AngkorChat Privacy Policy

1. Introduction

Digital Angkor Co., Ltd. (hereafter referred to as 'the Company') collects personal information (hereafter referred to as 'Personal Information') in providing all its services, including products, applications, services, and websites (collectively, hereafter 'Company Services'). The Company considers the protection of Personal Information as one of its most important management tasks, especially as an internet content service provider. The Company commits to protecting Personal Information based on this Privacy Policy (hereafter 'this Policy'), complying with laws and regulations (collectively referred to as 'Applicable Laws') in the countries and regions where it operates.


This Policy explains what Personal Information the Company collects, how it uses and shares it, and how customers can manage their Personal Information.


Moreover, Company Services include services, products, advertisements, and content for other customers, provided by group companies (subsidiaries or affiliates of the Company), information sources, advertisers, ad delivery destinations, and other partners (collectively, with group companies, referred to as 'Partners').


2. Scope of This Policy

This Policy applies to all Personal Information collected by the Company, regardless of the country or region.


2-1. Scope of Application

This Policy applies to all Personal Information collected by the Company.

The Company may apply specific individual privacy policies, terms of use, or additional provisions to this Policy (collectively referred to as 'Individual Policies') for certain services. Individual Policies explain what Personal Information is collected for that specific service, how it is used and provided, and other policies applicable to that service. In case of any contradiction between Individual Policies and this Policy, Individual Policies will prevail.

In the application of this Policy, the Company acts as the data controller.


2-2. Policies Applied

The Company processes Personal Information according to this Policy, within the limits allowed by Applicable Laws.

In cases where this Policy is provided in multiple languages, the Khmer version applies to customers in Cambodia, and the English version applies in other countries or regions, within the limits allowed by Applicable Laws.


3. Types of Personal Information Collected

The Company lawfully and fairly collects the following types of personal information:


  • Personal information provided by customers

  • Personal information related to the use of services

  • Other personal information lawfully collected by the Company, including information collected from third parties


If customers do not provide certain information required for the provision of Company Services, they may be unable to use all or part of the Services.

To better protect customer privacy, we may collect and use information using technologies such as federated learning or differential privacy.

Examples of collected personal information include:


3-1. Specific Examples of Personal Information Provided by Customers

The Company collects personal information from customers when they input information through devices or through written media. This includes:


  • Telephone numbers, email addresses, etc., when creating an account

  • Identification documents provided for verification purposes

  • Customer profile information (including profile image, screen name, status message, search ID), which, except for the parts set to private by the customer, can be public and accessible to other customers or third parties

  • Address book information from devices. For example, in the communication app AngkorChat, customers can upload their device's address book and automatically add others as friends within the service. The Company accesses phone numbers in the address book only if this function is enabled by the customer. These numbers are used only for friend auto-addition, friend recommendation suggestions, and preventing misuse.


3-2. Specific Examples of Personal Information Related to Service Use

The Company collects information about customer activities when using Company Services, as well as information related to the devices used and how they are used. This includes:


  • Service usage status

  • Location information

  • Information about apps, browsers, and devices


3-2-1. Service Usage Status

The Company automatically collects information about when and how customers use the Services. This includes dates and times of using each service provided by the Company, search and its results within the services, purchased services, and usage status of various services or features such as viewed, tapped, or clicked content or advertisements.

For example, texts, images, videos, and audio messages posted or sent using AngkorChat are transmitted via the Company’s servers. External information about how customers interact, such as content recipients, data format, and posting timestamps, are also recorded on the servers. URLs tapped or clicked within the service are also recorded.

The Company does not typically use the content of messages or other content transmitted between customers and specific recipients, except for transmission purposes. However, in Cambodia and other specific services, the Company may use some of this information for purposes such as providing and maintaining services, development and improvement, preventing misuse, and providing optimized content including advertisements, subject to additional consent from customers.


3-2-2. Location Information

The Company collects location information from devices for purposes such as providing location-based content, finding other customers nearby within the service, sharing location information, and providing optimized search results. If location transmission is not permitted in the device settings, location information is not transmitted.

In some countries or regions, comprehensive location information may be requested separately to provide tailored content or advertisements, such as local news near the customer's current location. Customers can set the provision and scope of location information in the settings.

The Company may also estimate the approximate location of customers using information such as IP addresses, even if location transmission is not permitted.


3-2-3. Information about Applications, Browsers, Devices, and Network

The Company collects information about the devices, browsers, and applications used by customers, including advertising identifiers, cookie IDs, type of device, OS, language and timezone settings, type of browser, application version, and network information like telecom operator names and IP addresses.


