Privacy Policy

📖

1. Introduction

This Policy describes how the Renova application, operated by Neurolingo ("we"), collects, uses, stores, and shares your personal data.

We are committed to the Brazilian General Data Protection Law (Law No. 13,709/2018 – LGPD) and handle your data with transparency, security, and respect for your privacy.

By using Renova, you agree to the practices described here. If you do not agree, please do not use the app.

📊

2. What data we collect

We collect only what is necessary for the app to function:

Category	Data
Registration	Name, email, password (stored with cryptographic hash) or provider ID (Google/Apple/Facebook)
Content	Personal journal, "my reasons", community posts and comments
Usage	Streak, daily check-ins, lessons viewed, Focus Shield sessions
Device	Device ID, platform (iOS/Android), time zone, push notification token
Subscription	Subscription status (premium / trial), processed by RevenueCat
Diagnostic	IP address, app version, error logs (only in case of failure)

We do not collect: sensitive data (health, biometrics), precise location, contacts, gallery photos, or browsing history outside the app.

⚖️

3. Legal basis (LGPD Art. 7 and 11)

Each type of processing has a specific legal basis:

Purpose	Legal basis
Account creation and maintenance	Contract performance (Art. 7, V)
Journal, reasons, and personal progress	Consent (Art. 7, I)
Community and posts	Consent (Art. 7, I)
Push notifications	Consent (Art. 7, I)
Subscription billing	Contract performance (Art. 7, V)
Diagnostic and security logs	Legitimate interest (Art. 7, IX)
Fraud / abuse prevention	Legitimate interest (Art. 7, IX)

You can revoke your consent at any time by deleting your account in the app profile.

🎯

4. How we use your data

To provide and personalize app features (lessons, community, focus shield)
To authenticate you and protect your account
To send notifications related to your journey (only if you authorize)
To process your subscription and manage payments via App Store / Google Play / RevenueCat
To identify and fix technical issues
To comply with legal obligations and respond to authorities when required

We do not sell your data to third parties and do not use it for behavioral advertising.

🤝

5. Sharing with third parties

We share strictly necessary data with the following operators:

Operator	Purpose	Policy
Railway	Server and database hosting	View
Expo / EAS	OTA updates, push notifications, app builds	View
RevenueCat	Subscription management	View
Google / Apple / Facebook	Social login (only if you use it)	See respective provider policies

🌎

6. International transfer (LGPD Art. 33)

Some of our providers are based in the United States:

Railway (server + database) — USA
Expo / EAS — USA
RevenueCat — USA

These providers adopt security measures equivalent to or exceeding those required by the LGPD (encryption in transit and at rest, access control, tenant isolation). By using Renova, you are aware of and agree to this international transfer, pursuant to Art. 33, IX of the LGPD.

⏳

7. Retention period

Data	Period
Active account (any data)	As long as the account exists
Authentication tokens (refresh tokens)	180 days after issuance
Error / diagnostic logs	Managed by infrastructure (Railway), per provider retention policy
Deleted posts (soft delete)	90 days, then removed via hard delete
Account deleted by user	Removed immediately; backups expire within 30 days
Tax / billing data	5 years (legal obligation)

🛡️

8. Your rights (LGPD Art. 18)

You have the following rights over your personal data:

Right	How to exercise
Access (Art. 18, II)	Profile → Settings → "Download my data"
Correction (Art. 18, III)	Profile → "Edit profile"
Anonymization / blocking (Art. 18, IV)	Request via email (DPO below)
Portability (Art. 18, V)	"Download my data" — structured JSON format
Deletion (Art. 18, VI)	Profile → Settings → "Delete all data"
Information about sharing (Art. 18, VII)	See section 5 of this policy
Consent revocation (Art. 18, IX)	"Delete all data" or request from the DPO

We respond to requests within 15 days. You may also file a complaint directly with the National Data Protection Authority (ANPD).

🔐

9. Security

We adopt appropriate technical and administrative measures to protect your personal data against unauthorized access, loss, alteration, or improper disclosure, as required by Art. 46 of the LGPD.

For security reasons, we do not publicly disclose the specific details of our controls. These details are maintained in internal documentation and may be audited by the ANPD upon formal request.

In the event of a security incident that may pose a risk to data subjects, we will notify the ANPD and affected individuals within a reasonable timeframe, pursuant to Art. 48 of the LGPD.

🍪

10. Cookies

Neither the Renova mobile app nor our website uses cookies. Authentication is done via JWT tokens stored locally on the user's device, without any tracking, session, or analytics cookies.

👶

11. Children's privacy

Renova is not intended for children under 13 years of age. We do not knowingly collect data from children. If we discover that a child has provided us with data, it will be deleted immediately. Parents or guardians may contact us at any time.

🔄

12. Changes to this policy

We may update this policy periodically. Significant changes will be notified through the app. The date and version of the last update are shown at the top of this page.

✉️

13. Data Protection Officer (DPO) and contact

Pursuant to Art. 41 of the LGPD, we have designated a Data Protection Officer.

Data Protection Officer (DPO)

Maycon Aguiar — Neurolingo

Email for data subjects

[email protected]

Use this email to exercise any of your rights under the LGPD or to clarify questions about this policy.