01 Introduction
Welcome to Palmo Vista Mobile ("we," "us," or "our"), operated by Palmo Vista Tecnologia Ltda., headquartered in São Paulo, Brazil. We are the provider of the Palmo Vista Mobile gaming platform, accessible at palmovistaa.com and through our mobile applications available on Google Play Store and Apple App Store.
This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our Platform, including our website, mobile app, and any related services ("Services"). This policy applies to all users globally, with specific provisions for Brazilian users under the Lei Geral de Proteção de Dados (LGPD), and for users in other jurisdictions including the European Union (GDPR) and the United States (COPPA).
By accessing or using our Services, you acknowledge that you have read, understood, and agree to the terms of this Privacy Policy. If you do not agree, please discontinue use of our Services immediately.
We are committed to protecting your privacy and maintaining the trust you place in us. We process your data in accordance with applicable data protection laws and only for the purposes described in this policy. If you have any questions, please contact us at contato@palmovistaa.com.
02 Information We Collect
We collect information you provide directly, information collected automatically when you use our Services, and information from third parties. The categories of personal data we process include:
2.1 Information You Provide Directly
- Account Registration: Username, email address, password (hashed), date of birth, country of residence, and optional profile photo.
- Profile Information: Display name, avatar, gaming preferences, biography, and social links you choose to share.
- Payment Information: When you make purchases, payment data is processed by our PCI-DSS compliant payment processors. We store only the last 4 digits of your card, expiry, and billing name — never full card numbers.
- Communications: Messages you send to our support team, feedback forms, survey responses, and any correspondence with us.
- User-Generated Content: Reviews, ratings, comments, tournament entries, and any other content you post on the Platform.
2.2 Information Collected Automatically
- Device Information: Device model, operating system version, unique device identifiers (IDFA/GAID), screen resolution, language settings, and hardware specifications.
- Usage Data: Games played, time spent, features accessed, in-app purchases, achievement unlocks, tournament participation, and gameplay statistics.
- Log Data: IP address, browser type, referring URL, pages visited, click patterns, error logs, and timestamps of all interactions.
- Location Data: Approximate geographic location derived from IP address. We do not collect precise GPS location without explicit consent.
- Network Data: Connection type (Wi-Fi/cellular), internet service provider, and network performance metrics.
2.3 Information from Third Parties
- Social Login: If you sign in via Google, Apple, or Facebook, we receive your name, email, and profile picture from those providers, subject to their privacy policies.
- Analytics Partners: Aggregated and anonymized behavioral data from our analytics service providers.
- Fraud Prevention: Device reputation scores and risk signals from our fraud detection partners.
We process your personal data based on: (a) your consent; (b) fulfillment of a contract; (c) compliance with legal obligations; (d) our legitimate interests, when not overriding your rights; and (e) protection of life or physical safety. You may withdraw consent at any time.
03 How We Use Your Information
We use the personal data we collect to provide, improve, and personalize our Services, as well as to ensure the safety and security of our Platform. Specifically, we use your information for the following purposes:
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Account Creation & Management | Registration data, email, profile info | Contract performance |
| Delivering Gaming Services | Usage data, device info, account data | Contract performance |
| Personalization | Usage history, preferences, gameplay data | Consent / Legitimate interest |
| Tournament Management | Gameplay stats, username, scores | Contract performance |
| Payment Processing | Billing info, transaction history | Contract performance |
| Customer Support | Communications, account data, device info | Contract / Legitimate interest |
| Marketing & Promotions | Email, preferences, usage behavior | Consent |
| Analytics & Improvement | Aggregated usage data, feedback | Legitimate interest |
| Fraud Prevention & Security | Device data, IP, behavioral signals | Legal obligation / Legitimate interest |
| Legal Compliance | Any data required by law | Legal obligation |
We will not use your personal data for any purpose incompatible with those listed above without obtaining your prior consent or as otherwise required by law. You may opt out of marketing communications at any time by clicking "unsubscribe" in our emails or adjusting your account notification settings.
04 Data Sharing
We do not sell your personal data. We may share your information only in the following limited circumstances:
- Service Providers: Trusted third-party vendors who assist us in operating our Services (cloud hosting, payment processing, analytics, customer support tools, fraud detection). These parties access your data only as necessary to perform services on our behalf and are contractually bound to maintain confidentiality.
- Other Users (Public Profile): Your username, avatar, gaming achievements, and leaderboard scores are visible to other users as part of our social gaming features. You can adjust the visibility of your profile in account settings.
- Game Publishers: If you play games provided by third-party developers on our platform, your gameplay data (scores, time played, achievements) may be shared with those publishers for game functionality and analytics. These publishers have their own privacy policies.
- Business Transfers: In the event of a merger, acquisition, sale of assets, or bankruptcy, your data may be transferred as part of the transaction. We will notify you before your data is subject to a different privacy policy.
- Legal Requirements: We may disclose your information when required by law, court order, government request, or to protect our legal rights, prevent fraud, or protect the safety of users and the public.
- With Your Consent: We may share your data with other parties when you explicitly instruct us to do so (e.g., connecting to a third-party gaming service).
Our primary servers are located in Brazil. Some of our service providers may process data in other countries. When transferring data internationally, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) and adherence to ANPD guidelines for cross-border data transfers under the LGPD.
