NexSMM← Back to home

Privacy Policy

Last updated: 25 May 2025

NexSMM is committed to protecting your personal data. This Privacy Policy explains what information we collect, how we use it, and your rights — in compliance with Thailand's Personal Data Protection Act (PDPA) B.E. 2562.

1. Who We Are

NexSMM is operated as an individual business based in Thailand. Our website is https://nexsmm.co. For privacy-related enquiries, contact us at support@nexsmm.co.

2. Data We Collect

a) Account data

  • Name and email address (provided when you register)
  • Password (stored as a one-way hash — we never see your password in plain text)
  • Google account profile (if you sign in with Google OAuth)
  • API token (if you configure one)

b) Transaction data

  • Account balance and transaction history
  • Order history (platform, service name, quantity, status)
  • Payment records from Stripe (payment amount and timestamp — we do not store card numbers)

c) Technical data

  • IP address and browser type (collected by our server and third-party services)
  • Session tokens (stored in secure HTTP-only cookies)
  • User preferences such as currency selection and sidebar state (stored in your browser's localStorage)

3. How We Use Your Data

  • To create and manage your account
  • To process orders and payments
  • To calculate your rank and apply discount pricing
  • To send transactional emails (order confirmations, account notices)
  • To respond to support requests
  • To detect fraud and enforce our Terms of Service
  • To comply with legal obligations

We do not sell, rent, or share your personal data with third parties for their own marketing purposes.

4. Legal Basis for Processing

Under Thailand's PDPA, we process your data on the following bases:

  • Contract — processing necessary to provide the services you requested
  • Legitimate interest — fraud prevention, security, and platform improvement
  • Legal obligation — compliance with applicable Thai law
  • Consent — for optional features such as marketing emails (you may opt out at any time)

5. Third-Party Services

We use the following third-party services that may process your data:

ServicePurposeData shared
StripePayment processingName, email, payment amount
Google OAuthOptional sign-inName, email, profile photo
SupabaseDatabase hostingAll account & order data
MyMemory APIAuto-translation of service descriptionsService description text only

Stripe is PCI-DSS compliant. We never store your full card number, CVV, or expiry date.

6. Cookies & Local Storage

NexSMM uses the following browser storage:

  • Session cookie — keeps you logged in across pages. Expires when your session ends or after 30 days.
  • localStorage (theme) — remembers your light/dark mode preference.
  • localStorage (preferred-currency) — remembers your selected display currency.
  • localStorage (sidebar-collapsed) — remembers your sidebar layout preference.

We do not use third-party advertising cookies or tracking pixels.

7. Data Retention

  • Account data is retained for as long as your account is active.
  • Order history is retained for 3 years for accounting and dispute purposes.
  • If you request account deletion, we will remove your personal data within 30 days, except where retention is required by law.

8. Your Rights (PDPA)

Under Thailand's Personal Data Protection Act, you have the right to:

  • Access — request a copy of the personal data we hold about you
  • Rectification — correct any inaccurate data
  • Erasure — request deletion of your data ("right to be forgotten")
  • Restriction — ask us to pause processing of your data in certain circumstances
  • Portability — receive your data in a structured, machine-readable format
  • Objection — object to processing based on legitimate interest
  • Withdraw consent — at any time, where processing is based on consent

To exercise any of these rights, email us at support@nexsmm.co. We will respond within 30 days.

9. Data Security

We implement appropriate technical and organisational measures to protect your data, including:

  • Passwords hashed using bcrypt (never stored in plain text)
  • All data transmitted over HTTPS/TLS
  • Database access restricted to application servers only
  • Session tokens stored in secure, HTTP-only cookies

Despite these measures, no system is 100% secure. In the event of a data breach that affects your rights, we will notify you as required by the PDPA.

10. Children's Privacy

NexSMM is not intended for users under 18 years of age. We do not knowingly collect personal data from children. If you believe a child has registered, please contact us and we will delete the account promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated policy on this page with a new "last updated" date. Continued use of NexSMM after changes are posted constitutes acceptance of the updated policy.

12. Contact Us

For any privacy questions, data requests, or complaints, please contact: support@nexsmm.co