Privacy Policy

Last Updated: October 16, 2025

This Privacy Policy explains how Pickja ("we," "us," or "our") collects, uses, and protects your personal information.

1. Information We Collect

1.1 Account Information (If You Register)

• Email address
• Username
• Password (encrypted)
• Account creation and last login timestamps

1.2 Usage Data

• Randomizer usage statistics (spin counts)
• Winner names and timestamps you submit
• Shares you create and their view counts
• Browser type and user agent (for sessions only)

1.3 Shared Content

• Entries, themes, and configurations you create
• Images you upload (stored for 30 days)
• Share metadata (creation date, language, randomizer type)

1.4 Technical Data

• IP address (for rate limiting only, not stored long-term)
• Session tokens (encrypted, expires after 7 days)
• Cookies for authentication

1.5 Analytics

• Google Analytics for general site usage patterns
• Aggregate statistics (non-personal)

2. How We Use Your Information

2.1 Service Provision

• Authenticate and manage your account
• Store and display your randomizer setups
• Track usage statistics for registered users
• Maintain session security

2.2 Service Improvement

• Analyze usage patterns to improve features
• Monitor and prevent abuse
• Optimize performance and user experience

2.3 Communication

• Respond to your inquiries
• Send important service updates (when necessary)

2.4 Legal Compliance

• Prevent fraud and abuse
• Enforce our Terms of Service
• Comply with legal obligations

3. Data Storage and Security

3.1 Where We Store Data

• Database: Supabase (cloud PostgreSQL)
• Images: Supabase Storage (cloud object storage)
• Sessions: Secure HTTP-only cookies

3.2 Security Measures

• Passwords are encrypted (not stored in plain text)
• Session tokens are encrypted and expire automatically
• HTTPS encryption for all data transmission
• Regular security updates and monitoring

3.3 Data Retention

• Shares and images: Automatically deleted after 30 days
• Sessions: Expire after 7 days
• Inactive accounts: Not automatically deleted (you must delete manually)
• Account deletion: Permanent and removes all associated data

4. Data Sharing and Disclosure

4.1 We DO NOT:

• Sell your personal information to third parties
• Share your email or password with anyone
• Use your data for advertising targeting

4.2 We MAY Share Data:

• Public Shares: If you make a share public, anyone with the link can view it
• Service Providers: Third-party services that help us operate (e.g., Supabase, Google Analytics)
• Legal Requirements: When required by law or to protect rights and safety
• Business Transfer: In case of merger, acquisition, or sale

4.3 Third-Party Services

• Google Analytics: Tracks anonymous usage statistics (Google Privacy Policy)
• Supabase: Hosts our database and storage (Supabase Privacy Policy)

5. Cookies

5.1 What We Use

• Session Cookie: session_token - Required for authentication (expires after 7 days)

5.2 Third-Party Cookies

• Google Analytics may set cookies for analytics purposes

5.3 Your Control

• You can disable cookies in your browser, but this will prevent login functionality

6. Your Rights

6.1 Access and Control

• View your profile and statistics anytime
• Update your username and password
• Make shares public or private
• Delete individual shares

6.2 Account Deletion

• Delete your account anytime from settings
• This permanently removes:
  • Your account information
  • All shares you created
  • All images you uploaded
  • All personal statistics

6.3 Data Portability

• Contact us to request a copy of your data
• We will provide it in a structured, machine-readable format

6.4 Right to Object

• Contact us to object to certain data processing activities

7. Children's Privacy

Pickja is not intended for children under 13. We do not knowingly collect information from children under 13. If you believe we have collected such information, contact us immediately for deletion.

8. International Users

Your information may be transferred to and stored in servers located outside your country. By using Pickja, you consent to this transfer.

For EU/EEA Users (GDPR):

• You have additional rights under GDPR
• Data transfers comply with GDPR requirements
• Contact us to exercise your GDPR rights

For Thailand Users (PDPA):

• We comply with Thailand's Personal Data Protection Act
• You have rights to access, correct, and delete your data
• Contact us for PDPA-related requests

9. Changes to Privacy Policy

We may update this policy from time to time. Changes will be posted on this page with an updated date. Continued use means you accept the changes.

10. Contact Us

For privacy-related questions or requests:

Email: chunchat02@gmail.com

Data Protection Requests:

• Access your data
• Correct inaccurate data
• Delete your data
• Export your data
• Object to data processing

We will respond within 30 days.

11. Your Consent

By using Pickja, you consent to this Privacy Policy and our collection and use of information as described.

---

Last reviewed and updated: October 16, 2025