Privacy Policy

Last Updated: December 2, 2025

Table of Contents

  1. Introduction
  2. Data Controller
  3. Information We Collect
  4. How We Use Your Information
  5. Legal Basis for Processing
  6. Data Sharing and Third Parties
  7. International Data Transfers
  8. Data Retention
  9. Your Rights
  10. Cookies and Tracking
  11. Data Security
  12. Children's Privacy
  13. Changes to This Policy
  14. Contact Us

1. Introduction

JamKham (จำคำ) ("we," "us," or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Thai language learning platform.

This policy complies with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

Important Notice

We do NOT sell your personal data to third parties. Your learning data and personal information are used solely to provide and improve our language learning service.

2. Data Controller

JamKham is the data controller responsible for your personal data. If you have questions about how we handle your data, please contact us using the information in Section 14.

3. Information We Collect

3.1 Account Information

When you create an account, we collect:

  • Email address (used for login and communications)
  • Password (stored in encrypted form)
  • Display name or username (optional)
  • Profile preferences and settings

3.2 Learning Data

To provide our language learning service, we collect:

  • PDF documents you upload for vocabulary extraction
  • Flashcard review history and performance scores
  • Learning progress, statistics, and achievements
  • Study session data (time spent, cards reviewed, accuracy)
  • Vocabulary items and custom notes you create
  • Learning preferences (training modes, difficulty settings)

3.3 Payment Information

When you subscribe to a paid plan:

  • Payment information is processed and stored by Stripe (our payment processor)
  • We store only limited payment metadata (subscription tier, billing cycle, transaction IDs)
  • We do NOT store your full credit card numbers or banking details

3.4 Technical Data

We automatically collect certain technical information:

  • IP address and device information
  • Browser type and version
  • Operating system
  • Referring website URLs
  • Pages visited and time spent on pages
  • Error logs and diagnostic data

3.5 Communications

If you contact us for support:

  • Email correspondence and support tickets
  • Feedback and survey responses

4. How We Use Your Information

We use your personal data for the following purposes:

4.1 Service Provision

  • Create and manage your account
  • Process PDF uploads and extract vocabulary using AI/LLM
  • Provide flashcard training and spaced repetition scheduling
  • Generate audio pronunciations for Thai vocabulary
  • Track your learning progress and provide analytics
  • Sync your data across devices

4.2 Service Improvement

  • Analyze aggregated usage patterns to improve features
  • Identify and fix technical issues
  • Develop new learning modes and features
  • Optimize AI/LLM vocabulary extraction accuracy

4.3 Communications

  • Send account verification and password reset emails
  • Provide customer support
  • Send important service updates and security notifications
  • Send optional learning reminders (if you opt in)
  • Notify you of subscription status and billing

4.4 Payment Processing

  • Process subscription payments via Stripe
  • Manage billing cycles and invoices
  • Handle refunds and payment disputes

4.5 Security and Fraud Prevention

  • Detect and prevent fraudulent account creation
  • Monitor for suspicious login attempts
  • Enforce rate limits and prevent abuse
  • Use CAPTCHA (Cloudflare Turnstile) to prevent bots

6. Data Sharing and Third Parties

We Do NOT Sell Your Data

JamKham does not sell, rent, or trade your personal data to third parties for marketing purposes.

We share your data only with trusted third-party service providers necessary to operate our Service:

6.1 Payment Processing

  • Stripe: Processes subscription payments and stores payment methods
  • Data shared: Email, subscription tier, billing information
  • Privacy policy: https://stripe.com/privacy

6.2 AI/LLM Vocabulary Extraction

  • OpenAI: Processes PDF text to extract Thai vocabulary
  • Anthropic (Claude): Alternative AI provider for vocabulary extraction
  • Data shared: Text content from uploaded PDFs
  • Note: We do NOT share personally identifiable account information with LLM providers
  • Privacy policies: OpenAI Privacy, Anthropic Privacy

6.3 Audio Generation

  • Google Cloud Text-to-Speech: Generates Thai audio pronunciations
  • Data shared: Thai vocabulary words and phrases
  • Privacy policy: https://cloud.google.com/privacy

6.4 Email Delivery

6.5 Security and Bot Protection

6.6 Hosting and Infrastructure

  • Cloud hosting providers (e.g., Railway, AWS) for data storage and service delivery
  • These providers have access to data only as necessary to maintain infrastructure

6.7 Error Monitoring and Performance

  • Sentry: Monitors application errors and performance to improve service reliability
  • Data shared: Error logs, browser/device information, page URLs, IP addresses (anonymized)
  • Note: We configure Sentry to minimize personal data collection and scrub sensitive information
  • Privacy policy: https://sentry.io/privacy/
  • Sentry is GDPR compliant and offers EU data residency

6.8 Legal Disclosures

We may disclose your data if required by law, court order, or government regulation, or if necessary to:

  • Comply with legal obligations
  • Protect our rights, property, or safety
  • Prevent fraud or illegal activities
  • Enforce our Terms of Use

7. International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence, including the United States and other jurisdictions where our service providers operate.

