Privacy Policy
1.1 Application Purpose
Thai Lottery Way is a social media-style mobile application designed for sharing and studying Thai lottery information officially authorized by the Government of Thailand. This Privacy Policy details how we protect and manage users’ personal information.
1.2 Privacy Policy Objectives
I. Main Objectives
- To explain how we protect and manage users’ personal information
- To ensure transparency in data collection, storage, and usage
- To help users understand their rights and choices
1.3 Policy Scope
I. Coverage
- All Thai Lottery Way mobile applications and related services
- All international users
- Only users aged 18 and above
- Excluding countries/regions where prohibited by law
1.4 Personal Data Management
I. Voluntarily Provided Information
- Account name
- Email address
- Phone number
- Profile photo
II. Automatically Collected Information
- Device ID
- IP address
- Location data
- App usage data
- System log data
III. Information Received from Third-party Services
- Google logins [name, email, profile]
- Analytics providers
- Advertisement partners
IV. Data Retention Period
Account Deletion:
- All personal data will be deleted within 30 days after account deletion
- Users can export their personal data before account deletion
- Publicly shared content will be retained
Security Records:
- Security audit logs – minimum 2 years
- System logs – 6 months
- Dispute resolution records – up to 1 year after resolution
Backup Period:
- Data recovery available up to 90 days
- Stored in encrypted format only
- Automatic deletion through automated system
IIV. Data Transfer and Cross-border Data Flow
International Server Data Transfer:
- Transfers to cloud hosting providers
- Transfers between data centers
- Data transmission using encryption technology
Third-party Service Provider Data Sharing:
Sharing Partners:
- Google Analytics (usage data)
- Firebase (account management)
- Cloud storage providers (data storage)
Shared Information:
- Device information
- Usage statistics
- App performance data
Compliance with National Data Protection Laws:
- GDPR (European Union)
- PDPA (Thailand)
- APEC Privacy Framework
1.5 Data Protection
I. Data Encryption Technologies
- End-to-end encryption
- SSL/TLS protocols
- Secure data storage
II. Access Control Systems
- Two-factor authentication
- Role-based access control
- Session management
III. Security Updates
- Regular security patches
- System updates
- Vulnerability assessments
1.6 Usage
I. Service Provision
- Data analysis services
- Historical data provision
- Trend analysis
II. App Improvement
- Performance optimization
- Feature development
- User experience enhancement
III. Customer Support
- Technical support
- User assistance
- Query handling
IV. Marketing
- Service updates
- New features
- Promotional content
1.7 Contact Information
- Email: [email protected]
- Customer Support: 24/7 [via email]
- Website: https://thailotteryway.com
- Telegram: https://t.me/ThaiLotteryWay
1.8 Important Terms Definitions
- “Application” refers to Thai Lottery Way mobile application
- “User” refers to each individual using the app
- “Personal Information” refers to any information related to the user
- “Service” refers to all services provided by Thai Lottery Way
1.9 Policy Revision Information
I. Latest Revision Details
- Revision Date: [01.01.2025]
- Policy Version Number: [2.0]
II. Policy Change Notifications
- Important policy changes will be notified through app notifications
- Changes will be announced in advance on app/website
- Users must accept changes to continue using the service
- Previous policies will be maintained as records
2. Device Data Collection
General Information:
We collect, store, and manage the following information to enhance user service experience and provide secure services.
2.1 User Account Information
Information obtained through Google Account:
Profile information
Name
Email address
Information obtained through App Registration:
Email address
Password
Other account-related information:
Unique User ID (User UID)
Account creation time
Last login time
Account status
Account login attempts and failures
Password reset history
Data Retention Period:
Basic profile information – Retained during account existence
Activity logs – Retained for 30 days after account closure
Temporary session data – Automatically deleted by system
2.2 Device Information
(a) Basic Device Information:
Device ID / Firebase Installation ID
Device type
Operating system version
Application version
(b) Connection Information:
Language settings
Internet connection type (WiFi/Mobile Data)
IP address
Time zone
Data Usage:
Application optimization
Bug detection
Performance monitoring
Note: We collect technical device data to ensure smooth operation of application features without errors and to perform device-specific optimizations.
2.3 App Usage Information
(a) Usage Pattern Data:
Session information
Screen views
Push notification tokens
(b) Performance Data:
Application errors (for debugging)
Internet usage statistics
Feature usage statistics
(c) User Preferences:
User settings
Saved customizations
Note: We monitor application usage patterns to identify most-used features and areas of difficulty, enabling improvements and performance enhancements.