3-3. Specific Examples of Personal Information Collected from Third Parties

The Company may collect personal information from third parties, including Partners. This includes:


3-3-1. Personal Information Collected by Group Companies

The Company may collect personal information about customers according to the terms and policies of group companies. Please refer to each service for the privacy policy applicable to services provided by group companies.


3-3-2. Personal Information Collected from Partners

The Company may collect personal information from partners. This includes information collected independently by partners operating their services and information collected from partners operating services affiliated with Company Services, such as official AngkorChat accounts and AngkorChat logins.

Additionally, the Company may collect customer-related identifiers (internal identifiers, advertising identifiers, etc.), one-way encrypted (hashed) email addresses or phone numbers, IP addresses, device information (OS, etc.), attribute information, purchase history, viewing history, search history, and location information from partners for purposes stated in '4. Purposes of Using Personal Information,' such as message delivery, advertising transmission, measuring advertising effectiveness, and providing statistical information.


3-3-3. Personal Information Uploaded by Other Customers

There are cases where the Company collects information, including personal information of third parties, uploaded by a customer when using the Company Services.


4. Purposes of Using Personal Information

The Company uses the personal information collected (including personal information collected since the start of the Company Services and all personal information collected by third parties) for the following purposes:


  • Provision and maintenance of Company Services

  • Development and improvement of Company Services

  • Security, fraud prevention, and response

  • Optimization of Company Services for customers


The Company uses personal information to provide services to customers, assist in research and development for offering better and more secure services, and provide more relevant services to customers, including advertisements. This usage includes managing and utilizing internal service identifiers assigned to customers, partner identifiers, advertising identifiers (including Identifier for Advertising (IDFA) and Google Advertising ID (AAID), and other various identifiers, and one-way encrypted (hashed) email addresses or phone numbers.


Additionally, the Company collects information from partners for purposes stated in '4. Purposes of Using Personal Information,' such as message delivery and advertising transmission, measuring advertising effectiveness, and creating and providing statistical information. This information includes identifiers (internal identifiers, advertising identifiers, etc.), hashed email addresses or phone numbers, IP addresses, some device information (OS, etc.), attribute information, purchase history, viewing history, search history, and location information related to customer behaviors. When the Company collects personal information, it notifies or informs customers of the usage purposes within the range required by applicable laws (including notices related to personal information processing through this Policy).


The collected personal information is not processed beyond the scope of the stated purposes or without customer consent, except as permitted by applicable laws. The Company also takes appropriate measures to prevent usage for purposes other than those stated.


However, notwithstanding the above, when the Company receives personal information from third parties, if there are separate stipulations regarding the usage purposes of that personal information, the Company uses it according to those stipulations within the limits allowed by applicable laws.


Examples of personal information usage purposes include:


4-1. Specific Examples for Provision and Maintenance of Company Services

The Company uses necessary information for providing services, responding to inquiries, participating in campaigns, and notifications related to the Company and partner services. For instance, the Company uses personal information for the following purposes:


  • Verifying customer identity when logging in or changing devices, using services requiring identity verification, or responding to customer inquiries;

  • Transmitting messages or content, and conveying the status of transmitted messages;

  • Setting and publicizing profiles, using registration information to search for other customers, or allowing searches in AngkorChat;

  • Billing and payment processing for product purchases or paid services;

  • Checking and responding to customer inquiries about their usage of Company Services;

  • Awarding points based on purchased products;

  • Delivering campaign prizes or purchased products to specified delivery addresses;

  • Important announcements related to Company Services, such as terms revisions, service suspensions, feature changes;

  • Automatically displaying customer information for purchases;

  • Generating suitable sentences or images based on input content to support customer usage of Company Services.


4-2. Specific Examples for Development and Improvement of Company Services

The Company uses personal information for the development and improvement of Company Services to provide better services, products, and content in the future. For instance, the Company uses personal information for the following purposes:


  • Analyzing customer attributes, service user numbers, viewership, advertisement views or clicks sent by the Company or partners, and using this information for service development and improvement;

  • Creating statistical models and improving services based on service usage;

  • Understanding the frequency of use of each tab in the application and improving screen design;

  • Conducting surveys related to current or future Company Services;

  • Developing and improving models for generating new information or content (sentences, images, audio, etc.) in services that generate sentences based on customer input.


