Privacy Policy

MH Educação e Tecnologia LTDA, registered under CNPJ No. 38.660.685/0001-75, is responsible for the aicodingflow.com platform ("Platform"). We are committed to protecting the privacy and personal data of our users, in compliance with the Brazilian General Data Protection Law (Law No. 13,709/2018 — LGPD) and other applicable regulations.

This Privacy Policy describes how we collect, use, store, share, and protect the personal data of users who access and use the Platform, including guides, articles, courses, and related services offered through the aicodingflow.com domain.

By using the Platform, you acknowledge that you have read, understood, and agree to the practices described in this Policy. If you do not agree with any of the terms, we recommend that you refrain from using our services.

We collect the following categories of personal data:

• Registration data: name, email address, and password (stored in hashed format — never in plain text).
• Payment data: payments are processed entirely by Stripe. We do not store credit card numbers, CVV, or full card data. Stripe operates as a certified payment processor (PCI DSS Level 1), ensuring the security of this information.
• Usage data: pages visited, course and guide progress, device type, browser used, and IP address.
• Cookies: essential cookies (session and authentication), analytics cookies, and marketing/tracking cookies. See the "Cookies" section for more details.
• Newsletter: email address, when voluntarily provided for receiving content and updates.
• Community: data shared with the community platform used for social integration and support. The community platform is currently being defined (options include Discord, Skool, or a proprietary solution), and shared data will be limited to what is necessary for the offered functionality.

We use the collected personal data for the following purposes:

• Service delivery: provide and maintain the Platform, including access to guides, articles, courses, and other content.
• Payment processing: facilitate financial transactions securely through Stripe.
• Platform improvement: analyze usage patterns to enhance user experience, develop new features, and optimize performance.
• Communications: send transactional emails (purchase confirmation, password recovery, account updates) and marketing communications (news, promotions, and content), always with an opt-out option.
• Usage analysis: understand how users interact with the Platform to inform product and content decisions.
• Security: detect and prevent fraud, unauthorized access, and other malicious activities.

The processing of personal data is based on the following legal grounds provided by the LGPD:

• Contract performance (art. 7, V): account management, delivery of contracted services, and payment processing.
• Consent (art. 7, I): marketing communications, non-essential cookies (analytics and marketing), and newsletter subscription. Consent may be revoked at any time.
• Legitimate interest (art. 7, IX): Platform security, fraud prevention, continuous service improvement, and usage metrics analysis.
• Legal obligation (art. 7, II): maintenance of tax and fiscal records and compliance with regulatory obligations.

We may share personal data with the following third parties, exclusively for the purposes described in this Policy:

• Stripe: secure payment processing.
• Analytics provider: Platform usage analysis (e.g., Google Analytics, Vercel Analytics).
• Email service: sending transactional and marketing emails.
• Community platform: community features and user support.

We do not sell, rent, or trade our users' personal data. Sharing occurs only for the expressly stated purposes and with appropriate safeguards, including contracts ensuring data protection.

Some of our data processors (such as Stripe, analytics providers, and email services) may be located outside Brazil. In such cases, international data transfers are carried out in compliance with LGPD requirements, including:

• Standard contractual clauses ensuring an adequate level of protection.
• Verification that the destination country or international organization provides an adequate degree of personal data protection.
• Technical and organizational measures ensuring the integrity and security of transferred data.

Personal data is retained for the period necessary to fulfill the purposes for which it was collected:

• Account data: while the account is active and for the legally required period after closure.
• Payment records: 5 (five) years after the transaction, in compliance with tax and fiscal obligations.
• Access logs: 6 (six) months, as required by the Marco Civil da Internet (Law No. 12,965/2014).

After the retention period expires, data is deleted or irreversibly anonymized, making it impossible to identify the data subject.

As a personal data subject, you have the following rights guaranteed by the LGPD:

• Confirmation of the existence of data processing.
• Access to the personal data being processed.
• Correction of incomplete, inaccurate, or outdated data.
• Anonymization, blocking, or deletion of unnecessary or excessive data, or data processed in violation of the LGPD.
• Portability of data to another service or product provider.
• Information about public and private entities with which we share your data.
• Revocation of consent at any time, without affecting the lawfulness of processing carried out prior to revocation.
• Opposition to processing carried out under one of the consent waiver grounds, in case of non-compliance with the LGPD.

To exercise your rights, contact us at [email protected]. We will respond to your request within 15 (fifteen) days from the date of the request.

The Platform uses cookies to improve user experience, analyze traffic, and personalize content. A cookie is a small text file stored on your device by the browser.

You can manage or block cookies directly in your browser settings. Please note that disabling essential cookies may affect the Platform's functionality. For more information on how to manage cookies, consult your browser's documentation.

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, alteration, or destruction, including:

• Encryption in transit: all communications between your browser and the Platform are protected by HTTPS/TLS.
• Password hashing: passwords are stored using secure hashing algorithms (bcrypt or argon2), never in plain text.
• Restricted database access: access is limited to authorized personnel with appropriate permission controls.
• Regular security updates: we keep our infrastructure and dependencies updated with the latest security patches.

No method of electronic transmission or storage is 100% secure. While we strive to use commercially acceptable means of protection, we cannot guarantee absolute security. We take reasonable measures consistent with industry standards.

The Platform is intended for users aged 18 (eighteen) or older. Users between 16 (sixteen) and 17 (seventeen) years of age may use the Platform with verifiable consent from a parent or legal guardian.

We do not knowingly collect personal data from children under 16 (sixteen) years of age. If we become aware that data from a minor under 16 has been collected without proper consent, we will take the necessary steps to delete it from our systems.

This Privacy Policy may be updated periodically to reflect changes in our practices, services, or applicable legislation. Material changes will be communicated via email or through a prominent notice on the Platform.

Continued use of the Platform after changes are published constitutes acceptance of the new terms. We recommend that you review this Policy periodically to stay informed about how we protect your data.

For questions, requests, or complaints related to privacy and personal data processing, please contact us:

• Email: [email protected]

Data Controller: MH Educação e Tecnologia LTDA, CNPJ 38.660.685/0001-75.

Data Protection Officer (DPO): [email protected].

If you believe that the processing of your personal data violates the LGPD, you have the right to file a complaint with the National Data Protection Authority (ANPD).