2.4 Location Information
(a) Basic Location Data:
Country-level location
Location permission status
Data Usage:
Region-specific service delivery
Compliance with regional regulations
Note: We collect basic location data with user consent to provide appropriate regional services and ensure compliance with local regulations.
2.5 Security-related Information
(a) Basic Security Information:
Security events
Application signature verification
Device root/jailbreak status
SSL/TLS connection data
Security Guarantees:
All data protected with industry-standard encryption
Strict limitations on third-party data sharing
User notification within 24 hours of any data breach
Note: We monitor application security data to protect against threats, maintain account security, and ensure secure data transfer. This information is continuously monitored for timely response to security breaches.
Additional Notes:
All above information is handled according to company privacy policy
Special attention to user privacy with minimal data collection
Data maintained according to international data protection standards
Users have full rights to view, edit, and delete their information
3. Required App Permissions
3.1 Internet Permission
(a) Purpose of Use
Access online services
Update content
Sync user data
(b) Usage Pattern
Can use both WiFi and mobile data
Automatic background data synchronization
Used for critical updates
3.2 Google Play Services Permission
(a) Required Reasons
Sign in through Google Account
For push notification system
For application updates
(b) Services to be Used
Firebase Analytics
Google Sign-in
Google Cloud Messaging
Maps API (if applicable)
3.3 Photo and Videos Permission
(a) Purpose of Use
Upload profile photos
Store media files
Open/save videos
(b) Storage Location
Device’s internal storage
Dedicated app folder
Cache folder for temporary files
3.4 Notifications Permission
(a) Types of Notifications
System notifications
Update notifications
Security alerts
(b) Controls
Can disable notifications
Can choose to receive important notifications only
Can manage notifications based on time/location
3.5 Music and Audio Permission
(a) Purpose of Use
Used only for notification sound alerts
To control System Notification Sound
(b) Explanation
Used only for sound notifications of important alerts from the application
This permission is included as part of the Notification System
Not used for any other audio-related functions
Additional Notes:
User permission will be requested for each permission
Permissions can be modified at any time
Only necessary permissions will be requested
Related features cannot be used if permission is disabled
Permissions are managed with special attention to user privacy
4. App Usage
4.1 Database Structure
(a) User Table
user_id: Unique identifier of user
device_info: Device information (model, OS version)
last_login: Last access time
status: Current status of user
(b) Session Table
login_time: Account login time
logout_time: Account logout time
session_duration: Usage duration
session_status: Status of session
(c) Error Logs Table
error_type: Type of error
timestamp: Time of occurrence
error_description: Detailed error description
error_status: Resolution status (resolved/unresolved)
(d) Usage Stats Table
feature_used: Used feature
timestamp: Time of usage
duration: Duration of usage
user_action: User’s action
(e) Analytics Table
user_behavior_metrics
feature_engagement_rates
user_retention_data
conversion_metrics
(f) App Performance Table
response_times
crash_reports
memory_usage
battery_consumption
(g) Authentication Table
login_attempts
login_methods
login_timestamps
authentication_status
4.2 Basic Tracking Requirements
(a) App Usage Tracking
App launch time
App close time
Duration per session
Daily usage frequency
(b) Feature Usage Tracking
Usage time of each feature
Most used features
Response time of each feature
Feature usage patterns
(c) Error Monitoring
Error occurrence time
Error type
Feature where error occurred
Error occurrence patterns
(d) Network Monitoring
Network connection status
Network speed
Data usage statistics
Connection stability
(e) User Behavior Analytics
In-app navigation patterns
Feature engagement rates
User preferences
User retention metrics
(f) Device Statistics
Device type distribution
OS version statistics
Screen resolution data
Hardware performance metrics
4.3 Data Collection Method
(a) Automatic Collection Process
Building background service
Service lifecycle management
Battery optimization consideration
Setting data collection interval
(b) Local Storage Management
SQLite database design
Data compression
Storage optimization
Cache management
(c) Server Synchronization
Developing sync algorithm
Setting sync schedule
Failed sync handling
Data conflict resolution
(d) Data Validation Process
Input data validation
Data integrity checks
Data format standardization
(e) Backup Strategy
Regular backup schedule
Backup verification process
Recovery testing procedures
(f) Real-time Analytics
Live user tracking
Instant error reporting
Real-time performance monitoring
