MewNam

Booking App — Privacy Policy

Last updated: June 2, 2026

This Privacy Policy explains how the MewNam product, operated by Space Salmon Co., Ltd. (a company registered in Thailand, Tax ID 0-1055-69100-32-5), referred to in this policy as “MewNam”, “we”, “us”, or “our”, and the venue operator that owns the tenant you are booking with (“Venue Operator”) collect, use, store, and share personal data when you use the MewNam booking app (the “Booking App”) and the supporting back-end services (collectively, the “Service”). The Booking App runs as a LINE LIFF experience inside LINE and is reachable through the Venue Operator’s LINE Official Account.

This policy covers both the LIFF front-end you interact with and the back-end servers, databases, and object storage that record your bookings, customer profile, and payment slips.

If you don’t provide required information. Some of the information below is required to make a booking. If you refuse to sign in with LINE, refuse to verify your phone number, or refuse to upload a payment slip, we may not be able to create or confirm your booking. You can use the Service without agreeing to any optional processing, but the required information cannot be skipped.

1. Roles under the PDPA

The Venue Operator is the data controller for personal data you submit when you make a booking with that venue (your name, phone, bookings, payments, and slip images). MewNam operates the Booking App on the Venue Operator’s behalf and acts as a data processor.

For technical operation of the platform — for example, managing the LIFF session, securing the API, and recording diagnostic logs — MewNam also acts as a controller of certain limited data (see section 6).

2. Information we collect

When you use the Booking App we collect the following:

  • LINE profile information — basic identifiers and profile information that LINE shares with us when you sign in with LINE.
  • Phone number — a verified Thai mobile number, used to identify you to the Venue Operator.
  • Booking and payment records — the bookings you make and any payment-slip images you upload.
  • Technical data — basic device and connection information needed to operate and secure the Service.
  • Activity records — a log of what happens to each of your bookings.

We do not collect your bank or card credentials, special-category personal data (such as health or biometric data), or your LINE password.

3. Why we use your personal data

We use the data described above to:

  • Authenticate your LIFF session and prevent unauthorised access to your bookings.
  • Verify your phone number using OTP, including rate-limit checks based on your phone number and IP address.
  • Create, modify, and cancel bookings, hold time slots while you complete payment, and verify or display payment slips.
  • Notify you about your bookings via LINE messages from the Venue Operator’s LINE Official Account and, where used, by SMS.
  • Help the Venue Operator deliver service to you (for example, recognising you on arrival, applying loyalty rules, or contacting you about a problem).
  • Detect, prevent, and respond to fraud, abuse, or security incidents.
  • Comply with legal obligations and respond to lawful requests from public authorities.

Where applicable law requires a legal basis, we rely on:

  • Performance of a contract — to make and manage your bookings and payments.
  • Legitimate interests — to operate, secure, and improve the Service, and to prevent fraud and abuse, balanced against your reasonable expectations.
  • Legal obligation — to retain financial records and respond to lawful requests.
  • Consent — where required by law for specific purposes (for example, marketing). You can withdraw consent at any time.

5. Sharing and sub-processors

We share your personal data with:

  • The Venue Operator that owns the tenant you booked with. They see the information necessary to fulfil your booking and handle that data in line with their own privacy notice.
  • Payment-slip verification provider — where the Venue Operator’s plan enables automatic slip verification, your payment-slip image and the booking amount are sent to a third-party slip-verification service to confirm the transfer. The provider returns a verification result and does not use your data for any other purpose.
  • Other service providers — we also use a limited set of carefully selected third-party providers to operate the booking app (including cloud hosting, object storage, messaging delivery, and error monitoring). Each is bound by a written agreement no less protective than this policy.

Your use of LINE itself — your profile settings, content you share inside LINE, and any data LINE collects independently of MewNam — is governed by LINE Corporation’s Privacy Policy. MewNam is not responsible for LINE’s independent processing.

We do not sell your personal data to third parties.

6. Data MewNam uses as a controller

Independently of the Venue Operator, MewNam processes a small set of operational data as a controller, including login attempts, OTP-rate-limit records, request logs, and aggregated usage statistics. This data is used solely to operate, secure, and improve the platform.

7. International transfers

The Service is primarily operated from data centres in the Asia-Pacific region. Some third-party providers may process limited data outside Thailand under data-protection safeguards recognised by Thai law. Your booking and payment data as an end-customer is not shared with our subscription-billing provider (Stripe) and stays within the Service’s primary Asia-Pacific path during routine processing.

8. Retention

  • Bookings and payments — retained for as long as necessary to operate the Service and the relationship with the Venue Operator, and for any longer period required by Thai tax or accounting law.
  • Slip images — retained for the lifetime of the underlying booking, plus any retention period required by law.
  • OTP and login data — kept for up to twelve (12) months for security investigations and abuse prevention. OTP codes themselves are deleted shortly after they expire or are used.
  • Aggregated, non-identifying analytics — retained indefinitely.

When data is no longer needed for the purposes above, we delete or anonymise it.

9. Your rights under the PDPA

Subject to the PDPA you have the right to:

  • access the personal data held about you;
  • correct inaccurate or incomplete data;
  • request erasure or anonymisation, where applicable;
  • restrict or object to processing in defined circumstances;
  • request data portability for personal data you have provided to us;
  • withdraw consent where processing is based on consent;
  • file a complaint with the Office of the Personal Data Protection Committee.

For booking-related data, please contact the Venue Operator first through their LINE Official Account; they are the data controller and best placed to act on your request. MewNam will assist the Venue Operator. For platform-level data that MewNam controls, contact us at support@mewnam.com.

10. Security

We follow industry-standard security practices to protect your personal data, including encrypted connections, secure database storage, one-time-code hashing, strict access controls and tenant isolation, rate limiting on phone-verification and login flows, short-lived signed URLs for slip-image access, and standard security response headers on every response. No system can be guaranteed to be perfectly secure, and you should report any suspected vulnerability to support@mewnam.com.

Breach notification. Where required by Thai data-protection law, MewNam will notify the Office of the Personal Data Protection Committee within seventy-two (72) hours of becoming aware of a personal-data breach that is likely to result in a risk to your rights and freedoms, and will notify you (or assist the Venue Operator to notify you) without undue delay where the breach is likely to result in a high risk.

11. Children

The Booking App is not directed at children under the age of fifteen (15). Customers between 15 and 20 confirm that they have their parent’s or legal guardian’s consent to use the Service and make payments. We do not knowingly collect personal data from younger children; if you believe we have, please contact us so we can delete it.

12. Cookies and similar technologies

The Booking App stores a short-lived booking authentication token in the browser’s local storage so that you do not need to re-verify your phone number for each request in the same session. We do not use third-party advertising or analytics cookies in the Booking App.

13. Changes to this policy

We may update this policy from time to time. The “Last updated” date at the top reflects the latest version. Material changes will be communicated through the Booking App or through the Venue Operator’s LINE Official Account before the change takes effect.

14. Contact

For privacy questions about the Booking App:

  • Email: hello@mewnam.com
  • For booking-specific data, contact the Venue Operator through their LINE Official Account.