Legal Document

Privacy Policy

📅 Last Updated: May 2026 🏴️ Effective Date: May 1, 2026 🏴 LGPD & COPPA Compliant

01 Introduction

Welcome to Palmo Vista Mobile ("we," "us," or "our"), operated by Palmo Vista Tecnologia Ltda., headquartered in São Paulo, Brazil. We are the provider of the Palmo Vista Mobile gaming platform, accessible at palmovistaa.com and through our mobile applications available on Google Play Store and Apple App Store.

This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our Platform, including our website, mobile app, and any related services ("Services"). This policy applies to all users globally, with specific provisions for Brazilian users under the Lei Geral de Proteção de Dados (LGPD), and for users in other jurisdictions including the European Union (GDPR) and the United States (COPPA).

ⓘ Your Consent

By accessing or using our Services, you acknowledge that you have read, understood, and agree to the terms of this Privacy Policy. If you do not agree, please discontinue use of our Services immediately.

We are committed to protecting your privacy and maintaining the trust you place in us. We process your data in accordance with applicable data protection laws and only for the purposes described in this policy. If you have any questions, please contact us at contato@palmovistaa.com.

02 Information We Collect

We collect information you provide directly, information collected automatically when you use our Services, and information from third parties. The categories of personal data we process include:

2.1 Information You Provide Directly

  • Account Registration: Username, email address, password (hashed), date of birth, country of residence, and optional profile photo.
  • Profile Information: Display name, avatar, gaming preferences, biography, and social links you choose to share.
  • Payment Information: When you make purchases, payment data is processed by our PCI-DSS compliant payment processors. We store only the last 4 digits of your card, expiry, and billing name — never full card numbers.
  • Communications: Messages you send to our support team, feedback forms, survey responses, and any correspondence with us.
  • User-Generated Content: Reviews, ratings, comments, tournament entries, and any other content you post on the Platform.

2.2 Information Collected Automatically

  • Device Information: Device model, operating system version, unique device identifiers (IDFA/GAID), screen resolution, language settings, and hardware specifications.
  • Usage Data: Games played, time spent, features accessed, in-app purchases, achievement unlocks, tournament participation, and gameplay statistics.
  • Log Data: IP address, browser type, referring URL, pages visited, click patterns, error logs, and timestamps of all interactions.
  • Location Data: Approximate geographic location derived from IP address. We do not collect precise GPS location without explicit consent.
  • Network Data: Connection type (Wi-Fi/cellular), internet service provider, and network performance metrics.

2.3 Information from Third Parties

  • Social Login: If you sign in via Google, Apple, or Facebook, we receive your name, email, and profile picture from those providers, subject to their privacy policies.
  • Analytics Partners: Aggregated and anonymized behavioral data from our analytics service providers.
  • Fraud Prevention: Device reputation scores and risk signals from our fraud detection partners.
🛈 Legal Basis for Processing (LGPD Art. 7)

We process your personal data based on: (a) your consent; (b) fulfillment of a contract; (c) compliance with legal obligations; (d) our legitimate interests, when not overriding your rights; and (e) protection of life or physical safety. You may withdraw consent at any time.

03 How We Use Your Information

We use the personal data we collect to provide, improve, and personalize our Services, as well as to ensure the safety and security of our Platform. Specifically, we use your information for the following purposes:

Purpose Data Used Legal Basis
Account Creation & Management Registration data, email, profile info Contract performance
Delivering Gaming Services Usage data, device info, account data Contract performance
Personalization Usage history, preferences, gameplay data Consent / Legitimate interest
Tournament Management Gameplay stats, username, scores Contract performance
Payment Processing Billing info, transaction history Contract performance
Customer Support Communications, account data, device info Contract / Legitimate interest
Marketing & Promotions Email, preferences, usage behavior Consent
Analytics & Improvement Aggregated usage data, feedback Legitimate interest
Fraud Prevention & Security Device data, IP, behavioral signals Legal obligation / Legitimate interest
Legal Compliance Any data required by law Legal obligation

We will not use your personal data for any purpose incompatible with those listed above without obtaining your prior consent or as otherwise required by law. You may opt out of marketing communications at any time by clicking "unsubscribe" in our emails or adjusting your account notification settings.

