Privacy Policy

1. Who we are

This Policy describes how Tipo Horta ("we", "us") handles personal data of users of the Lipé app (the "Service"). Tipo Horta acts as the controller of personal data collected through the Service, in accordance with Brazilian LGPD (Law 13.709/2018) and, where applicable, the GDPR.

2. Data we collect

We do not store card data. Payments are processed by Paddle (see section 5).

• Account and profile: name, email, hashed password, avatar photo and optional bio.
• Generated content: progress photos, journal notes, protocol responses and meal-plan preferences.
• Support messages: content of interactions with our team.
• Usage and telemetry: pages visited, click events, device identifiers, IP address and technical logs.
• Subscription: status, plan, start/end dates and identifiers provided by the payment processor.

3. What we use your data for

• Create and maintain your account and provide the Service (contract performance).
• Personalize meal plans, protocol and recommendations (contract performance).
• Send essential transactional emails — welcome, confirmations, password reset (contract performance).
• Prevent fraud, abuse and security violations (legitimate interest).
• Improve the product through aggregated analytics (legitimate interest).
• Comply with legal, tax and regulatory obligations (legal obligation).
• Marketing communications — only with your consent, revocable at any time.

4. Legal basis

We process your data based on: contract performance (providing the Service), legitimate interest (security and product improvement), consent (marketing and non-essential cookies) and compliance with legal obligations (tax and accounting records).

5. Who we share with

We do not sell your personal data.

• Paddle.com Market Limited — acts as Merchant of Record (MoR) to sell the Service, manage subscriptions, process payments, calculate taxes and issue invoices.
• Infrastructure providers — hosting, database, image storage and transactional email delivery.
• Analytics tools — aggregate usage and performance metrics.
• Professional advisors — lawyers and accountants, when strictly necessary.
• Authorities — when required by law, court order or to defend rights.

6. International transfers

Some subprocessors may store data outside Brazil. In such cases we adopt safeguards such as standard contractual clauses and adequacy verification of the destination, in accordance with LGPD and GDPR.

7. Retention

We retain your data while your account is active and for as long as needed to fulfill the purposes above. After account closure, identification data is deleted within 90 days; tax records and security logs may be retained for legally required periods (typically 5 years).

8. Your rights

You may, at any time, request:

• Confirmation that processing exists and access to your data;
• Correction of incomplete, inaccurate or outdated data;
• Anonymization, blocking or deletion of unnecessary data;
• Portability to another provider;
• Deletion of data processed based on consent;
• Information about sharing;
• Withdrawal of consent;
• Filing a complaint with ANPD (or equivalent authority).

To exercise your rights, contact us at the email in section 11. We respond within 30 days.

9. Security

We adopt appropriate technical and organizational measures — including encryption in transit (TLS), role-based access control, password hashing and environment segregation — to protect your data against unauthorized access, loss or alteration. No system is 100% secure; we encourage strong, unique passwords.

10. Cookies

We use essential cookies for authentication and operation of the Service, and analytics cookies to understand aggregated app usage. You can manage cookies in your browser settings. We do not use third-party marketing cookies.

11. Contact

Privacy questions, requests or complaints: contato@tipohorta.com.