4-3. Specific Examples for Security, Fraud Prevention, and Response

The Company uses personal information to provide customers with recommended content, including advertisements. For instance, the Company uses personal information for the following purposes:


  • Sending recommended information to customers, such as recommended products or news articles, based on gender and purchase history;

  • Measuring the effectiveness of sent advertisements;

  • Sending and transmitting official AngkorChat account messages and surveys by combining customer identifiers (internal identifiers, advertising identifiers, etc.) and hashed phone numbers and email addresses collected from partners with the Company's personal information.

Additionally, in Cambodia, the Company uses personal information to send recommended content, including optimized advertisements. This includes:

  • Sending information related to facilities, tourist spots, coupons, etc., through official AngkorChat accounts, relevant to the customer's current location;

  • Introducing events and discount coupons near the customer's current or frequently visited locations;

  • Displaying advertisements related to websites visited by the customer;

  • Sending advertisements from the Company or third parties based on service usage history, such as official AngkorChat account friends added, purchased products, frequently used Company Services, content posted, and recent search terms, to estimate attributes such as gender, age group, and interests;

  • Sending advertisements from the Company or third parties using personal information like birthdays, phone numbers, and email addresses as keys (including advertisements sent on third-party services);

  • Providing advertisements by combining customer-related identifiers (internal identifiers, advertising identifiers, etc.), hashed phone numbers and email addresses, some device information (OS, etc.), and IP addresses collected from partners with the Company's personal information;

  • Measuring the effectiveness of provided advertisements using identifiers (internal identifiers, advertising identifiers, etc.), hashed phone numbers and email addresses, and IP addresses collected from partners;

  • Creating statistical information and providing it to partners by combining customer-related identifiers (internal identifiers, advertising identifiers, etc.), hashed phone numbers and email addresses, attribute information, and usage records, including purchase and viewing history, with the Company's service usage status, including advertising access records.

Digital Angkor provides features in its communication app, AngkorChat, that allow customers to manage and control their personal information, such as checking and editing their public profile and information, including phone numbers and email addresses. Customers can refer to the following for items they can check themselves:

[Home]>[More]>[Settings]>[Account]>[Change Phone Number]

[Home]>[More]>[Settings]>[Account]>[Edit Profile]

[Home]>[More]>[Settings]>[Privacy and Security]>[Two-Step Verification]


4-4. Regarding Personal Information of Customers Related to AngkorChat

The Company primarily seeks consent from customers when processing personal information related to AngkorChat. However, within the limits allowed by applicable law, processing can be based on any of the following legal grounds:

For example, for the provision and maintenance of Company Services, development and improvement of Company Services, and for security and fraud prevention, personal information can be processed based on the legal ground of legitimate interests (5).

  1. When necessary for the performance of a contract to which the customer is a party, or to take steps at the customer's request prior to entering into a contract;

  2. When necessary for compliance with a legal obligation to which the Company is subject (such as complying with a disclosure order under laws from governmental agencies);

  3. When necessary to protect the vital interests of the customer or another individual;

  4. When necessary for the purposes of preventing, investigating, or addressing illegal activities or suspicions thereof;

  5. When necessary for the legitimate interests pursued by the Company or a third party, to the extent that it does not infringe on the rights, interests, and freedoms of the customer (including operation or system improvement, fraud prevention, security maintenance, marketing, research, etc.);

  6. When necessary for public interest or for archiving historical documents, or for conducting research or statistics with appropriate security measures.


5. Disclosure of Personal Information

The Company does not provide, disclose, or share personal information with third parties, except with the customer's consent or as recognized by applicable laws. However, in cases such as those described from 5-1 to 5-4, the Company may provide personal information to third parties. Recipients include trustees and group companies located in countries or regions other than the customer's residence.

For smooth service provision, trustees and group companies may be added as recipients in the future. The Company cannot specify all the countries or regions where personal information might be provided in the future, but if third parties located in additional countries or regions become recipients, the Company will notify customers through this Policy.


5-1. Disclosure by the Individual

Public information, such as posts or comments accessible to unspecified or multiple customers, and publicly set profile information, becomes accessible to third parties other than the customer. Due to the nature of digital data, such information can be copied, stored, or disseminated by viewers, potentially leading to unintended third-party access. When setting profile information or posting on Company Services, customers should be careful about the content and scope of disclosure.

The Company may provide publicly available customer information to third parties, which can then be posted on their services. The Company ensures that recipients comply with personal information protection systems in their countries.


