SÓ PITACO

1. Introduction

Welcome to the Privacy Policy of SÓ PITACO (hereinafter "Platform", "we", "our"). This policy describes how we collect, use, store and protect your personal information when you use our service.

By using our Platform, you agree to the practices described in this Privacy Policy. If you do not agree with any part of this policy, please do not use our services.

⚠️ Important: This is an entertainment platform exclusively dedicated to recreational predictions from people all over the world for matches and final podium results in SÓ PITACO. We do not conduct real money betting, do not reward participants and are not affiliated with any official football entity.

2. Data Controller

Platform:: SÓ PITACO
Website:: sopitaco.com
Privacy Contact:: Contact Form
Applicable Legislation:: LGPD (General Data Protection Law - Brazil)

3. Data We Collect

We collect only the data strictly necessary for the Platform to function. Below, we detail each category of information:

3.1. Registration and Authentication Data

✓ Name: For identification on the platform and rankings, and the registered name does not necessarily need to be the person's real name, it can be a nickname or how you prefer to be called
✓ Email: For login, password recovery and essential communications
✓ Password (encrypted): For account security
✓ Country: For regional rankings and statistics

🔒 Security: All passwords are encrypted using modern algorithms (bcrypt/Argon2) and are never stored in plain text.

3.2. Payment Data

✓ CPF (Brazilian Tax ID): Only when necessary for Brazilian payment processor (Asaas)
✓ Currency and transaction amount: For recording and control
✓ Transaction ID: Provided by payment processors
✓ Payment method: Provided by payment processors

Important: We do not store credit card details, banking information, or any other sensitive payment data. The CPF is transmitted in an encrypted manner through our servers to the payment processor Asaas, exclusively to enable the transaction. We do not store the CPF in our database after the payment process is completed. The transmission of this data through our server occurs securely via HTTPS/TLS and does not result in any permanent record.

All payments are processed securely through certified platforms:

• Stripe: PCI DSS Level 1 certified payment provider (highest security standard)
• Asaas: Brazilian financial platform regulated by the Central Bank of Brazil

3.3. Platform Usage Data

✓ Predictions and Forecasts: Your choices of results and podium
✓ Score: History of accumulated points
✓ Friend Lists: Groups created for competition among Premium friends
✓ Color Preferences: Visual customization of the interface

3.4. Technical and Security Data

✓ IP Address: For security and fraud prevention
✓ User Agent: Browser and device information
✓ Active Sessions: For login management across multiple devices
✓ Access Logs: Temporary records for diagnosing technical issues

🛡️ Security: This data is used exclusively for protection against unauthorized access, fraud and to improve platform stability.

4. Purpose of Data Use

We use your personal data exclusively for the following purposes:

4.1. Essential Platform Operation

→Create and manage your user account
→Authenticate logins and maintain secure sessions
→Record and calculate your predictions and score
→Display rankings and statistics
→Allow creation and management of friend lists
→Apply your customization preferences (colors, language)

4.2. Premium Payment Processing

→Process one-time payments for Premium access
→Confirm payment status
→Prevent fraud and improper chargebacks

4.3. User Communication

→Send two-factor authentication (2FA) codes via email
→Password recovery links
→Respond to contact form messages
→Notifications about upcoming matches (optional, browser only)

Important: We do NOT send promotional emails, newsletters or spam. All emails are transactional and essential for account operation.

4.4. Security and Fraud Prevention

→Detect and prevent unauthorized access
→Identify payment fraud attempts
→Monitor suspicious activities
→Comply with legal and regulatory obligations

4.5. Improvements and Performance Analysis

→Analyze aggregated and anonymous platform usage
→Identify and fix technical errors
→Improve user experience
→Develop new features based on feedback

5. Legal Basis for Data Processing

In accordance with LGPD (Law 13.709/2018), we process your data based on the following legal grounds:

Consent

By creating your account and accepting the Terms of Use and Privacy Policy, you consent to the processing of data necessary for platform operation.

Contract Execution

Data processing is necessary for the execution of the service contract established when you register on the platform.

Legitimate Interest

For security, fraud prevention and platform improvements, we base our processing on legitimate interest, always respecting your rights.

6. Data Sharing

WE DO NOT sell, rent or commercialize your personal data. We share information only in the specific situations below:

6.1. Payment Processors

To process Premium payments, we share minimum necessary data with:

Stripe (International)

Shared data: Name, Email, Amount

View Privacy Policy →

Asaas (Brazil)

Shared data: Name, Email, CPF, Amount

View Privacy Policy →

🔐 Security: All processors follow high security and compliance standards of the payment industry

6.2. Transactional Email Service

We use reliable email providers to send transactional messages (2FA codes, password recovery):

→PHPMailer via SMTP: Configured on secure servers
→Shared data: Only email and name for message delivery

6.3. Hosting Provider

Our database and files are securely hosted:

→Hostinger: Plan with SSL/TLS
→All data is encrypted in transit (HTTPS)
→Regular backups for data loss protection

6.4. Competent Authorities

We may share data when legally required by court order, regulatory authorities or to protect rights, property or security.