4.4 Security
(a) Data Encryption
User data encryption algorithm
Encryption key management
Secure storage implementation
Encryption performance optimization
(b) Secure Transmission
SSL/TLS implementation
API security measures
Token-based authentication
Request/Response encryption
(c) Data Retention
Setting data retention period
Automated data cleanup
Data backup policy
Data recovery procedures
(d) Access Control
Role-based access control
Authentication logs
Session management
(e) Compliance
GDPR compliance (if applicable)
Local data protection laws
Regular security audits
(f) Incident Response Plan
Security breach protocols
Data breach notification process
Recovery procedures
(g) Audit Logging
System access logs
Data modification logs
Security event logs
Additional Notes:
- Collecting data in accordance with privacy policy
- Data collection only with user consent
- Quality assessment of collected data
- Handling data according to security standards
- Regular monitoring of collected data
- Regular cleanup of unnecessary data
5. Third-party Services Intergration
5.1 Google Analytics Integration
(a) User Behavior Tracking
Most used features list
Usage time period (date/time)
Session durations
Feature-wise usage rates
User behavior patterns
(b) Screen View Analysis
Entry screen
Screen view sequence
Time spent per screen
Popular navigation paths
Drop-off points
(c) Event Tracking
Button clicks
Form submissions
Search queries
Content interactions
Error events
(d) Conversion Tracking
Account creation completion rate
Feature usage completion rate
In-app goals completion rate
User retention metrics
Churn analysis
(e) Custom Analytics Reports
Daily/Weekly/Monthly usage reports
Feature adoption reports
User engagement reports
Performance metrics reports
Custom KPI tracking reports
5.2 Firebase Integration
(a) Firebase Analytics
Real-time user metrics
• Current active users
• Screen view counts
• Event counts
• User propertiesUser engagement metrics
• Session duration
• Screen time
• Feature usage
• Retention ratesCrash reporting
• Crash locations
• Stack traces
• Device information
• Crash patterns
(b) Firebase Cloud Messaging
Push notifications
• Notification types
• Scheduling system
• Target audience settings
• Delivery trackingIn-app messaging
• Message templates
• Triggering conditions
• A/B testing
• Performance tracking
(c) Firebase Performance Monitoring
App performance metrics
• Startup time
• Screen render time
• Animation performance
• Memory usageNetwork usage stats
• API response times
• Download/Upload speeds
• Connection quality
• Data consumptionApp latency tracking
• UI response time
• Background task duration
• Resource loading time
• Cache performance
5.3 Integration Requirements
(a) SDK implementations
Google Analytics SDK setup
Firebase SDK integration
Version compatibility checks
Dependencies management
Implementation testing
(b) API key management
Key generation process
Key rotation policy
Access control
Usage monitoring
Security measures
(c) Service configuration
Analytics property setup
Firebase project setup
Service enablement
Feature configuration
Integration testing
(d) Data sync settings
Sync frequency
Data retention rules
Backup configuration
Recovery procedures
Conflict resolution
(e) Error handling
Error detection
Error logging
Recovery procedures
User notification
Debug information collection
5.4 Security and Privacy
(a) Data sharing policies
Third-party data sharing rules
Data access limitations
Data usage restrictions
Compliance requirements
Documentation requirements
(b) User consent management
Consent collection
Consent storage
Consent updates
Withdrawal handling
Audit logging
(c) API key protection
Key storage security
Access restrictions
Usage monitoring
Key rotation
Breach response
(d) Network security
SSL/TLS implementation
Request authentication
Rate limiting
DDoS protection
Security monitoring
5.5 Social Media Integration
Google Sign-in Integration
• OAuth 2.0 authentication
• User profile data synchronization
• Sign-in state management
• Token management
• Error handling for sign-in process
5.6 Data Backup Services
Cloud backup services
Automatic backup schedule
Backup encryption
Recovery procedures
5.7 Monitoring & Reporting
System health monitoring
Performance monitoring
Usage analytics
Error tracking and reporting
5.8 Compliance & Documentation
API documentation
Integration guidelines
Security compliance
Regular audit procedures
5.9 Testing & Quality Assurance
(a) Integration Testing Procedures
API endpoint testing
Service compatibility testing
Data flow verification
Error handling validation
Integration sequence testing
(b) Unit Testing Framework
Individual service testing
Function-level testing
Module testing
Component interaction testing
Regression testing
(c) End-to-End Testing
User flow testing
Cross-service functionality
Data integrity checks
Performance benchmarking
System reliability testing
(d) Performance Testing
Load testing
Stress testing
Scalability testing
Response time testing
Resource usage monitoring
(e) Security Testing
