Privacy & data protection.

1. What this website collects

netapprove.sran.net is an informational marketing site. It does not require accounts, does not run third-party advertising, and does not sell or share data with marketers. We collect only:

• Anonymous request logs (IP address, user agent, referrer, timestamp) retained for up to 30 days for security and abuse prevention.
• Aggregated, non-identifying traffic counts to understand which pages are read.
• One client-side preference (your light/dark theme) stored in your browser’s localStorage. It never leaves your device.

We do not use third-party tracking cookies, pixels, fingerprinting, or social-media trackers on this site.

2. Cookies & consent

If you click Accept in our consent banner, you allow us to count your visit in our anonymized analytics. If you click Reject, only the strictly necessary preference (theme) is kept. You may change your choice at any time by clicking the Privacy & Cookies link in the footer.

3. Lawful basis (PDPA / GDPR)

Processing on this website is based on (a) legitimate interest in operating a corporate website and protecting it from abuse, and (b) explicit consent for any optional analytics, in accordance with PDPA Sections 24 and 26 and GDPR Articles 6(1)(a) and 6(1)(f).

4. Your rights as a data subject

Under PDPA and GDPR you have the right to: access, rectification, erasure (“right to be forgotten”), restriction of processing, data portability, objection, and the right to withdraw consent at any time without affecting prior lawful processing.

To exercise any of these rights, contact our DPO at dpo@sran.net. We will respond within 30 days. You may also lodge a complaint with the Office of the Personal Data Protection Committee (PDPC), Thailand.

5. Data protection in the Netapprove product

For organizations evaluating or deploying the Netapprove platform itself:

• On-premises by default. The sensor and analytics lake run inside your own environment. Your network telemetry is not shipped to SRAN servers.
• Read-only ingestion. Netapprove receives traffic via SPAN or TAP, never injects, modifies, or replays packets.
• Encryption. Data at rest is encrypted with keys managed in your environment; data in transit between sensor, lake, and UI uses TLS 1.3.
• Access control. Three-role RBAC baseline (Administrator, Support, Read-Only), append-only signed audit log for every action.
• No remote access by SRAN. SRAN engineers do not log into customer instances. Support is delivered via screen-share or customer-initiated remote sessions, with the customer recording.
• PII minimization. The product captures network metadata, not packet payloads, by default. Optional payload retention is opt-in and scoped per protocol.

6. International transfers

This website is hosted in Thailand. We do not transfer personal data outside of Thailand for marketing purposes. If a customer chooses to deploy Netapprove in a region outside their primary jurisdiction, all transfer mechanisms (SCCs, BCRs, adequacy) are configured by the customer; SRAN provides the controls but does not move data.

7. Retention

Web request logs: up to 30 days. Aggregated analytics: up to 12 months. Theme preference: until you clear your browser storage. Customer-environment data is governed by the customer’s own retention policy; SRAN holds no copy.

8. Security

This site runs over HTTPS (TLS 1.3, HSTS). The Netapprove product follows ISO/IEC 27001 controls and is mapped against NIST CSF 2.0, CIS Controls v8, and PCI DSS v4.0.1 where applicable. See the Compliance page.

9. Contact

This summary is provided for transparency and does not constitute legal advice. We may update this page; the effective date above always reflects the current version.