Privacy Policy
Effective date: 02/19/2026 | Version: 1.2.1
This Policy describes how personal data is processed in CPlay Social HUB for service operation, security, metrics, and advertising, with primary focus on Brazil's General Data Protection Law (LGPD - Law No. 13,709/2018) and the European Union General Data Protection Regulation (GDPR - Regulation (EU) 2016/679), where applicable.
For the free modality, the service is funded by contextual advertising. Where personalized advertising or non-essential technologies are used, processing follows applicable legal bases and consent rules.
1. Controller and Contact
Controller: CPLAY LTDA (trade name: CPLAY), registered under CNPJ No. 60.661.726/0001-05, headquartered at Avenida Alvaro Otacilio, No. 3731, Sala 610, Cond. Jatiuca Trade Residence, Jatiuca, Maceio/AL, ZIP 57035-180, Brazil.
Data Protection Officer (DPO): Lucas Carneiro Rocha Leao, official contact email: lucas@cplay.com.br, for communications with data subjects, ANPD, and competent authorities, where applicable.
Corporate registration information may be verified in public databases and should be periodically reviewed to keep this policy updated.
2. Categories of Data Processed
Administrative authentication data, technical usage data, operational telemetry, and records required for security, auditing, and abuse prevention may be processed.
Depending on the feature used, technical session identifiers, widget interaction data, configuration information, and administrative panel operational data may also be processed.
3. Processing Purposes
Data is processed for service execution, access control, performance monitoring, application security, and compliance with legal obligations.
Data may also be used for fraud/abuse prevention, technical support, and contextual advertising operation in the free plan.
4. Legal Bases
Depending on the case and purpose, legal bases may include contract performance, legal/regulatory obligation, legitimate interest, and consent (especially for non-essential purposes, such as advertising personalization, when required).
Processing is limited to what is strictly necessary for each purpose, observing LGPD and GDPR principles, including necessity/minimization, adequacy, transparency, security, and accountability.
5. Data Sharing
Data is shared only when necessary to enable the platform and its integrations, under contractual obligations and security measures.
This may include infrastructure operators, authentication providers, database providers, and service providers strictly necessary for solution execution.
6. International Transfers
Where international transfer occurs, applicable legal mechanisms and appropriate safeguards are adopted according to current legislation.
7. Retention and Deletion
Data is retained for the period necessary to declared purposes and legal/regulatory requirements, with technical purge routines for temporary data.
Retention cycles consider operational necessity, security, and legal duties, with minimization and secure disposal.
8. Data Subject Rights
Data subjects may request access, correction, deletion where applicable, objection, and other rights provided by applicable law through official support channels.
Where applicable, rights include confirmation of processing, portability, information about sharing, review of automated decisions, and withdrawal of consent.
Requests can be made through CPlay official channels and will be handled according to legal deadlines and procedures in each jurisdiction (Brazil and European Union, where applicable).
9. Cookies and Similar Technologies
Use of cookies and similar technologies follows the Cookies Policy, distinguishing essential and non-essential items and preference controls where applicable.
10. Information Security
Technical and organizational measures are adopted to protect data, including access control, audit trails, privilege segregation, and operational monitoring.
Security measures are periodically reviewed to reduce risks of unauthorized access, leakage, alteration, or improper destruction of data.
11. Security Incidents
In case of incidents with relevant risk to data subjects, response and communication procedures required by applicable law will be followed, including communication to ANPD and data subjects when required.
12. Policy Updates
This policy may be periodically updated. The current version will always be published with effective date and revision history according to internal governance process.
13. Data Deletion Instructions
For app registrations requiring a data deletion URL, use the official instructions page:
Click Here(/data-deletion-instructions)