⚠️ Important: We do not share data with third parties for marketing, advertising or any purpose unrelated to platform operation.

7. Cookies and Tracking Technologies

We use cookies and similar technologies to ensure proper platform operation. All cookies are essential for the service and cannot be disabled.

Types of Cookies Used

7.1. Session Cookies (PHPSESSID)

Purpose: Keep you authenticated during browsing

Duration: Until closing the browser session

Essential: ✓ YES

Why it is essential: Without this cookie, you would be disconnected with every click and could not use the platform.

7.2. "Remember Me" Cookie (remember_token)

Purpose: Keep me signed in (optional)

Duration: During the tournament (if activated)

Control: You can uncheck "Keep me logged in" at login to not use this cookie.

7.3. Local Storage (LocalStorage)

Purpose: Save language preferences

Duration: Permanent (until manually cleared)

7.4. Customization Preferences (Database)

Purpose: Save custom theme colors

Premium Feature: Only Premium users can customize colors. Preferences are saved on the server and applied on any device.

7.5. Affiliate Cookies

Purpose: Maintain the referral active

Duration: Until the end of the affiliate program

Essential: ✓ YES

Why it is essential: Without this cookie, the affiliate who referred the platform does not qualify to receive the commission.

Important Warning about Cookies

•We DO NOT use third-party tracking cookies (Google Analytics, Facebook Pixel, etc.)
•We DO NOT share your browsing data with advertising networks
•All cookies are essential for basic platform operation
•By using the platform, you agree to the use of these necessary cookies

8. Data Storage and Retention

We keep your data for as long as necessary to provide our services and comply with legal obligations.

8.1. Data Location

→Main Server: Hostinger (data centers in Brazil)
→Database: MySQL with daily backups
→Encryption: SSL/TLS (HTTPS) in all communications
→Passwords: Bcrypt/Argon2 hash (irreversible)

8.2. Retention Periods

Data Type	Retention Period	Justification
Registration Data	Until account deletion	Service operation
Predictions and Score	Until account deletion	History and rankings
Payment Data	5 years after transaction	Tax and legal obligation
Security Logs	6 months	Incident investigation
Transactional Emails	During the tournament	Support and verification
Active Sessions	During the tournament or click Logout	"Remember me" feature
2FA Tokens	10 minutes	Temporary security

8.3. Data Deletion

When you delete your account (available in Control Panel), the following data is removed:

❌ Deleted Immediately

• Name and email
• Password (hash)
• Predictions and score
• Created friend lists
• Color preferences
• Active sessions

⏱️ Kept (Legal Obligation)

• Payment records (5 years)
• Tax data (CPF, if provided to Asaas)
• Minimal audit logs
• Accounts with improper chargebacks

*Kept anonymized whenever possible

Backup Policy

We perform daily backups for data loss protection. Backups are kept for 30 days and then permanently deleted. Data from deleted accounts remains in backups only during this period.

9. Your Rights (LGPD)

You have rights guaranteed by the General Data Protection Law (LGPD):

Right of Access

Request a copy of all personal data we hold about you.

How to exercise: Available in Control Panel or via contact form.

Right of Rectification

Correct incorrect or outdated personal data.

How to exercise: Edit directly in Control Panel or request via contact form.

Right of Erasure

Request complete deletion of your personal data.

How to exercise: "Delete Account Permanently" button in Control Panel (Risk Area). Except accounts involved in improper chargebacks, which await administrative and legal measures.

Right to Object

Object to data processing based on legitimate interest.

How to exercise: Contact us explaining your objection.

Right of Revocation

Revoke consent at any time.

How to exercise: Delete your account or contact us.

How to Exercise Your Rights?

1

Via Control Panel: Access "Control Panel" to edit data or delete account.

2

Via Contact Form: Send your detailed request through the form.

3

Response Time: We will respond within 15 business days (as per LGPD Art. 18, §3º).

4

Identity Verification: We may request additional information to confirm your identity.