04 Data Sharing

We do not sell your personal data. We may share your information only in the following limited circumstances:

  • Service Providers: Trusted third-party vendors who assist us in operating our Services (cloud hosting, payment processing, analytics, customer support tools, fraud detection). These parties access your data only as necessary to perform services on our behalf and are contractually bound to maintain confidentiality.
  • Other Users (Public Profile): Your username, avatar, gaming achievements, and leaderboard scores are visible to other users as part of our social gaming features. You can adjust the visibility of your profile in account settings.
  • Game Publishers: If you play games provided by third-party developers on our platform, your gameplay data (scores, time played, achievements) may be shared with those publishers for game functionality and analytics. These publishers have their own privacy policies.
  • Business Transfers: In the event of a merger, acquisition, sale of assets, or bankruptcy, your data may be transferred as part of the transaction. We will notify you before your data is subject to a different privacy policy.
  • Legal Requirements: We may disclose your information when required by law, court order, government request, or to protect our legal rights, prevent fraud, or protect the safety of users and the public.
  • With Your Consent: We may share your data with other parties when you explicitly instruct us to do so (e.g., connecting to a third-party gaming service).
🌎 International Data Transfers

Our primary servers are located in Brazil. Some of our service providers may process data in other countries. When transferring data internationally, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) and adherence to ANPD guidelines for cross-border data transfers under the LGPD.

05 Cookies & Tracking Technologies

We use cookies, web beacons, pixels, local storage, and similar technologies to enhance your experience, analyze usage patterns, and deliver relevant content.

Cookie Type Purpose Duration Can Opt Out?
Essential Session management, authentication, security Session / 30 days No (required)
Functional User preferences, language, theme settings 1 year Yes
Analytics Usage statistics, page views, performance monitoring 2 years Yes
Marketing Targeted advertising, retargeting, conversion tracking 90 days Yes
Social Media Social login buttons, sharing features Session Yes

You can control cookie settings through our Cookie Preference Center (accessible via the cookie banner on first visit) or through your browser settings. Please note that disabling essential cookies may affect the functionality of our Services.

Our mobile app uses similar device-based tracking technologies including the Android Advertising ID (GAID) and Apple Advertising Identifier (IDFA). You can reset or opt out of ad tracking in your device settings at any time.

⚙ Managing Your Cookie Preferences

On mobile devices: Settings → Privacy → Advertising to reset your Advertising ID or opt out. On web: Visit our Cookie Preference Center or adjust your browser settings under "Privacy & Security."

06 Data Security

We take the security of your personal data seriously and implement industry-standard technical and organizational measures to protect it against unauthorized access, alteration, disclosure, or destruction.

  • Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS 1.3 (Transport Layer Security), ensuring your information cannot be intercepted in transit.
  • Encryption at Rest: Sensitive data stored in our databases — including passwords (bcrypt hashing), payment tokens, and personal identifiers — is encrypted using AES-256 encryption.
  • Access Controls: Strict role-based access controls (RBAC) limit employee access to personal data on a need-to-know basis. All access is logged and audited.
  • Infrastructure Security: Our servers are hosted in SOC 2 Type II certified data centers with physical security, redundancy, and automated intrusion detection systems.
  • Regular Security Audits: We conduct quarterly penetration tests and annual third-party security audits. Our systems are continuously monitored for vulnerabilities.
  • Incident Response: We maintain a documented incident response plan. In the event of a data breach affecting your rights, we will notify affected users and the Autoridade Nacional de Proteção de Dados (ANPD) within the timeframes required by law.
  • Secure Development: Our engineering team follows secure coding practices (OWASP guidelines), with mandatory code reviews and security training for all developers.
⚠ Your Responsibility

While we implement strong security measures, no system is 100% secure. You are responsible for keeping your account credentials confidential, using a strong unique password, enabling two-factor authentication (2FA) where offered, and notifying us immediately if you suspect unauthorized access to your account.

Data Retention

We retain your personal data only as long as necessary to fulfill the purposes for which it was collected, or as required by applicable law. Upon account deletion, we will delete or anonymize your personal data within 90 days, except where retention is required for legal, regulatory, or legitimate business purposes (e.g., fraud prevention, tax records). Backup copies may persist for up to 180 days before being purged.