05 Cookies & Tracking Technologies
We use cookies, web beacons, pixels, local storage, and similar technologies to enhance your experience, analyze usage patterns, and deliver relevant content.
| Cookie Type | Purpose | Duration | Can Opt Out? |
|---|---|---|---|
| Essential | Session management, authentication, security | Session / 30 days | No (required) |
| Functional | User preferences, language, theme settings | 1 year | Yes |
| Analytics | Usage statistics, page views, performance monitoring | 2 years | Yes |
| Marketing | Targeted advertising, retargeting, conversion tracking | 90 days | Yes |
| Social Media | Social login buttons, sharing features | Session | Yes |
You can control cookie settings through our Cookie Preference Center (accessible via the cookie banner on first visit) or through your browser settings. Please note that disabling essential cookies may affect the functionality of our Services.
Our mobile app uses similar device-based tracking technologies including the Android Advertising ID (GAID) and Apple Advertising Identifier (IDFA). You can reset or opt out of ad tracking in your device settings at any time.
On mobile devices: Settings → Privacy → Advertising to reset your Advertising ID or opt out. On web: Visit our Cookie Preference Center or adjust your browser settings under "Privacy & Security."
06 Data Security
We take the security of your personal data seriously and implement industry-standard technical and organizational measures to protect it against unauthorized access, alteration, disclosure, or destruction.
- Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS 1.3 (Transport Layer Security), ensuring your information cannot be intercepted in transit.
- Encryption at Rest: Sensitive data stored in our databases — including passwords (bcrypt hashing), payment tokens, and personal identifiers — is encrypted using AES-256 encryption.
- Access Controls: Strict role-based access controls (RBAC) limit employee access to personal data on a need-to-know basis. All access is logged and audited.
- Infrastructure Security: Our servers are hosted in SOC 2 Type II certified data centers with physical security, redundancy, and automated intrusion detection systems.
- Regular Security Audits: We conduct quarterly penetration tests and annual third-party security audits. Our systems are continuously monitored for vulnerabilities.
- Incident Response: We maintain a documented incident response plan. In the event of a data breach affecting your rights, we will notify affected users and the Autoridade Nacional de Proteção de Dados (ANPD) within the timeframes required by law.
- Secure Development: Our engineering team follows secure coding practices (OWASP guidelines), with mandatory code reviews and security training for all developers.
While we implement strong security measures, no system is 100% secure. You are responsible for keeping your account credentials confidential, using a strong unique password, enabling two-factor authentication (2FA) where offered, and notifying us immediately if you suspect unauthorized access to your account.
Data Retention
We retain your personal data only as long as necessary to fulfill the purposes for which it was collected, or as required by applicable law. Upon account deletion, we will delete or anonymize your personal data within 90 days, except where retention is required for legal, regulatory, or legitimate business purposes (e.g., fraud prevention, tax records). Backup copies may persist for up to 180 days before being purged.
07 Children's Privacy
Protecting the privacy of minors is of paramount importance to us. Our Services are directed at users aged 13 and above (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal data from children under 13 years of age without verifiable parental consent.
Compliance with COPPA (USA)
In accordance with the Children's Online Privacy Protection Act (COPPA), we do not knowingly collect personal information from children under 13 in the United States without verifiable parental consent. If we discover that we have inadvertently collected such data, we will promptly delete it. Parents or guardians who believe their child has provided us with personal information without consent should contact us at contato@palmovistaa.com.
Compliance with LGPD Art. 14 (Brazil)
Under the Brazilian General Data Protection Law (Lei Geral de Proteção de Dados — LGPD), Article 14, the processing of personal data of children (under 12 years old) and adolescents (aged 12–18) must be carried out in their best interest. We require users to be at least 13 years old to register. For users aged 13–17:
- We request parental or guardian consent during registration for users in Brazil who identify as minors.
- We limit data collection for minors to what is strictly necessary for service provision.
- We do not serve behavioral advertising to users identified as minors.
- We do not share minors' data with third parties for marketing purposes.
- Parental consent may be revoked at any time by contacting us at contato@palmovistaa.com.
Parents and guardians can request access to, correction of, or deletion of their minor child's personal data. We also provide parental control features within the app, including spending limits, playtime restrictions, and communication filters. Contact us at contato@palmovistaa.com for assistance.
08 Your Rights
Depending on your location, you have various rights regarding your personal data. As a Brazilian user, you have rights under the LGPD (Art. 18). As an EU/EEA user, you have rights under the GDPR. We honor all applicable rights regardless of jurisdiction.
To exercise any of these rights, please submit a request through your account settings under "Privacy & Data" or contact us directly at contato@palmovistaa.com with the subject line "Data Subject Request." We will respond within 15 business days for LGPD requests and within 30 days for GDPR requests. If your request is complex, we may extend this period and will notify you accordingly.
Brazilian users may also file complaints with the Autoridade Nacional de Proteção de Dados (ANPD) at www.gov.br/anpd. We are registered with the ANPD and maintain a Data Protection Officer (DPO) in Brazil as required by the LGPD.
We will verify your identity before processing any data subject request to protect the security of your information. We may ask for identification documents or other information to confirm your identity.
09 Contact Information
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us using the information below. We have a dedicated Data Protection Officer (DPO) responsible for overseeing our privacy compliance.
Palmo Vista Tecnologia Ltda. — Privacy Team
São Paulo — SP, 01310-200
Brazil
We may update this Privacy Policy periodically to reflect changes in our practices or applicable law. When we make material changes, we will notify you by email (to the address associated with your account), through a prominent notice on our website or app, and by updating the "Last Updated" date at the top of this document. We encourage you to review this policy regularly to stay informed about how we protect your data.
v5.0 — May 2026: Full LGPD Art. 14 children's section, enhanced data retention schedule, new rights grid, DPO contact added.
v4.2 — Jan 2026: Updated for ANPD regulation changes, cookie preference center.
v3.1 — Jun 2025: Added COPPA compliance section, parental controls documentation.