Privacy Policy

1. Data Controller

PortuguesYa! (the "Academy") is responsible for processing personal data. You can contact us at privacy@portuguesya.com.

2. Data We Process

First name, last name, email, WhatsApp number, city, state/province and Portuguese level.

Technical metadata such as IP address, browser and access logs when necessary for security or basic analytics.

3. Purposes

Manage registration and participation in the workshop.

Send communications related to the activity and other educational news from the Academy.

Produce internal statistics to improve our courses and services.

Comply with legal obligations or requests from competent authorities.

4. Legal Basis

Explicit consent granted when submitting the form.

Legitimate interest in keeping participants informed about training activities.

Compliance with applicable legal obligations.

5. Retention

Data will be kept as long as necessary for the stated purposes and, at most, up to 24 months from the last interaction, unless a longer legal retention period applies.

Data may be anonymized for statistical purposes.

6. Recipients and Transfers

We rely on technology providers such as Supabase (database), Vercel (hosting) and email services. These third parties act as data processors under agreements that ensure confidentiality and security.

International data transfers to countries such as the United States may occur. We adopt recognized safeguards (e.g., Standard Contractual Clauses) to guarantee an adequate level of protection.

7. Data Subject Rights

You can exercise your rights of access, rectification, erasure, objection and portability by writing to privacy@portuguesya.com. Requests will be answered within the statutory deadlines.

You may also withdraw consent for marketing communications at any time by following the instructions in each message or contacting us directly.

8. Security Measures

We implement access controls, encrypted connections (TLS) and Supabase Row Level Security policies to protect data.

We perform periodic backups and maintain incident response procedures.

9. Children

The Service is intended for users aged 18 and older. If we learn that a minor has provided data without authorization, we will delete it immediately. Guardians may contact us to request removal.

10. Cookies

The site may use necessary cookies and, with prior authorization, analytics tools such as Vercel Analytics. Refer to our Cookies Policy for additional information.

11. Policy Updates

We may update this Policy to reflect regulatory or operational changes. We will post the new version on the site. Continued use implies acceptance of the current policy.