Right to Complaint

If you believe your privacy rights have been violated, you can file a complaint with competent authorities:

Brazil (LGPD)

National Data Protection Authority (ANPD)

www.gov.br/anpd →

10. Data Security

The security of your data is our highest priority. We implement multiple layers of protection:

10.1. Technical Security Measures

Encryption

✓SSL/TLS (HTTPS): All communications encrypted
✓Bcrypt/Argon2: Passwords with irreversible hash
✓Secure Tokens: Cryptographic generation of 2FA codes

Authentication

✓2FA (Two-Factor Authentication): Codes via email
✓Session Management: Multiple device control
✓Temporary Tokens: Automatic expiration in 10 minutes

Database

✓Prepared Statements: SQL Injection protection
✓Input Validation: Sanitization of all data
✓Daily Backups: Recovery in case of incident

Fraud Prevention

✓IP Monitoring: Suspicious access detection
✓Rate Limiting: Protection against automated attacks
✓Chargeback Protection: Anti-fraud system in payments

Your Security Responsibilities

You also play a key role in the security of your account:

🔐Strong Password: Use passwords with 12+ characters, mixing uppercase and lowercase letters, numbers and symbols
🔒Do Not Share: Never share your password or 2FA codes with third parties
🚪Logout on Shared Devices: Always end session on public computers
📧Secure Email: Protect your email account, as it allows password recovery
⚠️Phishing: Beware of suspicious emails asking for password (we NEVER ask for password)

Data Breach Notification

In case of a data breach that poses a risk to your rights, we will notify you and competent authorities (ANPD/DPO) within the legal deadline of 72 hours, as required by LGPD.

11. International Data Transfers

As we use third-party services with global infrastructure, your data may be transferred to countries outside Brazil:

Countries and Guarantees Applied

Service	Country/Region	Guarantees
Hostinger	Global	Data centers with international security standards (e.g.: ISO 27001)
Stripe	Global	PCI DSS Level 1 certification for secure payment processing
Asaas	Brazil	Brazilian financial platform in compliance with LGPD and Central Bank regulation
Cloudflare	Global	CDN, DDoS protection, web application firewall (WAF) and HTTPS encryption

🛡️ Additional Protections

✓All partners are contractually obligated to comply with LGPD
✓Data always encrypted in transit and at rest
✓You maintain all rights guaranteed by LGPD regardless of data location

12. Privacy of Minors

📍 SÓ PITACO is an entertainment platform exclusively dedicated to recreational predictions, without involvement of real money betting or distribution of financial prizes.

•Minor Participation: As it is an entertainment activity without betting purposes, minors under 18 years old may participate on the platform.
•Free and Premium Access: Minors can use the free features or obtain Premium access (which unlocks extra features) through their parents or legal guardians.
•Payment Processing (Asaas): To contract Premium access, payments made via Asaas require a valid CPF. If the minor does not have their own CPF, the parent or guardian's data must be used to complete the transaction.
•Parental Responsibility: We recommend that parents or guardians monitor the platform use by minors. If a guardian wishes to request deletion of a minor's data, they can do so at any time through our contact form. Parents can also guide their own child to perform immediate deletion of all data through the Control Panel, using the Delete Account Permanently option.
•Minimal Collection: We maintain our commitment to collect only strictly necessary data (such as name/nickname and email) for technical operation and account security.

13. Changes to this Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or due to legal requirements.

How you will be notified::

1

Minor Changes (corrections, clarifications):

We will update the date at the top of this page

2

Significant Changes (new data uses):

We will notify with a prominent notice on the platform

3

Substantial Changes:

We will request new explicit consent before applying

💡 Recommendation: Review this policy periodically to stay informed about how we protect your data. Continued use of the platform after changes constitutes acceptance of the new conditions.

14. Contact and Data Protection Officer (DPO)

For questions, requests or complaints related to this Privacy Policy and the processing of your data:

Data Protection Officer (DPO)

For specific questions about data protection and exercise of rights (LGPD):

Contact DPO

Response Time

We will respond to your request within 15 business days, as established by Art. 18, §3º of LGPD. If more time is needed to process complex requests, we will notify you with justification.

Legislation and Related Documents

This Privacy Policy must be read together with our Terms of Use, which contain complete provisions regarding:

Applicable Legislation LGPD, Brazilian Internet Civil Framework (Marco Civil da Internet), Consumer Protection Code
Competent Jurisdiction and Dispute Resolution Applicable jurisdiction and mediation procedures
General Provisions Entire agreement, severability, assignment, and waiver
Available Languages Portuguese, English, and Spanish

View Full Terms of Use

📌 Legal Note: This Privacy Policy is governed by the same laws, jurisdiction, and general provisions established in the Terms of Use of SÓ PITACO.

Executive Summary

✅ What we DO:

• Collect only essential data
• Encrypt all communications
• Protect passwords with irreversible hash
• Offer 2FA authentication
• Respect all your LGPD rights
• Allow complete account deletion
• Notify about breaches within 72h

❌ What we DON'T do:

• Sell your data
• Use tracking cookies
• Send spam or marketing
• Store card data
• Share with advertisers
• Ask for password
• Distribute prizes of any kind or value

Your privacy is our priority. Questions? Contact us

Acceptance of this Policy

By using the SÓ PITACO platform, you acknowledge that you have read, understood and agree to the terms of this Privacy Policy.

Read Terms of Use Back to Previous Page

Privacy Policy