5-2. Business Outsourcing

The Company may outsource some tasks necessary for the provision of Company Services (e.g., infrastructure construction and operation, development, payment, delivery, customer support) to third parties. In such cases, the Company entrusts all or part of personal information to trustees, including companies located in the following countries or regions. These trustees access only the minimum necessary personal information for performing their tasks and do not use personal information beyond the scope of the outsourced tasks.

The Company ensures that trustees comply with the personal information protection systems in their countries, reviews their eligibility as trustees, and stipulates confidentiality obligations in contracts to establish a proper personal information management system.


5-3. Joint Use Among Group Companies

The Company jointly uses the personal information mentioned in '3. Types of Personal Information Collected' among group companies located in the following countries or regions. For example, group companies may refer to information registered with Company Services to simplify account creation for their services.

The purpose of joint use is the same as the usage purposes stated in '4. Purposes of Using Personal Information,' but for joint use, 'Company' refers to the group companies of the Company, and 'Company Services' refers to services provided by group companies.


5-4. Business Succession

In the event of a corporate transaction such as acquisition, merger, or change of business entity related to the Company's business covered by this Policy, personal information may be transferred to the business successor within the limits allowed by applicable law.


5-5. Provision of Company Services, etc.

In the following cases, within the limits allowed by law, the Company may provide personal information to third parties, including partners, excluding direct identifiers like names, addresses, detailed location information, or message contents of AngkorChat:


  • When necessary for the provision or quality improvement of Company Services (including advertising and promotional activities related to Company Services);

  • When necessary for the consideration of new services by the Company;

  • When necessary for fraud prevention;

  • When providing to research institutions for investigation, research, or analysis.

For example, when adding an official AngkorChat account as a friend or conversing with it, or entering a group/chat room involving an official AngkorChat account, the minimal necessary information such as internal identifiers assigned to customer accounts and language settings are transmitted to facilitate the provision of smooth Company Services.

For some services or features on behalf of partners, customers may be asked to provide additional personal information like email addresses or phone numbers. In such cases, additional consent is requested before customers provide this information to those operators.

Additionally, personal information processing by partners follows the terms and policies established by each recipient. The Company ensures that recipients comply with personal information protection systems in their countries.


5-6. Compliance and Cooperation with Public Authorities

The Company may disclose personal information to law enforcement agencies, courts, or other third parties in accordance with applicable law, following legal procedures like warrants, or in urgent situations such as imminent threats to life or property, like suicide or bomb threats.


6. Management of Personal Information Security

The Company strives to manage the collected personal information appropriately and has established a basic policy. Organizational, personal, physical, and technical stringent security measures are in place. To continually and consistently improve personal information protection, the Company will review and improve its internal regulations in accordance with changes in applicable laws and social norms.

The Company generally retains most of the customer information unless a customer requests account deletion. Upon such a request, the Company retains the information for a certain period and then deletes it in accordance with applicable laws and internal regulations.


6-1. Security Measures

To respect and protect privacy and personal information confidentiality and prevent unauthorized access, the Company implements strict organizational, personal, physical, and technical security measures. These measures include industry-standard security management to prevent unauthorized access, disclosure, misuse, alteration, and destruction of personal information.

For example, the Company implements measures such as:


  • Providing message encryption features

  • Strict access control based on the principle of necessity

  • 24/7 security monitoring

  • External certification to objectively evaluate security measures

  • Research and development of new security technologies


The Company does not provide means for unauthorized access to personal information to third parties.

However, no method of electronic transmission or storage is completely secure, and the Company cannot guarantee absolute security during transmission and storage within its systems.

Customer cooperation and understanding are essential to protect privacy and personal information confidentiality. Customers should not share passwords or use the same password as other services. If a customer suspects unauthorized use of their account or other security breaches, they should contact the Company through the inquiry form.


6-2. Personal Information Storage Location

The Company stores customer personal information in the AWS Singapore data center.


6-3. Personal Information Retention Period

The Company collects and retains personal information to provide requested services, achieve the purposes outlined in this Policy, and comply with applicable laws.

The Company retains most customer personal information unless a request for account deletion is made. After the account deletion, the Company retains personal information for a certain period for purposes such as:


  • Responding to inquiries

  • Dispute resolution and billing

  • Detecting and preventing misuse or abuse of Company Services

  • Compliance with laws or regulations set by financial exchanges

The Company has established personal information retention periods based on criteria such as:

  • Texts, images, videos, and voices sent in customer chat rooms are retained for a minimal period and then automatically deleted from the Company servers.

  • Information collected for limited purposes is promptly deleted after a reasonable period once the purpose is achieved.

