Privacy Policy – ggCheckout

This Privacy Policy describes how ggCheckout (“we”, “our”, “Platform”) collects, uses, stores, and protects users’ personal information (“you”, “user”) when our services are used. By using the Platform, you agree to the terms described here. If you do not agree, we recommend that you do not use our services.

ggCheckout acts as a technology intermediary to facilitate payment management and transaction tracking, without directly intervening in the content, product, or service offered by users or producers.

2.1. Information provided by the user: full name, e-mail address, contact data, account and profile information, authentication data, content entered into the Platform, and account preferences and settings. 2.2. Information collected automatically: IP address, approximate geolocation, browser, device type, operating system, access and activity logs on the Platform, order tracking data, cookies, and similar technologies.

Collected information may be used to enable and operate Platform services, manage accounts and authentication, continuously improve user experience, identify and prevent fraud, abuse, or irregular activity, perform statistical and usage analytics, comply with legal and regulatory obligations, and send technical, operational, or promotional communications with prior consent where required by law.

4.1. Each year on January 10, we perform automated deletion of sensitive and historical data related to inactive users, focused on risk reduction and compliance with data protection laws. 4.2. Before deletion, we send prior notice to affected users, provide export tools, and allow users to make backups. 4.3. After annual deletion, data cannot be recovered. Backup responsibility lies exclusively with the user or producer.

5.1. ggCheckout does not sell, rent, or share personal data with third parties for commercial purposes without the user’s express consent. 5.2. Data may be shared with essential service providers such as hosting, technical support, and anti-fraud systems; public authorities under a valid legal request; for defense of Platform rights in administrative or judicial proceedings; or in case of merger, acquisition, or corporate restructuring, while preserving data protection continuity.

We use encryption, firewalls, access control, and other security practices aligned with market standards. Data is stored on secure servers, preferably in Brazil or in countries with adequate data protection safeguards. The Platform is continuously monitored to detect and mitigate vulnerabilities.

7.1. ggCheckout does not collect, process, or store bank account or credit card data. Financial transactions are carried out by external payment partners, such as Mercado Pago, EfiBank, and others, which act as direct operators or processors of that data. 7.2. Financial data security is the responsibility of integrated payment processors, which must operate in compliance with PCI DSS, LGPD, and applicable rules.

Under applicable law, including Brazilian LGPD and, where applicable, GDPR or CCPA/CPRA, users may access personal data, correct incomplete or outdated data, request anonymization, blocking, or deletion of unnecessary data, withdraw consent where applicable, port data to another provider where technically feasible, and request information about third-party sharing. Requests must be submitted through the support channel available on the Platform.

9.1. We use cookies for authentication, user preferences, usage analytics, performance, and essential Platform functionality. 9.2. The user may configure the browser to block or alert about cookies, but some functionality may not work properly without them.

10.1. ggCheckout is not responsible for content, products, or services offered by third parties on the Platform; we are only a technology channel. 10.2. Business decisions made based on Platform data or functionality are the user’s responsibility, including prices, deadlines, content, and sales strategies. 10.3. We are not responsible for losses caused by temporary unavailability, third-party technical failures, force majeure, or unforeseeable events.

11.1. Users who choose cryptocurrency payments must complete identity verification (KYC) through the third-party partner Didit, involving facial images for liveness checks, identity documents, personal data, and location data during verification. 11.2. ggCheckout does not directly collect, process, store, or control biometric data; all processing is performed by Didit as an independent operator or processor. 11.3. KYC is necessary for anti-money laundering and counter-terrorism financing obligations, identity verification, fraud prevention, and cryptocurrency transaction security. 11.4. By starting KYC, the user expressly consents to processing by Didit; revocation prevents use of crypto functionality. 11.5. KYC data is retained by Didit under legal requirements, and ggCheckout stores only verification status and session ID.