07 Children's Privacy

✅ COPPA Compliant (USA) ✅ LGPD Art. 14 Compliant

Protecting the privacy of minors is of paramount importance to us. Our Services are directed at users aged 13 and above (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal data from children under 13 years of age without verifiable parental consent.

Compliance with COPPA (USA)

In accordance with the Children's Online Privacy Protection Act (COPPA), we do not knowingly collect personal information from children under 13 in the United States without verifiable parental consent. If we discover that we have inadvertently collected such data, we will promptly delete it. Parents or guardians who believe their child has provided us with personal information without consent should contact us at contato@palmovistaa.com.

Compliance with LGPD Art. 14 (Brazil)

Under the Brazilian General Data Protection Law (Lei Geral de Proteção de Dados — LGPD), Article 14, the processing of personal data of children (under 12 years old) and adolescents (aged 12–18) must be carried out in their best interest. We require users to be at least 13 years old to register. For users aged 13–17:

  • We request parental or guardian consent during registration for users in Brazil who identify as minors.
  • We limit data collection for minors to what is strictly necessary for service provision.
  • We do not serve behavioral advertising to users identified as minors.
  • We do not share minors' data with third parties for marketing purposes.
  • Parental consent may be revoked at any time by contacting us at contato@palmovistaa.com.
👤 Parental Controls

Parents and guardians can request access to, correction of, or deletion of their minor child's personal data. We also provide parental control features within the app, including spending limits, playtime restrictions, and communication filters. Contact us at contato@palmovistaa.com for assistance.

08 Your Rights

Depending on your location, you have various rights regarding your personal data. As a Brazilian user, you have rights under the LGPD (Art. 18). As an EU/EEA user, you have rights under the GDPR. We honor all applicable rights regardless of jurisdiction.

🔍
Right of Access
Request confirmation of whether we process your data and obtain a copy of all personal data we hold about you.
Right of Correction
Request correction of inaccurate or incomplete personal data we hold about you.
🗑
Right of Deletion
Request deletion of your personal data, subject to applicable legal retention requirements.
🔒
Right to Restrict Processing
Request that we restrict processing of your data under certain circumstances.
📄
Right to Data Portability
Receive a copy of your data in a structured, machine-readable format to transfer to another service.
🚫
Right to Object
Object to processing of your data for direct marketing or based on legitimate interests.
💡
Right to Withdraw Consent
Withdraw consent at any time where processing is based on your consent, without affecting prior processing.
🧡
Right to Non-Discrimination
Exercise your privacy rights without being subject to discriminatory treatment in service quality or pricing.

To exercise any of these rights, please submit a request through your account settings under "Privacy & Data" or contact us directly at contato@palmovistaa.com with the subject line "Data Subject Request." We will respond within 15 business days for LGPD requests and within 30 days for GDPR requests. If your request is complex, we may extend this period and will notify you accordingly.

🏴 LGPD — Brazilian Users

Brazilian users may also file complaints with the Autoridade Nacional de Proteção de Dados (ANPD) at www.gov.br/anpd. We are registered with the ANPD and maintain a Data Protection Officer (DPO) in Brazil as required by the LGPD.

We will verify your identity before processing any data subject request to protect the security of your information. We may ask for identification documents or other information to confirm your identity.

09 Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us using the information below. We have a dedicated Data Protection Officer (DPO) responsible for overseeing our privacy compliance.

Palmo Vista Tecnologia Ltda. — Privacy Team

Subject Privacy Policy / Data Protection Request
Address Av. Paulista, 1842, Bela Vista
São Paulo — SP, 01310-200
Brazil
Website palmovistaa.com
DPO Data Protection Officer — dpo@palmovistaa.com
Response Within 15 business days (LGPD) / 30 days (GDPR)

We may update this Privacy Policy periodically to reflect changes in our practices or applicable law. When we make material changes, we will notify you by email (to the address associated with your account), through a prominent notice on our website or app, and by updating the "Last Updated" date at the top of this document. We encourage you to review this policy regularly to stay informed about how we protect your data.

📋 Policy History

v5.0 — May 2026: Full LGPD Art. 14 children's section, enhanced data retention schedule, new rights grid, DPO contact added.
v4.2 — Jan 2026: Updated for ANPD regulation changes, cookie preference center.
v3.1 — Jun 2025: Added COPPA compliance section, parental controls documentation.