For transfers from the European Economic Area (EEA) to countries without an adequacy decision, we rely on:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data Processing Agreements with GDPR-compliant service providers
  • Privacy Shield frameworks (where applicable)

8. Data Retention

We retain your personal data only as long as necessary to provide the Service and fulfill the purposes described in this policy:

  • Active accounts: Data is retained while your account is active
  • Deleted accounts: Most data is deleted within 30 days of account deletion
  • Backup retention: Backup copies may be retained for up to 90 days for disaster recovery
  • Legal obligations: Some data (e.g., payment records) may be retained longer to comply with tax and legal requirements (typically 7 years)
  • Aggregated data: Anonymous, aggregated statistics may be retained indefinitely for research and improvement

9. Your Rights (GDPR Articles 15-22)

Under GDPR and other data protection laws, you have the following rights:

9.1 Right of Access (Art. 15)

You can request a copy of the personal data we hold about you.

9.2 Right to Rectification (Art. 16)

You can request correction of inaccurate or incomplete data. You can update most information directly in your account settings.

9.3 Right to Erasure / "Right to be Forgotten" (Art. 17)

You can request deletion of your personal data. You can delete your account directly through account settings, or contact us for assistance.

9.4 Right to Data Portability (Art. 20)

You can request a copy of your data in a machine-readable format to transfer to another service.

9.5 Right to Object (Art. 21)

You can object to processing based on legitimate interests or for direct marketing purposes.

9.6 Right to Restrict Processing (Art. 18)

You can request limitation of processing in certain circumstances (e.g., while we verify data accuracy).

9.7 Right to Withdraw Consent

Where processing is based on consent, you can withdraw it at any time. This does not affect the lawfulness of processing before withdrawal.

9.8 Right to Lodge a Complaint

You can file a complaint with your local data protection authority if you believe we have violated your privacy rights.

How to Exercise Your Rights

To exercise any of these rights, please contact us at privacy@jamkham.com

We will respond to your request within 30 days as required by GDPR.

10. Cookies and Tracking

We use cookies and similar tracking technologies to provide and improve our Service:

Essential Cookies

  • Session cookies: Keep you logged in during your session
  • CSRF protection: Prevent cross-site request forgery attacks
  • Security cookies: Detect fraudulent login attempts

These cookies are necessary for the Service to function and cannot be disabled.

Analytics and Performance

We currently do NOT use third-party analytics services (e.g., Google Analytics). If we add analytics in the future, we will update this policy and request your consent where required.

Third-Party Cookies

  • Cloudflare Turnstile: May set cookies for CAPTCHA verification
  • Stripe: May set cookies during payment processing

11. Data Security

We implement industry-standard security measures to protect your data:

Technical Safeguards

  • Encryption: All data transmitted over HTTPS/TLS encryption
  • Password security: Passwords are hashed using bcrypt or similar algorithms
  • Database security: Access controls and encrypted connections
  • File storage: Uploaded PDFs stored with access controls

Operational Safeguards

  • Access controls: Limited employee access on a need-to-know basis
  • Login protection: Rate limiting, CAPTCHA, and account lockouts after failed attempts
  • Monitoring: Security event logging and intrusion detection
  • Regular updates: Security patches and vulnerability scanning

While we strive to protect your data, no method of transmission or storage is 100% secure. Please use a strong, unique password and enable any available security features.

12. Children's Privacy

Our Service is not intended for children under 13 years of age. We do not knowingly collect personal data from children under 13.

For users in the European Union, children under 16 require parental or guardian consent to use the Service.

If you believe we have inadvertently collected data from a child, please contact us immediately at privacy@jamkham.com and we will delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements.

We will notify you of material changes by:

  • Posting the updated policy on our website
  • Sending an email to your registered email address
  • Displaying a prominent notice within the Service

Material changes will take effect 30 days after notice. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

The "Last Updated" date at the top of this policy indicates when it was last revised.

14. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data protection rights, please contact us:

Data Protection Contact

JamKham (จำคำ)

Privacy Inquiries: privacy@jamkham.com

General Support: support@jamkham.com

Website: https://jamkham.com

We will respond to your inquiry within 30 days as required by GDPR.

GDPR Compliance

This Privacy Policy is designed to comply with the EU General Data Protection Regulation (GDPR) and other applicable data protection laws. If you have concerns about how we handle your data, you have the right to lodge a complaint with your local data protection authority.