MOVUCA GLOBAL PRIVACY POLICY

Last updated: January 8, 2025

1. INTRODUCTION AND GLOBAL APPLICABILITY

J H PINHEIRO CRUZ MARQUES ENTRETENIMENTO E EVENTOS LTDA, a Brazilian company registered under CNPJ No. 61.507.994/0001-21, with headquarters at Dom Pedro I 719, Cxpst 1113 Room 104, ZIP 58020-514, Tambiá, João Pessoa - PB, Brazil (“Movuca”, “we”, “us”, “our”), operates the Movuca application globally and is committed to protecting personal data in compliance with all applicable laws.

This Privacy Policy applies to all Movuca users regardless of their location and has been prepared to comply with:

General Data Protection Law (LGPD) - Brazil
General Data Protection Regulation (GDPR) - European Union
California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) - California, USA
Other applicable data protection laws

2. DEFINITIONS AND IMPORTANT CONCEPTS

For purposes of this Policy:

Personal Data: Any information relating to an identified or identifiable natural person
Processing: Any operation performed on personal data
Controller: Movuca, as responsible for decisions about processing
Data Subject: You, the natural person to whom the personal data relates
Legal Bases: Legal grounds that authorize data processing

3. DATA WE COLLECT

3.1 Categories of Personal Data Collected

Identification and Contact Data:

Full name
Email address
Phone number
Profile picture
Date of birth
Unique user identifiers

Precise Location Data:

Real-time GPS location (only with explicit consent)
Location history
Frequently visited places

Profile and Preference Data:

Stated interests (music, sports, event types)
Privacy preferences
Notification settings

Activity and Interaction Data:

Events viewed and attended
Ratings and comments
Connections with other users
Shared content
Messages (when implemented)

Technical and Device Data:

IP address
Device type and model
Operating system and version
Device identifiers
Network information
Access and usage logs

Payment Data (Future):

Card information (processed by secure third parties)
Transaction history
Billing data

3.2 Sensitive Data

We do not intentionally collect sensitive data (racial/ethnic origin, political opinions, religious beliefs, genetic, biometric, health or sex life data). If voluntarily shared in comments or profiles, additional protections apply.

3.3 Children’s Data

This service is not directed to minors under 18 years (or digital age of majority in your jurisdiction). We do not knowingly collect data from minors.

4. LEGAL BASES AND PURPOSES OF PROCESSING

We process your data based on the following legal grounds:

Collection and use of precise location
Sending marketing communications
Sharing data with specific partners
Use of non-essential cookies

Account creation and maintenance
Provision of app services
Transaction processing
Service-related communications

Service improvement and personalization
Aggregated usage analytics
Security and fraud prevention
Customer support

Data retention per tax laws
Cooperation with authorities
Compliance with court orders

5. YOUR RIGHTS AS DATA SUBJECT

Regardless of your location, you have the following rights:

5.1 Universal Rights

Access: Obtain confirmation and copy of your personal data
Rectification: Correct incorrect or outdated data
Erasure: Request deletion of your data (with legal exceptions)
Portability: Receive your data in structured format
Objection: Object to certain processing
Consent Withdrawal: Withdraw consent at any time
Information: Be informed about your data processing

5.2 Jurisdiction-Specific Rights

For Brazil Residents (LGPD):

Anonymization, blocking or elimination of unnecessary data
Information about third-party sharing
Review of automated decisions

For European Union Residents (GDPR):

Processing restriction
Right not to be subject to solely automated decisions
Right to lodge complaint with supervisory authority

For California Residents (CCPA/CPRA):

Right to know what personal information is collected
Right to know if personal information is sold or shared
Right to opt-out of personal information sale
Right to non-discrimination for exercising rights
Right to correct inaccurate personal information
Right to limit use of sensitive personal information

5.3 How to Exercise Your Rights

To exercise any of these rights, contact us via:

Email: [email protected] / [email protected]
In-app form: Settings > Privacy > My Rights
Mail: Headquarters address (above)

We will respond within 15 days (Brazil), 30 days (EU) or 45 days (California), as applicable.

Other Users: Public profile information per your settings

Service Providers:

Amazon Web Services (hosting - USA)
Transactional email providers
Certified payment processors
Analytics services (anonymized)

Authorities: When required by law or valid court order

Successors: In case of merger, acquisition or asset sale

6.2 International Transfers

Your data may be transferred to countries outside your jurisdiction, especially United States. We ensure adequate protection through:

EU-approved Standard Contractual Clauses (SCCs)
Privacy certifications where applicable
Adequacy assessment of recipient country
Technical and organizational security measures

7. DATA SECURITY AND PROTECTION

We implement appropriate security measures including:

Encryption in transit (TLS 1.3) and at rest (AES-256)
Multi-factor authentication for administrative access
Access controls based on least privilege principle
24/7 continuous security monitoring
Regular penetration and vulnerability testing
Certified information security policies
Regular employee training
Incident response plan

8. DATA RETENTION

We retain your data for the shortest necessary time:

Active account data: During account duration
Inactive account data: 2 years after last activity
Location data: 12 months (analytics) or per consent
Transaction data: 5-7 years (tax/legal requirements)
Security logs: 2 years
Anonymized data: Indefinitely for analytics

9. COOKIES AND TRACKING TECHNOLOGIES

See our complete Cookie Policy for details. In summary:

Essential Cookies: Always active (app functionality)
Performance Cookies: With your consent
Marketing Cookies: With your explicit consent
You can manage preferences anytime

10. YOUR PRIVACY CHOICES AND CONTROLS

You can control:

Location: Disable in settings (limits core features)
Notifications: Manage types and frequency
Profile Visibility: Public, friends or private
Marketing: Opt-out available in all communications
Account Deletion: Available in settings

11. PRIVACY BY DESIGN AND BY DEFAULT

We implement privacy principles from conception:

Data minimization
Pseudonymization when possible
Restrictive privacy settings by default
Transparency in all operations
Privacy impact assessments for new features

12. DATA BREACH NOTIFICATION

In case of breach that may affect your rights:

We will notify authorities within 72 hours
We will notify you directly if high risk
We will provide information about measures taken
We will offer appropriate support

13. UPDATES TO THIS POLICY

Significant changes will be communicated 30 days in advance via:

In-app notification
Email to active users
Prominent notice on first access

14. DATA PROTECTION AUTHORITIES

You may contact authorities in your jurisdiction:

Brazil - ANPD: www.gov.br/anpd

European Union: Your country of residence authority (list at edpb.europa.eu)

California - CPPA: cppa.ca.gov

15. CONTACT INFORMATION

Data Protection Officer:

Email: [email protected]
Phone: [+55 83 XXXX-XXXX]
Address: Dom Pedro I 719, Cxpst 1113 Room 104, ZIP 58020-514, Tambiá, João Pessoa - PB, Brazil

For general privacy inquiries:

Email: [email protected] / [email protected]