# Mun (มั่น) > AI-native healthcare-compliance platform for Thai clinics, aesthetic clinics, dental clinics, medical labs, and hospitals. Mun helps facilities comply with Thailand's PDPA (พ.ร.บ.คุ้มครองข้อมูลส่วนบุคคล พ.ศ. 2562) and healthcare regulations, generate compliance documents, and never miss statutory deadlines. ## What Mun does - น้องมั่น copilot: answers PDPA + healthcare-regulation questions in Thai, always grounded in a cited, versioned rule-base (never invents law). - Document generator: privacy policy, patient consent form (s.26-compliant), and ROPA as branded PDFs. - Breach-triage: 72-hour s.37(4) notification countdown + draft PDPC notice. - Compliance calendar: ส.พ.7 (10-year), ส.พ.19 (2-year), annual fee, HA, ISO 15189, มาตรา 38 ad approval, OAP/RSO. - Tamper-evident audit ledger; staff PDPA training + certificates. ## Key Thai PDPA facts (grounded in primary sources) - Sensitive data (health) is governed by มาตรา 26; explicit consent required unless an exemption applies. - Personal-data-breach notification to the PDPC is due within 72 hours of awareness (มาตรา 37(4)); max administrative fine THB 3,000,000. - Administrative fine tiers: มาตรา 82 up to THB 1,000,000; มาตรา 83 up to THB 3,000,000; มาตรา 84 up to THB 5,000,000 (statutory maximum per violation). - A DPO is generally required where the core activity is processing sensitive data (มาตรา 41) — no minimum data-subject threshold on that limb. - Facility license ส.พ.7 renews on a 10-year cycle (มาตรา 19); operator license ส.พ.19 on a 2-year cycle (มาตรา 28). - As of 2026-07-05 exactly one Thai healthcare provider has been fined (a private hospital, THB 1,210,000, Aug 2025); every PDPC fine to date included a s.37(4) 72-hour breach-notification failure. ## Pages - / — Thai landing page + free น้องมั่น widget - /en — English overview ## Contact Operated by TecTony. This content is a compliance aid, not specific legal advice.