12.1. When using the ggCheckout Discord bot, we collect data provided by the Discord API through OAuth2, including user ID, username, avatar, server ID and name, icon, selected channels, categories, and roles. 12.2. This data is used exclusively to link the seller’s Discord account to ggCheckout, configure and operate the bot, create temporary private channels, assign roles after payment, and log transactions. 12.3. Connection data is stored in Firebase Firestore with the same security measures used for other Platform data. 12.4. We do not share Discord data with third parties except when necessary for integrated payment services. 12.5. Discord data is retained while the connection is active; when disconnected, it is marked inactive and follows the annual deletion policy. The user may request immediate deletion by e-mailing suporte@ggcheckout.com or disconnecting the server. 12.6. The bot requests only necessary permissions: view channels, send messages, embed links, attach files, read history, manage roles, and manage channels. 12.7. OAuth2 scopes include identify, guilds, bot, and applications.commands, and only servers where the user is an administrator are shown. 12.8. Members of servers where the bot is present may request deletion of personal data or opt out of future processing by e-mailing suporte@ggcheckout.com with their Discord user ID; requests are processed within 15 business days. 12.9. When Message Content Intent is used, processing is limited to private purchase channels created by the bot. Messages from other channels are not processed, stored, or analyzed. Messages from private purchase channels are retained for up to 90 days for transaction audit, unless a longer legal retention obligation applies.

We process personal data based on lawful bases under Brazilian LGPD and, where applicable, GDPR or similar laws: performance of contract or pre-contractual steps; compliance with legal or regulatory obligations; regular exercise of rights; legitimate interest for service improvement, security, and fraud prevention; consent where applicable, especially for sensitive data; and protection of life or physical safety.

14.1. ggCheckout may transfer data to servers or partners outside Brazil, including cloud providers, KYC services, international payment processors, and Discord. 14.2. International transfers follow LGPD requirements and, where applicable, GDPR safeguards, including standard contractual clauses, verification of adequate protection in the destination country, and specific consent when necessary.

ggCheckout has appointed a Data Protection Officer as the communication channel between the Platform, data subjects, and the Brazilian ANPD. To exercise rights or ask privacy questions, contact suporte@ggcheckout.com. Response time: up to 15 business days.

Under LGPD and, where applicable, GDPR or CCPA/CPRA, you may have rights to confirmation of processing, access, correction, anonymization, blocking or deletion, portability where technically feasible, deletion of data processed with consent, information about sharing, information about consequences of refusing consent, withdrawal of consent, complaints to the ANPD or other competent authority, objection to processing without consent, and review of automated decisions.

17.1. We use strictly necessary cookies for authentication, security, and preferences; performance cookies for analytics such as Google Analytics and Hotjar; functional cookies for personalization; and marketing cookies such as Facebook Pixel and Google Ads. 17.2. Session cookies are deleted when the browser closes and persistent cookies may last up to 24 months. 17.3. The user may refuse cookies in the browser, but some functionality may be affected.

18.1. Technical measures include TLS/SSL, AES-256 encryption at rest, available two-factor authentication, firewall, intrusion detection, vulnerability monitoring, automated backups, and geographic redundancy. 18.2. Organizational measures include role-based access control, employee data protection training, periodic security audits, and incident response planning. 18.3. In case of a security incident that may create relevant risk or harm, ggCheckout will notify the ANPD within 2 business days and affected data subjects within a reasonable time.

19.1. Registration data is retained while the account is active and for 5 years after termination for fiscal legal obligations; transaction data for 5 years; access logs for 6 months; KYC data according to Didit policy and AML/CFT requirements; Discord data while the server connection is active. 19.2. Automated annual deletion on January 10 covers data of users inactive for more than 24 months, with 30 days’ prior notice and export tools available during the notice period.

20.1. ggCheckout is not intended for persons under 18. 20.2. We do not knowingly collect minors’ data; if identified, the data will be promptly deleted. 20.3. Parents or guardians who identify improper use should immediately contact suporte@ggcheckout.com.

You may file a complaint or petition directly with the Brazilian National Data Protection Authority (ANPD) if you believe your rights have been violated. ANPD website: https://www.gov.br/anpd. Service channel: https://www.gov.br/anpd/pt-br/canais_atendimento.

Legal name: Ggcheckout LTDA. CNPJ: 61.924.187/0001-04. Address: Rua Comendador Torlogo Dauntre, 74 - Sala 1207, Cambui, CEP 13025-270, Campinas/SP, Brazil. Contact e-mail: suporte@ggcheckout.com. Website: https://www.ggcheckout.com.

23.1. We may modify this Privacy Policy at any time. 23.2. Material changes will be communicated by e-mail or through the Platform 7 days in advance. 23.3. Continued use of the Platform after changes represents express acceptance of the new version. 23.4. Version history will be available upon request.