Privacy Policy
Last updated: May 19, 2026
This Privacy Policy applies to ludofun.com.br, our community platform os.ludofun.com.br/community, and other services operated by Ludofun Editora Ltda., in compliance with the Brazilian General Data Protection Law (Law 13.709/2018 — "LGPD"), which sets standards comparable to GDPR.
1. Data controller
Ludofun Editora Ltda.
- CNPJ: 05.636.992/0001-61
- Address: Alameda Afonso Schmidt, 119 — Conj. 11, São Paulo/SP, 02450-000, Brazil
- Email: contato@ludofun.com.br
Data Protection Officer (DPO): Rafael Verri — contato@ludofun.com.br
2. Data we collect
2.1 Account data
Name, email, phone (optional for newsletter; required for Player account). For B2B retailers: CNPJ (tax ID), legal name, addresses, business contact data.
2.2 Communication data
Messages sent via website forms and WhatsApp customer service.
2.3 Transaction data (B2B)
Order history, amounts, products, payment terms. Fiscal data needed for Brazilian electronic invoice (NFe).
2.4 Navigation data
IP address (hashed where applicable), user agent, pages visited, browsing time, referrer, cookies.
2.5 AI-generated data
When you interact with our WhatsApp support, messages may be processed by Anthropic Claude AI for classification and response generation.
2.6 Player community data
When you sign up to the community (/community), we collect:
Required identification
- Full name, email (unique), password (bcrypt-hashed)
- CPF (Brazilian individual tax ID) — stored as digits only, used solely to enforce one account per person and prevent fraud. Never displayed publicly nor shared with other operators
- Phone / WhatsApp — for account recovery and community notifications
- City — for local meetup and table suggestions
Public community profile
- Handle (
@name), display name, auto-generated avatar (initials + color), optional bio, earned title
Gameplay and activity data
- Self-reported game collection
- Match history (date, game, outcome, duration, score)
- Aggregated stats: level (XP), badges, win-rate, hours played, league rank
- Tables you created, joined, or watched
- Reactions, comments, ratings
User-generated content
- Game reviews, feed posts, table chat messages, invites sent/accepted, suggestions/feedback
Derived data
- Match scores with other games, personalized recommendations, ranking positions
2.7 Sensitive data
Ludofun does not request or store sensitive data (racial origin, religious belief, political opinion, union membership, health, sexual life, genetic or biometric data) as defined in LGPD art. 5º, II.
3. Legal bases
| Purpose | Legal basis |
|---|---|
| Newsletter, marketing | Consent |
| B2B order processing | Contract performance |
| Invoice issuance, fiscal compliance | Legal obligation |
| Customer support | Contract / legitimate interest |
| Analytics (minimal) | Legitimate interest |
| Game suggestions | Consent |
| Fraud prevention | Legitimate interest |
| Player account operation | Contract performance |
| CPF collection (one account per person) | Legitimate interest |
| Community features (chat, ranking, feed, tables) | Contract performance |
| Transactional Player communications | Contract performance |
4. Data sharing
We share data only with operators necessary for service delivery:
| Operator | Purpose | Location |
|---|---|---|
| Supabase | Database & authentication | USA |
| Vercel | Hosting | USA / global edge |
| Meta (WhatsApp Business API) | WhatsApp support | USA |
| Anthropic | AI processing of support | USA |
| Bling | Brazilian invoice issuance | Brazil |
| Resend / email providers | Transactional emails | USA |
We never sell your data.
Player data specifically: CPF and phone are never shared with operators other than the database (Supabase) and transactional email provider (Resend). We do not use this data for advertising profiling.
5. International transfer
Some operators process data outside Brazil. We ensure such transfers meet LGPD art. 33 requirements through certified operators (SOC 2, ISO 27001) and contractual safeguards.
6. Data retention
- Newsletter: until you unsubscribe
- B2B retailer account: while active + 5 years after closure (fiscal obligations)
- Orders / invoices: 5 years (Brazilian tax law)
- WhatsApp messages: 2 years from last interaction
- Navigation logs: 12 months
- Game suggestions: 3 years
- Active Player account: while account is active
- Player account inactive for 24+ months: warned by email; personal data (CPF, phone, email, IP) anonymized after 30 days. Public handle and aggregated stats may be preserved
- Player account closed by user: 30-day retention for reactivation, then permanent deletion (except fiscal records if any purchase exists)
- Table chat messages: 1 year after table ends; private tables may delete earlier
- Community feed posts: while account is active; deletable individually at any time
- Game reviews: preserved after account closure with author anonymized ("Removed player")
- Aggregated stats (historic rankings): preserved indefinitely without individual identification
7. Your rights (LGPD art. 18)
You may request:
- Confirmation of data processing
- Access to your data
- Correction
- Anonymization, blocking, or deletion of unnecessary data
- Portability to another provider
- Deletion of data processed under consent
- Information about data sharing
- Withdrawal of consent
- Objection to processing based on legitimate interest
- Review of automated decisions (including AI)
Contact contato@ludofun.com.br with subject "LGPD — [your right]". We respond within 15 business days.
Players may close the account anytime in /community/configuracoes, triggering the deletion flow described in Section 6.
8. Security
We use HTTPS/TLS encryption, bcrypt-hashed passwords, role-based access control (RBAC), Row-Level Security (RLS), audit logs, and security-certified operators. CPF and phone protected by strict RLS — only the player and authorized admins can read.
In case of incident, we notify the Brazilian Data Protection Authority (ANPD) and affected users as required by LGPD art. 48.
9. Children and minors
Player accounts require 18+ due to CPF collection and community nature. Minors cannot sign up. If identified, the account is closed and data deleted.
10. Mobile apps and games
Our mobile apps and games — such as Panda Rei — do not collect, transmit, or store any personal data on servers. Game preferences, statistics, achievements, and match progress are saved solely on the user's device and can be deleted at any time by removing the app. These apps require no sign-up or login, display no ads, and use no trackers, advertising identifiers, or analytics tools. Because no data is collected, no personal data related to these apps is shared.
11. Cookies
See our Cookie Policy.
12. Changes
We may update this Policy. Major changes will be emailed to registered users.
13. Contact
- Email: contato@ludofun.com.br
- Brazilian Data Protection Authority (ANPD): www.gov.br/anpd