Privacy Policy — Dapper
Legal Document

Privacy Policy

How Dapper collects, uses, and protects your personal data.

Last updated: January 1, 2025 · Effective immediately

Table of Contents

  1. Who We Are
  2. Data We Collect
  3. How We Use Your Data
  4. Legal Basis for Processing
  5. Data Sharing & Third Parties
  6. International Transfers
  7. Data Retention
  8. Your Rights
  9. Cookies & Tracking
  10. Children's Privacy
  11. Security
  12. Contact & DPO

01Who We Are

Dapper (CNPJ: 51.751.258/0001-60), headquartered at Praça Odilon Resende Andrade, Três Corações, Minas Gerais, Brazil, is the data controller responsible for the personal information collected through our website (secretsystem.online) and digital products.

For any privacy-related inquiry, contact us at dappercontact6@gmail.com.

02Data We Collect

We collect the following categories of personal data, only to the extent necessary to provide our services:

  • Identity data: name, date of birth (when required).
  • Contact data: email address, phone number (optional).
  • Account data: username, password (hashed), preferences.
  • Transaction data: purchase records, billing address, payment method type (we do not store full card details).
  • Usage data: pages visited, features accessed, session duration, click patterns.
  • Device & technical data: IP address, browser type, operating system, device identifiers.
  • Communications data: emails or messages you send us, support requests.

We never sell your personal data to third parties. We do not collect sensitive categories of data (e.g. health diagnoses, biometric data) unless you explicitly provide them in a support context.

03How We Use Your Data

Your data is used exclusively for the following purposes:

  • Creating and managing your account and access to our platforms.
  • Processing purchases and delivering digital products or services.
  • Sending transactional communications (receipts, access credentials, updates).
  • Sending marketing communications, only with your explicit consent and with easy opt-out.
  • Personalizing your experience and improving our products based on anonymized usage patterns.
  • Complying with legal obligations (tax records, fraud prevention, regulatory requirements).
  • Protecting the security and integrity of our platforms.

04Legal Basis for Processing

We process your data on the following legal bases, depending on the context:

  • Contract performance: to fulfill obligations arising from your purchase or use of our services.
  • Legitimate interest: to improve our products, ensure security, and prevent fraud.
  • Consent: for marketing emails, cookies, and optional features — which you may withdraw at any time.
  • Legal obligation: to comply with Brazilian LGPD (Lei Geral de Proteção de Dados), GDPR (EU/EEA users), CCPA (California users), and other applicable laws.

05Data Sharing & Third Parties

We may share your data with trusted third-party service providers who process data on our behalf under strict data processing agreements:

  • Payment processors (e.g. Stripe, Kirvano, PayPal) — for secure transaction processing.
  • Email & communication tools (e.g. SendGrid, Mailchimp) — for transactional and marketing emails.
  • Analytics providers (e.g. Google Analytics) — for anonymized usage insights.
  • Cloud infrastructure — for hosting, storage, and delivery of our digital products.
  • Legal authorities — only when required by law, court order, or to protect our rights.

All third parties are contractually required to handle your data in accordance with applicable privacy laws.

06International Data Transfers

As Dapper operates globally — serving users in Brazil, the United States, Germany, and 20+ other countries — your data may be transferred to and processed in countries outside your own.

For transfers from the EU/EEA, we apply appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission. For transfers from Brazil, we comply with LGPD Chapter V requirements. For users in California, transfers comply with CCPA provisions.

07Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected, or as required by applicable law:

  • Account data: retained for the duration of your account plus 5 years after closure (tax/legal requirements).
  • Transaction records: 5–10 years depending on jurisdiction (tax law compliance).
  • Marketing data: until you withdraw consent or unsubscribe.
  • Usage & analytics data: up to 26 months in anonymized form.

08Your Rights

Depending on your location, you hold the following rights over your personal data:

  • Access: request a copy of the data we hold about you.
  • Rectification: request correction of inaccurate or incomplete data.
  • Erasure ("right to be forgotten"): request deletion of your data, subject to legal retention requirements.
  • Restriction: request that we limit how we process your data.
  • Portability: receive your data in a structured, machine-readable format.
  • Objection: object to processing based on legitimate interests or for direct marketing.
  • Withdraw consent: at any time, without affecting the lawfulness of prior processing.

To exercise any of these rights, email us at dappercontact6@gmail.com. We will respond within 30 days. Brazilian users may also contact the ANPD; EU users may lodge a complaint with their local supervisory authority.

09Cookies & Tracking

We use cookies and similar tracking technologies to operate and improve our platforms. Categories include:

  • Essential cookies: required for the website to function. Cannot be disabled.
  • Performance cookies: measure how visitors interact with our content (anonymized).
  • Functional cookies: remember your preferences and settings.
  • Marketing cookies: used to deliver relevant advertising. Only with your consent.

You can manage cookie preferences via our cookie banner or your browser settings. Withdrawing consent for non-essential cookies will not affect your access to our services.

10Children's Privacy

Our services are intended for users aged 18 and over. We do not knowingly collect personal data from children under 13 (or under 16 in the EU). If you believe a child has provided us with personal data, please contact us immediately at dappercontact6@gmail.com and we will delete it promptly.

11Security

We implement industry-standard security measures to protect your personal data, including:

  • TLS/SSL encryption for all data in transit.
  • Encrypted storage for sensitive information.
  • Access controls and role-based permissions for our team.
  • Regular security assessments and vulnerability monitoring.

While we take all reasonable precautions, no digital system is 100% secure. In the event of a data breach affecting your rights, we will notify you and relevant authorities as required by law.

12Contact & DPO

For any questions, requests, or concerns regarding this Privacy Policy or your personal data, please contact us:

Dapper
Email: dappercontact6@gmail.com
Address: Praça Odilon Resende Andrade, Três Corações, MG — Brazil
CNPJ: 51.751.258/0001-60

We may update this Privacy Policy periodically. Material changes will be communicated via email or prominent notice on our platforms. Continued use of our services after changes constitutes acceptance.