following categories of personal data:

  • Account Data: email address and password (stored in hashed form);
  • Profile Data: display name, age, photographs, and location information you provide;
  • Listing Data: descriptions, pricing information, contact details (phone, LINE ID, WhatsApp, Telegram), and area;
  • Usage Data: IP address, browser type and version, device type, pages visited, referral URLs, and timestamps;
  • Cookies: essential session cookies for authentication and the NEXT_LOCALE cookie for language preference.

3. Sensitive Personal Data

Under PDPA Section 26, certain categories of personal data are classified as sensitive and subject to heightened protection. Information relating to gender identity and preferences indicated in listings may constitute sensitive personal data. We collect and process such data only with your explicit consent, obtained separately during listing creation (PDPA Section 21). You may withdraw this consent at any time without affecting the lawfulness of prior processing.

4. How We Use Your Data

We use your personal data for the following purposes:

  • To create, authenticate, and manage your user account;
  • To publish and display your listings to other Platform users;
  • To maintain Platform security and detect and prevent fraud, abuse, or prohibited activity;
  • To analyse aggregated usage patterns and improve Platform functionality;
  • To comply with legal obligations, including lawful requests from Thai authorities;
  • To communicate service updates, policy changes, or account-related notices.

5. Legal Basis for Processing

Under PDPA Section 24, we process your personal data on the following bases:

  • Consent: for account creation, listing publication, and processing of sensitive personal data (Sections 19-21);
  • Contractual necessity: to provide requested services such as displaying your listing and maintaining your account;
  • Legitimate interest: for Platform security, fraud prevention, and service improvement, where not overridden by your data protection rights;
  • Legal obligation: to comply with Thai law, including law enforcement requests and the Computer Crime Act B.E. 2550 Section 26 data retention requirement.

6. Data Retention

We retain your personal data for the following periods:

  • Account data: retained for the lifetime of your account and three (3) years following deletion, to comply with legal obligations;
  • Traffic and log data: minimum 90 days as required by Computer Crime Act B.E. 2550 Section 26, up to two (2) years if ordered by competent authority;
  • Listing data: retained until you delete it, plus one (1) year in backups before permanent deletion;
  • Usage analytics: retained for one (1) year from collection, then permanently deleted.

Following expiry of these periods, data will be securely deleted or anonymised.

7. Data Sharing and Disclosure

We share your personal data only with:

  • Supabase Inc.: database hosting and authentication provider, processing data under a data processing agreement (PDPA Section 27);
  • Vercel Inc.: web hosting and CDN provider, processing data under a data processing agreement;
  • Law enforcement and regulatory authorities: where required by Thai law, court order, or other legal process.

We do not sell, rent, or trade your personal data to any third party for commercial or marketing purposes.

8. International Data Transfers

Your personal data may be processed on servers outside the Kingdom of Thailand by our service providers (Supabase Inc. and Vercel Inc.). Under PDPA Sections 28-29, where personal data is transferred internationally, we ensure appropriate safeguards are in place, including the use of Standard Contractual Clauses or equivalent measures. As the PDPC has not yet published a comprehensive adequacy list, we rely on contractual safeguards and inform you that the destination countries may not have data protection standards equivalent to Thailand's PDPA.

9. Your Rights Under the PDPA

Under Sections 30-36 of the PDPA, you have the following rights:

  • Right of Access (Section 30): request a copy of personal data we hold about you;
  • Right to Data Portability (Section 31): receive your data in a structured, commonly used, machine-readable format;
  • Right to Object (Section 32): object to processing based on legitimate interest;
  • Right to Erasure (Section 33): request deletion, subject to legal retention obligations;
  • Right to Restriction (Section 34): request limitation of processing in certain circumstances;
  • Right to Rectification (Section 35): request correction of inaccurate or incomplete data;
  • Right to Withdraw Consent (Section 20): withdraw consent at any time without affecting prior lawful processing.

To exercise any right, email admin@hothaigirls.com with your request. We will respond within 30 days and may request identity verification.

10. Consent Withdrawal

Where processing is based on consent, you may withdraw it at any time by emailing admin@hothaigirls.com or deleting your account through Platform settings. Withdrawal may result in removal of active listings and loss of access to certain features. Withdrawal does not affect lawfulness of processing carried out prior to withdrawal (PDPA Section 20).

11. Cookies

We use only strictly necessary cookies:

  • Session cookies: for user authentication and maintaining your logged-in state;
  • Language preference cookie (NEXT_LOCALE): to remember your preferred language (English or Thai).

These strictly necessary cookies do not require consent under the PDPA. We do not use any third-party analytics, advertising, or tracking cookies.

12. Data Security

We implement appropriate technical and organisational security measures as required by PDPA Section 37:

  • Encryption of all data in transit using TLS 1.2 or higher;
  • Encryption of sensitive data at rest within our database systems;
  • Row-level security (RLS) policies on all database tables;
  • Authentication controls ensuring users access only their own data;
  • Regular security assessments of Platform infrastructure.

No system is completely secure. If you believe your account has been compromised, contact us immediately at admin@hothaigirls.com.

13. Children

The Platform is strictly not intended for persons under 18 years of age, in accordance with the Child Protection Act B.E. 2546 (2003). We do not knowingly collect personal data from individuals under 18. If we become aware of such data, we will immediately delete it and terminate the associated account. If you believe we hold data from a person under 18, contact us immediately at admin@hothaigirls.com.

14. Data Breach Notification

In the event of a personal data breach, we will notify the Personal Data Protection Committee (PDPC) within 72 hours of becoming aware of the breach, as required by PDPA Section 40. If the breach is likely to result in high risk to your rights and freedoms, we will notify affected data subjects without undue delay.

15. Complaints to the PDPC

If you believe your data protection rights have been violated and are not satisfied with our response, you have the right to lodge a complaint with the Personal Data Protection Committee (PDPC) of Thailand. Contact: Office of the Personal Data Protection Committee (PDPC), Bangkok, Thailand. Website: www.pdpc.or.th. Hotline: 02-142-1033.

16. Contact

For privacy enquiries, data subject requests, or concerns about our data practices, contact:

admin@hothaigirls.com

Terms of ServiceContact UsBack to Home
Go Home