Privacy Policy

Version 1.1 · Effective as of April 25, 2026

Bóbr Academy is an independent project operated by Mauricio Lassakoski ("we", "our"). We are committed to protecting your privacy and transparently handling your personal data.

This Privacy Policy explains what data we collect, why we collect it, how we use it, and what your rights are, in compliance with the General Data Protection Law (LGPD – Law No. 13.709/2018), the General Data Protection Regulation (GDPR), and other applicable legislation.

1. Data Controller

The party responsible for processing your personal data is:

Mauricio Lassakoski (individual)
Project: Bóbr Academy
Location: Brazil
Email: bobracademy@gmail.com

For questions or requests related to your data, please contact the email above.

2. Data We Collect

We only collect the minimum data necessary to provide and operate the service.

Account and Authentication Data

  • Name and display name
  • Email address
  • Profile picture URL
  • Authentication provider (Google, Facebook, or Apple)
  • Email verification status
  • Country (when provided)

Usage and Learning Data

  • Answered exercises and timestamps
  • Progress and performance
  • Onboarding status
  • Account creation date and last login

Technical Data

  • IP address and browser information (collected automatically for operation and security)
  • Session tokens for authentication

We do not collect or store passwords directly. Authentication is handled by external providers.

We also do not collect financial data — payments, when applicable, are processed by third parties.

3. Legal Basis for Processing

We process your data based on the following legal grounds:

  • Performance of a contract: to create and maintain your account and provide the service
  • Legitimate interest: to improve the service, ensure security, and prevent fraud (based on an assessment that considers your fundamental rights and freedoms)
  • Legal obligation: to comply with legal and regulatory requirements
  • Consent: when applicable (e.g., optional communications)

4. How We Use Your Data

We use your data to:

  • Create and manage your account
  • Record and display your learning progress
  • Personalize your experience
  • Ensure the safe and reliable operation of the platform
  • Send essential communications (e.g., security, access)
  • Analyze aggregated and anonymized data to improve the service
  • Comply with legal obligations

We do not use automated decision-making that produces significant legal effects concerning you.

5. Third-Party Authentication

When using login via Google, Facebook, or Apple, these providers may collect and process your data according to their own privacy policies.

We have no control over how these providers handle your data outside of our application. We recommend that you consult these policies directly.

6. Data Sharing and International Transfers

We do not sell your personal data.

We only share data with essential suppliers for the operation of the service, such as:

  • Supabase (database and authentication)
  • Vercel (hosting and application execution)

These services may operate on servers outside Brazil, including the United States.

When an international transfer occurs, we adopt appropriate protection measures, such as Standard Contractual Clauses or equivalent safeguards.

7. Data Security

We adopt appropriate technical and organizational measures to protect your data, including:

  • Data encryption in transit (HTTPS/TLS)
  • Restricted access control
  • Secure authentication via OAuth
  • Data protection in the database

These measures are periodically evaluated and updated.

Despite this, no system is completely secure. In case of suspected misuse, please contact us.

8. Data Retention

We keep your data only for the necessary time:

  • Account data: until account deletion
  • Usage data: until account deletion
  • Legal/tax data: as required by law (including applicable legal timeframes)
  • Anonymized data: may be kept indefinitely

Accounts that remain inactive for long periods may be deactivated upon prior notice.

9. Your Rights

You can, at any time:

  • Confirm whether we process your data
  • Access your data
  • Correct incomplete or inaccurate data
  • Request deletion or anonymization
  • Request data portability
  • Withdraw consent
  • Object to processing in certain situations
  • Request information about data sharing

You can exercise these rights through the application or via the provided email.

We will respond within the applicable legal timeframes.

10. Account Deletion

You can delete your account directly through the application.

After deletion:

  • Your personal data will be removed or anonymized
  • Data may be retained only when necessary for legal compliance

11. Cookies and Similar Technologies

We only use essential cookies and session tokens necessary for:

  • Authentication
  • Application operation

These cookies are used based on the necessity to provide the service.

We do not use tracking or advertising cookies.

12. Children's Privacy

The service is not intended for children, as defined by applicable law.

If we identify inappropriate collection of data from minors, we will take steps to remove it.

13. Regulatory Authority

In Brazil, you can contact the National Data Protection Authority (ANPD).

In the European Union, you can contact your local data protection authority.

14. Changes to this Policy

This Policy may be updated periodically.

We will notify you of relevant changes through the application or by email.

15. Contact

For any questions about this Policy or your data:

📧 bobracademy@gmail.com

Support this project