Vulnerability assessment
Penetration testing
Authentication testing
Authorization testing
Data encryption testing
(f) Bug Tracking & Resolution
Issue logging system
Priority classification
Resolution workflow
Verification process
Documentation updates
(g) Quality Assurance Documentation
Test cases documentation
Testing procedures
Results reporting
Improvement recommendations
Compliance verification
6. Data retention policy
6.1 Data Storage Duration Requirements
(a) User Account Data
-
Account information
-
Personal information
-
Contact details
-
Preference settings
-
Activity records
Retention period: Until account deletion
(b) Session Records
-
Login/Logout timestamps
-
Session IDs
-
IP addresses
-
Device information
-
Browser information
Retention period: 3 months
(c) Error Logs
-
Error codes
-
Stack traces
-
Error messages
-
Debug logs
-
System logs
Retention period: 1 month
(d) Usage Statistics
-
Feature usage
-
Pageviews
-
Click events
-
Navigation paths
-
User interactions
Retention period: 6 months
(e) Analytics Data
-
User demographics
-
Behavior flows
-
Conversion rates
-
Performance metrics
-
Custom reports
Retention period: 1 year
6.2 Data Deletion Process
(a) Automatic Deletion
-
Deletion according to set schedule
-
Defining data types for deletion
-
Automatic backup data deletion
-
Deletion verification and documentation
-
System notification generation
(b) Manual Deletion (User Request)
-
Account deletion request form submission
-
Request verification process
-
Permanent deletion of all related data
-
Third-party service data deletion
-
Deletion confirmation notification
6.3 Backup Policy
(a) Daily Backup
-
Scheduled automatic backup
-
Backup data type definition
-
Backup method selection
-
Alternative storage preparation
(b) Backup Storage
-
30-day record retention
-
Encrypted storage usage
-
Access control management
-
Storage capacity management
6.4 Compliance
(a) Privacy Policy
-
Clear data retention policy documentation
-
Precise retention period specification
-
Deletion process documentation
-
User rights documentation
(b) User Consent
-
Consent collection process
-
Consent record maintenance
-
Consent withdrawal rights
-
Consent update process
(c) Legal Compliance
-
Data protection law compliance
-
Industry standards adherence
-
Regulatory compliance auditing
-
Regular policy review
6.5 Data Archival Process
(a) Data Types for Archiving
-
Historical records
-
Legacy data
-
Inactive accounts
-
Outdated configurations
(b) Archival Process
-
Archive criteria development
-
Archive schedule planning
-
Storage optimization management
-
Access control management
6.6 Data Recovery Procedures
(a) Recovery Scenario Definition
-
System failure cases
-
Data corruption incidents
-
User request recoveries
-
Disaster recovery situations
(b) Recovery Time Objectives (RTO)
-
RTOs for critical data
-
RTOs for non-critical data
-
RTOs by system component
-
Service level agreements (SLAs)
(c) Recovery Point Objectives (RPO)
-
Critical data recovery requirements
-
RPO definition by data type
-
Backup frequency and RPO alignment
-
Business impact analysis
(d) Recovery Testing Schedule
-
Regular recovery testing
-
Test results documentation
-
Recovery procedure updates
-
Lesson documentation
7. Security Measures
7.1 Data Encryption
(a) Data at Rest Security
File and database storage security
Local storage (SSD/HDD) security
Secure storage of critical data
Encryption for all data files
(b) Data in Transit Security
SSL/TLS security implementation
HTTPS protocol communication
API and endpoints security
Encryption of all data transfers
7.2 Authentication and Authorization
(a) Password Policy
Strong password requirements
Password change policies
Password reset procedures
Secure password storage
(b) Two-Factor Authentication (2FA)
SMS/Email verification
Authentication apps usage
Hardware token implementation
Biometric authentication
(c) Session Management
Session timeout settings
Session token security
Session invalidation system
Cross-device session management
(d) JWT Implementation
Token generation process
Token validation system
Token expiration management
Token refresh procedures
(e) Access Level Controls
Role-based access control
Permission level settings
Resource access restriction
Administrative controls
7.3 Network Security
(a) API Security
API authentication
API authorization
Request validation
Response security
(b) Firewall Management
Firewall rules configuration
Network filtering
Port security
Traffic monitoring
(c) DDoS Protection
Traffic analysis
Attack detection
Mitigation strategies
Recovery procedures
(d) Request Limiting
Rate limiting rules
API throttling
Request quotas
Usage monitoring
(e) SSL Certificate Management
Certificate installation
Certificate renewal
Certificate monitoring
Security updates
7.4 Application Security
(a) Input Validation
Data validation rules
Input sanitization
Type checking
Format validation
(b) SQL Injection Prevention
Prepared statements
Input escaping
Query validation
Database security
(c) XSS Protection
Content security policy
Output encoding
Script filtering
