Privacy Policy
Full transparency on how we collect, use, and protect your personal information in compliance with LGPD.
1. Information We Collect
1.1 Data You Provide Directly
When using Secret Santa Online, we collect information that you voluntarily provide to us:
- •Identification Data:
Full name, nickname, email address for account creation and group participation
- •Group Information:
Group name, event date, venue, gift price range
- •Participant List:
Names and email addresses of invited participants for the draw
- •Preferences & Wishes:
Gift suggestions, restrictions, personal tastes (optional)
- •Communications:
Messages exchanged within the platform, feedback, and support
1.2 Data Collected Automatically
When you access our website, certain information is collected automatically:
- •Browsing Data:
IP address, browser type and version, operating system, preferred language
- •Usage Data:
Pages visited, time spent, click patterns, traffic source
- •Cookies & Technologies:
Unique identifiers, saved preferences, session data
- •Analytics Data:
Information collected via Google Analytics and Google Tag Manager to improve our services
2. How We Use Your Information
✅ We Use It For
- • Creating and managing secret santa groups
- • Conducting fair and random draws
- • Sending draw notifications
- • Providing customer support
- • Improving our services
- • Analyzing usage patterns
- • Preventing fraud and abuse
- • Complying with legal obligations
- • Communicating important updates
❌ We Never Use It For
- • Selling your data to third parties
- • Sending unsolicited spam
- • Sharing without consent
- • Purposes other than those stated
- • Aggressive marketing
- • Invasive tracking
- • Behavioral profiling without permission
- • Harmful automated decisions
Legal Basis for Processing (LGPD)
We process your personal data based on the following legal grounds:
- Consent: For marketing and promotional communications
- Contract Performance: To provide our secret santa services
- Legitimate Interest: For improvements, security, and analytics
- Legal Obligation: To comply with applicable laws and regulations
3. Data Sharing
🔒 We NEVER sell your personal data to third parties
We only share your information when necessary to provide our services or when required by law.
With Group Participants
Within each secret santa group:
- • The organizer can see participants' names and email addresses
- • Each participant only receives the name of their assigned person
- • Gift preferences are shared only with the assigned secret santa
With Service Providers
We share data with trusted vendors:
- • Hosting: Vercel/AWS for secure storage
- • Email: SendGrid/AWS SES for notifications
- • Analytics: Google Analytics for usage analysis
- • Advertising: Google AdSense for monetization
- • Security: Cloudflare for DDoS protection
Legal Requirements
We may disclose information when required by law, court order, or to protect rights and safety.
5. Data Security
🔐 We implement robust technical and organizational measures to protect your data:
Technical Measures
- • SSL/TLS encryption on all connections
- • Encryption of sensitive data at rest
- • Firewall and DDoS protection
- • Regular and redundant backups
- • 24/7 security monitoring
- • Regular vulnerability testing
Organizational Measures
- • Restricted access based on the principle of least privilege
- • Regular LGPD training for staff
- • Confidentiality agreements
- • Documented security policies
- • Structured incident response
- • Periodic compliance audits
⚠️ Important: While we implement rigorous security measures, no method of transmission over the internet or electronic storage is 100% secure. We do our best to protect your information, but we cannot guarantee absolute security.
6. Data Retention
We retain your data only for as long as necessary to fulfill the purposes described in this policy:
Retained for up to 90 days after the event date
Archived after 1 year, deleted after 2 years of inactivity
Retained while the account is active or as required to meet legal obligations
Aggregated and anonymized after 26 months
According to applicable legal deadlines (generally 5 years for tax data)
7. Your Rights (LGPD)
In accordance with the General Data Protection Law (Law No. 13,709/2018), you have the following rights:
📋 Confirmation & Access
Confirm whether we process your data and access a copy of it
✏️ Correction
Correct incomplete, inaccurate, or outdated data
🗑️ Deletion
Request deletion of unnecessary or excessive data
📦 Portability
Transfer your data to another service provider
🚫 Objection
Object to processing in certain situations
↩️ Revocation
Revoke consent at any time
How to exercise your rights: Send your request to privacidade@sorteador.com.br with the subject "LGPD Rights". We will respond within 15 business days.
Additional Information About Your Rights
- • You can exercise your rights free of charge
- • We may request information to verify your identity
- • In complex cases, the deadline may be extended by an additional 15 days
- • You have the right to file a complaint with the ANPD (National Data Protection Authority)
8. Minors
Policy for Minors
Our service is not intended for children under 13 years of age.
13-18 years: Requires consent from parents or legal guardians
Under 13 years: We do not intentionally collect data from this age group
If we become aware that we have collected data from minors without proper consent, we will take steps to delete that information immediately. Parents or guardians may contact us regarding data about minors.
9. Advertising and Google AdSense
💰 Google AdSense
We use Google AdSense to display relevant ads on our website. Google may use cookies to:
- • Personalize ads based on your previous visits
- • Limit the number of times you see an ad
- • Measure the effectiveness of advertising campaigns
- • Prevent fraud and malicious activity
Privacy Options:
- • Disable personalized ads: Google Ad Settings
- • Opt out of advertising cookies: Digital Advertising Alliance
- • Google Privacy Policy: Privacy Policy
External Links and Partners
Our website may contain links to third-party sites. We are not responsible for the privacy practices of those sites.
💡 Tip: Always review the privacy policies of external websites before providing personal information.
10. Changes to This Policy
We may update this Privacy Policy periodically to reflect:
- • Changes in our data practices
- • New features or services
- • Changes in legislation
- • User feedback
How you will be notified:
- • Prominent notice on the website for significant changes
- • Email to registered users (for substantial changes)
- • Update of the "Last updated" date at the top of this page
We recommend reviewing this policy regularly. Continued use after changes constitutes acceptance of the modifications.
11. Contact and Data Protection Officer (DPO)
For questions about privacy, data protection, or to exercise your rights:
👤 Data Protection Officer
- DPO Email: privacidade@sorteador.com.br
- Response time: Up to 15 business days
- Hours: Monday to Friday, 9 AM to 6 PM
🏢 Company Information
- Legal Name: Sorteador.com.br
- Website: Sorteador.com.br
- General contact: contato@sorteador.com.br
ANPD - National Data Protection Authority: You can also file complaints directly with the ANPD if you are not satisfied with our response.
Privacy Agreement
By using Secret Santa Online, you acknowledge that you have read, understood, and agreed to this Privacy Policy and to the processing of your personal data as described.