  • If a customer explicitly expresses a wish to retain information, the Company respects this and may retain personal information for an extended period.

  • The Company retains personal information in accordance with applicable laws and regulations.

The Company may also retain personal information in a form that does not identify individuals after the retention period set by applicable laws and internal regulations.


7. Customer Choices Regarding Personal Information

Customers have rights regarding their personal information processed by the Company, as recognized by applicable law. These include the right to access, request correction, delete, restrict processing, withdraw consent, port data, confirm whether data is being processed, and request a review of automated decisions.

The Company endeavors to provide features on Company Services that allow customers to manage their personal information, such as profile editing, settings for collection, use, and sharing of information, and managing the scope of post visibility, opt-outs for advertisements, and account deletion. Customers should regularly check and update any outdated or inaccurate information.

For example, the Company provides features such as:

  • Checking and changing AngkorChat public profile information and AngkorChat ID settings

  • Checking and changing phone numbers and email addresses, deleting email addresses

  • Allowing other customers to contact the customer using the customer's AngkorChat ID

  • Allowing other customers who already have the customer's phone number to contact the customer through AngkorChat

  • Automatically adding contacts from the device's address book

  • Allowing friends to view personal information related to the customer

  • Viewing, deleting, and downloading service usage history by the customer

If customers cannot access certain personal information on Company Services or wish to request disclosure, correction, deletion, or exercise other rights recognized by applicable law, they should contact the Company through the 'Personal Information Disclosure Procedure.'

The Company will respond to customer inquiries within a reasonable period after verifying the customer's identity, in accordance with relevant laws. If customers wish to send inquiries in writing, they should refer to the postal address information below.

However, the Company may not respond to customer requests in certain cases recognized by law, such as:

  • If disclosure may harm life, body, property, or other rights and interests

  • If disclosure significantly hinders the proper execution of Company business

  • If disclosure violates laws

  • If the Company cannot verify that the disclosure request is from the customer

  • If the Company is legally justified in refusing the request

If a customer no longer wishes to use Company Services or withdraws consent for the processing of personal information necessary for providing Company Services, they may choose to delete their entire account. However, withdrawal of consent does not affect the legality of processing based on consent before its withdrawal.

For inquiries or concerns about personal information use, please contact the Company through the inquiry form.

The Company may charge a fee for processing requests according to separately established procedures, except where not recognized by applicable law.


8. Other Important Information

This Policy is subject to change. The latest version of the Privacy Policy is always posted on the site you are viewing, so please check the latest content that applies to you.

For significant changes, the Company will notify customers in an easy-to-understand manner.


8-1. Child Privacy

Company Services are generally aimed at the general public. If a child customer uses Company Services to provide personal information, it should be done with the consent of a legal guardian. Customers declare and warrant that they have the necessary legal capacity and competence to use Company Services, or in the case of a child, that they are using the Services with the consent of a guardian. Some Company Services have age restrictions where service cannot be used if a certain age cannot be verified.

The Company recognizes the need for higher privacy protection for personal information collected from Cambodian children (under 12 years old) and does not intentionally collect personal information from children. If it is believed that the Company is collecting personal information from children in these countries or regions, please contact the Company through the email inquiry form or the postal address below. If the Company inadvertently collects personal information from children in these countries or regions, it will take reasonable measures to invalidate the related account and promptly delete such personal information from its records.


8-2. Contact Information

Except as mentioned elsewhere, the Company acts as the data controller for personal information collected through the services covered by this Policy. For inquiries about this Policy, questions, grievances, consultations, opinions about personal information processing in services, please contact the Company through email inquiry or the postal address below.


Digital Angkor Co., Ltd.

Attn: Privacy Policy

Address: 3F, 630A, NR No.2, Toul Roka, Chak Angre Kroam, Meanchey, Phnom Penh, Cambodia.

Privacy Officer: Jason Oh

Chief Privacy Governance Officer


8-3. Changes to the Privacy Policy

This Policy may change at any time, and the latest version is always posted on the site you are viewing. For significant changes, the Company will notify customers through notifications in the service in an easy-to-understand manner. Please check the latest content of the Privacy Policy thoroughly.

If a customer does not agree with the changes and no longer wishes to use our services, they may close their account. Continued use of our services after changes are notified or published constitutes acceptance of the changes and consent to the amended Policy. Additionally, if required by law, the Company will seek customer consent.


Digital Angkor Co., Ltd.

CEO – Jason Oh

Effective as of December 1, 2023