At JohnCode (hereinafter referred to as "we", "us" or "our"), we are committed to protecting the data of our customers and stakeholders. This privacy policy describes our security measures, data processing practices and compliance with the relevant data protection regulations, including the General Data Protection Law (LGPD) of Brazil and requirements for partners of various e-commerce platforms and integrations.
The data controller responsible for your personal data is:
We collect and process various types of personal data for specific purposes. The legal basis for processing depends on the context of data collection and the purpose it serves.
| Category / Type of Data | Purpose of Processing | Legal Basis (LGPD) | Source |
|---|---|---|---|
| Contact Information (e.g., Name, Email, Phone) | To create and manage your account; To communicate with you; To provide customer support; To fulfill orders. | Performance of a contract (Art. 7, V); Legitimate interest (Art. 7, IX). | Directly from you; E-commerce platforms / Integration partners (e.g., TikTok Shop). |
| Identification Data (e.g., CPF, Order IDs from integrated platforms) | To comply with legal obligations; Fraud prevention; To process transactions. | Compliance with legal or regulatory obligation (Art. 7, II); Performance of a contract (Art. 7, V). | Directly from you; E-commerce platforms / Integration partners (e.g., TikTok Shop). |
| Technical Data (e.g., IP Address, Device Information) | To ensure the security of our services. | Legitimate interest (Art. 7, IX). | Collected automatically when you use our services. |
We may share your personal data with third-party service providers (processors) to help us operate our business and provide our services. We ensure that these processors follow strict data protection standards.
We may also share data if required by law or to protect our rights and interests.
Our organization maintains a published information security policy that is regularly reviewed and updated. This policy addresses key security domains, including but not limited to:
For more details, you can review our Information Security Policy.
We implement comprehensive data protection measures, including:
We maintain a comprehensive incident response policy with clearly defined roles and responsibilities, as well as established incident reporting and communication channels. In case of a data breach or security incident, we follow a structured approach to contain, investigate, and remediate the issue.
We have a notification process in place to alert customers, the National Data Protection Authority (ANPD), and affected parties about suspected or identified data breaches, in accordance with applicable laws and regulations (e.g., within a reasonable timeframe, such as 72 hours for ANPD and affected users, where feasible and required by law).
We maintain transparency regarding the countries where personal data is physically stored or processed. Our internal personal data protection policy is regularly updated to reflect current regulations and best practices.
All your personal data is stored and processed exclusively on servers located in Brazil, specifically in the São Paulo region of Oracle Cloud. We do not perform international transfers of your personal data.
We take all necessary measures to ensure that your data is treated securely and in accordance with this privacy policy and applicable data protection laws.
Under the LGPD, you have several rights regarding your personal data. We are committed to upholding these rights. You can:
To exercise these rights, please contact us through our Data Subject Request Portal or by sending an email to our DPO at joaocarlos.m015@gmail.com. We will respond to your request within the legally prescribed timeframe (e.g., 15 days from the date of your request, as per the LGPD).
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. Specific retention periods include:
At the end of the applicable retention period, or upon your valid deletion request, we will securely delete or anonymize your personal data. For more detailed information, please see our complete Data Retention and Deletion Policy.
Our services are not directed at individuals under the age of 18 (or the applicable age of majority). We do not knowingly collect personal data from minors. If we become aware that we have inadvertently collected personal data from a minor without verifiable parental consent, we will take steps to promptly delete such information. If you believe we may have any information from or about a minor, please contact our DPO.
We do not use automated decision-making processes, including profiling, that could have legal or similarly significant effects on you. Currently, we do not employ automated decision-making or profiling that produces legal effects concerning you or similarly significantly affects you.
As a partner of various e-commerce platforms and service providers, we are committed to fulfilling our contractual obligations regarding data processing. We will, upon request from such partners or their users (e.g., sellers on a platform), promptly delete, export, or otherwise assist with user data as stipulated in the relevant Data Processing Addenda or agreements (e.g., Art. 5 or equivalent clauses).
If you believe your data protection rights have been violated, you have the right to file a complaint with Brazil's National Data Protection Authority (ANPD). You can find more information on their website: https://www.gov.br/anpd. We encourage you to contact us first so that we can try to address your concerns.
This privacy policy may be updated periodically to reflect changes in our practices or regulatory requirements. We encourage you to review this policy regularly to stay informed about our data protection practices. We will indicate the date of the last update at the top of this policy. For significant changes, we may also notify you by other means, such as by email.
We do not currently use cookies, web beacons, tracking pixels, or any similar tracking technologies on our website or in our services. We do not collect or store information about your browsing behavior through such technologies.
Our website does not implement any third-party tracking scripts, social media pixels, or analytics SDKs that might collect user data. This means we do not track your online activities across other websites or services.
If our practices change in the future, we will update this policy accordingly and notify you of significant changes before implementing any tracking technologies.