docs: Add complete PDPA-compliant legal pages and documentation

Legal Pages Updated:
✅ Privacy Policy - All 14 PDPA Section 36 requirements
  - Data controller information
  - Purpose of data processing
  - Types of data collected
  - Legal basis for processing
  - Data retention period
  - Data sharing & disclosure
  - Cross-border transfers
  - Automated decision making
  - Cookies & tracking technologies
  - 8 data subject rights
  - Security measures
  - DPO contact
  - Right to lodge complaint
  - Policy version & effective date

✅ Terms & Conditions - 17 comprehensive sections
  - Acceptance of terms
  - Services description
  - Intellectual property rights
  - User obligations
  - Data processing & PDPA compliance
  - Cookies & tracking
  - Limitation of liability
  - Indemnification
  - Termination conditions
  - Modifications to terms
  - Governing law (Thailand)
  - Dispute resolution
  - Contact information
  - Severability
  - Waiver
  - Assignment
  - Version & effective date

Documentation Added:
✅ .env.example - Environment variables template
✅ PDPA-COMPLIANCE.md - Complete compliance guide
  - Feature documentation
  - Configuration instructions
  - Deployment guide
  - Admin dashboard usage
  - Security recommendations
  - PDPA compliance checklist

All legal pages are in Thai language with professional terminology.

PDPA-COMPLIANCE.md

@@ -0,0 +1,174 @@
+# PDPA Compliance Guide - MoreMiniMore Website
+
+## ✅ Features Implemented
+
+This website is now **PDPA-compliant** with the following features:
+
+### 1. Cookie Consent System
+- **Component:** `src/components/consent/CookieBanner.astro`
+- **Features:**
+  - Accept All / Reject All buttons (equal prominence)
+  - Stores consent in localStorage
+  - Slides up from bottom on first visit
+  - Thai language with link to Privacy Policy
+  - Dispatches 'consentGiven' event for other components
+
+### 2. Conditional Analytics Loading
+- **Integration:** Umami Analytics
+- **Behavior:** Only loads when user accepts analytics cookies
+- **Implementation:** In `src/layouts/Layout.astro`
+
+### 3. Consent API Endpoints
+- **POST /api/consent** - Log new consent
+- **GET /api/consent** - Retrieve consent logs (admin)
+- **DELETE /api/consent/:sessionId** - Right to be forgotten
+
+### 4. Admin Dashboard
+- **URL:** `/admin/consent-logs`
+- **Features:**
+  - Password-protected access
+  - View last 100 consent records
+  - Statistics (total, acceptance rate, etc.)
+  - Delete individual records
+  - Export CSV (coming soon)
+- **Default Password:** `changeme` (MUST change in production!)
+
+### 5. Updated Legal Pages
+- **Privacy Policy:** All 14 PDPA Section 36 requirements
+- **Terms & Conditions:** 17 comprehensive sections
+- Both in Thai language with professional legal terminology
+
+## 🔧 Configuration
+
+### Environment Variables
+
+Create a `.env` file in the root directory:
+
+```bash
+# Copy from example
+cp .env.example .env
+
+# Edit with your values
+nano .env
+```
+
+**Required Variables:**
+```bash
+# Admin password (CHANGE THIS!)
+ADMIN_PASSWORD=your-secure-password-here
+
+# Database (for production)
+ASTRO_DB_REMOTE_URL=file:./data/consent.db
+```
+
+**Optional Variables:**
+```bash
+# Umami Analytics
+UMAMI_WEBSITE_ID=xxx-xxx-xxx
+UMAMI_DOMAIN=analytics.example.com
+```
+
+## 🚀 Deployment
+
+### Docker (Recommended)
+
+```bash
+# Build image
+docker build -t moreminimore:latest .
+
+# Run container
+docker run -d \
+  -p 80:80 \
+  -e NODE_ENV=production \
+  -e ASTRO_DB_REMOTE_URL=file:/app/data/consent.db \
+  -e HOST=0.0.0.0 \
+  -e PORT=80 \
+  -e ADMIN_PASSWORD=your-secure-password \
+  --name moreminimore \
+  moreminimore:latest
+```
+
+### Easypanel Auto-Deploy
+
+The website is configured for automatic deployment via Easypanel:
+
+1. Push changes to Gitea main branch
+2. Easypanel auto-builds (~3 minutes)
+3. New version deployed automatically
+
+**Environment Variables in Easypanel:**
+- Set all variables from `.env.example`
+- Use strong `ADMIN_PASSWORD`
+- Configure database if using remote SQLite/Turso
+
+## 📊 Managing Consent Logs
+
+### Access Admin Dashboard
+
+1. Navigate to: `https://your-domain.com/admin/consent-logs`
+2. Enter admin password
+3. View consent records
+
+### Export Data
+
+Click "Export CSV" button to download consent logs (feature in development)
+
+### Right to be Forgotten
+
+Users can request deletion by:
+1. Contacting: contact@moreminimore.com
+2. Admin deletes record via dashboard
+3. Or via API: `DELETE /api/consent/:sessionId`
+
+## 📝 PDPA Compliance Checklist
+
+### Before Going Live:
+
+- [ ] Change `ADMIN_PASSWORD` from default
+- [ ] Test cookie consent banner appears
+- [ ] Verify Umami loads only with consent
+- [ ] Review Privacy Policy for accuracy
+- [ ] Review Terms & Conditions for accuracy
+- [ ] Test admin dashboard access
+- [ ] Enable HTTPS (required for PDPA)
+- [ ] Set up regular backups
+
+### Ongoing Maintenance:
+
+- [ ] Review consent logs monthly
+- [ ] Update legal pages when laws change
+- [ ] Keep admin password secure
+- [ ] Monitor for consent withdrawals
+- [ ] Document data processing activities
+
+## 🔒 Security Notes
+
+### Current Implementation:
+- Client-side password check (development)
+- **Production should use server-side authentication**
+
+### Recommended Improvements:
+1. Add server-side session management
+2. Implement rate limiting on admin page
+3. Add IP whitelist for admin access
+4. Use HTTPS only
+5. Regular security audits
+
+## 📞 Support
+
+For questions about PDPA compliance or this implementation:
+- **Email:** contact@moreminimore.com
+- **Phone:** 080-995-5945
+- **Line:** @moreminimore
+
+## 📚 Resources
+
+- **PDPC Thailand:** https://www.pdpc.or.th
+- **PDPA Full Text:** https://www.pdpc.or.th/กฎหมายและกฎระเบียบ/พ.ร.บ.-คุ้มครองข้อมูลส่วนบุคคล/
+- **Umami Analytics:** https://umami.is/docs
+- **Astro DB:** https://docs.astro.build/en/guides/astro-db/
+
+---
+
+**Last Updated:** March 10, 2026  
+**Version:** 1.0.0