HTML sanitization
(d) CSRF Protection
Token validation
Same-origin policy
Request verification
Cookie security
(e) Security Headers Management
HTTP security headers
Browser security settings
Content security policy
Frame protection
7.5 Monitoring and Response
(a) Security Logging
Security event logging
Access logging
Error logging
Audit logging
(b) Real-time Threat Detection
Threat detection systems
Real-time monitoring
Alert mechanisms
Incident tracking
(c) Automatic Blocking System
Automated blocking rules
IP blocking
Account locking
Suspicious activity detection
(d) Security Incident Response Plan
Incident response procedures
Emergency protocols
Recovery plans
Communication strategies
(e) Regular Security Audits
Security audits
Vulnerability assessments
Penetration testing
Compliance checking
7.6 Mobile Security
(a) Mobile App Security
App code obfuscation
Anti-tampering protection
Secure data storage
Runtime protection
App signing and verification
(b) Mobile API Security
API authentication system
Certificate pinning
Mobile-specific encryption
Secure communication channels
7.7 Third-party Security
(a) Vendor Security Assessment
Third-party security audit
Compliance verification
Security certification check
Regular security reviews
(b) Integration Security
API integration security
Data sharing protocols
Access management
Security monitoring
7.8 Security Training & Awareness
(a) Employee Training
Security awareness programs
Security best practices
Incident response training
Social engineering awareness
(b) Security Documentation
Security policies
Standard operating procedures
Security guidelines
Incident response playbooks
7.9 Compliance & Regulations
(a) Industry Standards
ISO 27001
PCI DSS
HIPAA
GDPR compliance
(b) Regular Assessment
Compliance audits
Security certifications
Risk assessments
Gap analysis
7.10 DevSecOps Implementation
(a) Secure Development
Secure coding guidelines
Code review process
Security testing automation
Vulnerability scanning
(b) Container Security
Container scanning
Image security
Runtime security
Registry security
8. User Rights
8.1 Data Access Rights
(a) Personal Data Access
- Personal information
- Stored records
- Activity logs
- All related data
(b) Access Request Process
- Request procedure steps
- Required documentation
- Response timeline
- Access methods
8.2 Data Correction Rights
(a) Correctable Information
- Personal details
- Contact information
- Preferences
- Other modifiable data
(b) Correction Request Process
- Request submission
- Documentation submission
- Verification process
- Modification notification
8.3 Data Deletion Rights
(a) Deletable Data
- Personal information
- Activity records
- Photos/videos
- Other related content
(b) Deletion Request Process
- Request acceptance
- Verification check
- Deletion process
- Final notification
8.4 Data Portability Rights
(a) Transferable Data Types
- Personal information
- Activity records
- Files and media
- Other stored information
(b) Transfer Process
- Request acceptance
- Data format selection
- Transfer method selection
- Security measures
8.5 Consent Withdrawal Rights
(a) Withdrawable Consents
- Data usage consent
- Marketing consent
- Third-party sharing consent
- Other related consents
(b) Withdrawal Process
- Withdrawal request
- Impact clarification
- Confirmation process
- Follow-up actions
8.6 Complaint Submission Rights
(a) Complainable Issues
- Rights violations
- Policy violations
- Service issues
- Security concerns
(b) Complaint Process
- Complaint submission
- Evidence submission
- Investigation
- Response communication
- Resolution implementation
(c) Complaint Monitoring
- Complaint status tracking
- Resolution progress record
- Closure confirmation
- Statistical records
9. Age Restrictions
9.1 Age Restrictions and Rules
(a) Age Requirements
- Prohibition of use by persons under 18
- Usage restrictions based on age groups
- Special regulations for youth
- Parent/guardian permission requirements
(b) Reasons for Age Restrictions
- Legal requirements
- Security concerns
- Youth protection policies
- Social responsibilities
9.2 Age Verification and Account Authentication Process
(a) Age Verification Methods
- National ID/Citizenship card verification
- Passport verification
- Facial recognition technology
- Other legal documentation
(b) Registration and Verification Process
- Basic information collection
- Email/phone number verification
- Document submission
- Final verification
(c) Security Measures
- Password requirements
- Two-factor authentication
- Security questions
- Account history
(d) Non-compliance Actions
- Warnings
- Temporary account suspension
- Permanent account termination
- Legal actions
9.3 Legal Compliance
(a) National Law Compliance
- Age restriction laws
- Child protection laws
- Data protection regulations
- Other relevant laws
(b) International Standards Compliance
- GDPR requirements
- COPPA regulations
- ISO standards
- Other international guidelines
(c) Monitoring and Reporting
- Compliance monitoring
- Regular auditing
- Report preparation
- Updates as needed
