Privacy Policy

Effective date: 2026-04-27

This Privacy Policy explains how Satoshi's House ("we", "us") collects, uses, shares and protects personal information when you use our website, member area, newsletter and tools. We operate from Brazil and serve a global audience, so this policy is written to comply with the General Data Protection Regulation of the European Union and the United Kingdom (GDPR), the California Consumer Privacy Act and the California Privacy Rights Act (CCPA / CPRA), and Brazil's General Personal Data Protection Law (LGPD), among other applicable frameworks.

1. Data Controller

Satoshi's House is the controller of your personal data for the purposes of GDPR, the equivalent decision maker under CCPA, and the controller under LGPD. You can contact us at contato@satoshishouse.com.

2. Information We Collect

  • Account data: name, email and password hash when you register.
  • Profile data: optional avatar, biography and preferences.
  • Payment data: processed by Stripe. We do not store full card numbers. We retain the Stripe customer identifier and a reference to your subscription or invoice.
  • On-chain data: when you pay via USDT on the BNB Smart Chain, we record the transaction hash and the sender wallet address you submit, in order to verify the payment.
  • Usage data: IP address, device, browser, pages visited, referral source, time stamps. Collected through server logs and analytics, with consent where required.
  • Newsletter data: email address, name and category preferences.
  • Cookies and similar technologies: see our Cookie Policy.

3. Lawful Bases for Processing (GDPR Article 6)

  • Performance of a contract: account creation, paid plans, member tools.
  • Legitimate interests: security, fraud prevention, basic analytics, abuse prevention.
  • Consent: marketing communications, non-essential cookies, optional features.
  • Legal obligation: tax, accounting and lawful requests from authorities.

4. Purposes of Processing

  • Provide and maintain the service.
  • Process subscriptions and one-time payments.
  • Send transactional emails (account, billing, security).
  • Send the newsletter to subscribers who opted in.
  • Improve and secure the platform.
  • Comply with legal and regulatory obligations.

5. Subprocessors and Sharing

We rely on the following subprocessors, each bound by a data processing agreement:

  • Vercel (hosting and edge delivery).
  • Supabase (PostgreSQL database and authentication).
  • Stripe (payment processing).
  • Brevo (newsletter delivery).
  • Upstash Redis (cache and rate limiting).
  • Cloudinary (image hosting and transformation).
  • Google Tag Manager and Google Analytics 4 (analytics under consent only).
  • OpenAI and Anthropic (LLM APIs for content generation and translation; no personal data is shared, only public content the system already publishes).

We do not sell or rent personal information for monetary gain. Some of the subprocessors above may be considered to receive "personal information" under California law for the purpose of providing the service; California residents can exercise their opt-out rights via our Do Not Sell or Share My Personal Information page.

6. International Transfers

Personal data may be transferred outside the European Economic Area, the United Kingdom and Brazil because our subprocessors operate globally. Where required, we rely on the European Commission's Standard Contractual Clauses or equivalent safeguards under LGPD and other regimes.

7. Retention

We retain account data for as long as your account is active and for up to two years after deletion for security, tax and accounting purposes. Newsletter data is retained until you unsubscribe. Logs are retained for up to twelve months. Payment metadata is retained for as long as required by tax law.

8. Your Rights

Subject to local law, you may exercise the following rights:

  • Access, rectification, erasure, restriction, portability and objection (GDPR, LGPD).
  • Right to know, delete, correct and limit the use of sensitive personal information (CCPA / CPRA).
  • Opt out of the sale or sharing of personal information (CCPA / CPRA): see Do Not Sell.
  • Withdraw consent at any time, without affecting the lawfulness of processing carried out before the withdrawal.
  • Lodge a complaint with your local data protection authority.

To exercise any right, email contato@satoshishouse.com with the subject "Privacy Request". We may need to verify your identity.

9. Children

The service is not intended for children under the age of 18. We do not knowingly collect personal data from minors. If you believe we have, contact us and we will delete it.

10. Security

We implement reasonable technical and organizational measures, including TLS in transit, hashed credentials, role-based access, audit logging on sensitive operations and rate limiting on authentication endpoints. No system is perfectly secure; please use a strong unique password and enable any additional security features we offer.

11. Cookies

We use cookies and similar technologies as described in our Cookie Policy. By default, advertising and analytics storage is denied via Google Consent Mode v2 until you grant consent.

12. Changes to this Policy

We may update this Privacy Policy from time to time. Material changes will be announced on the website. The "Effective date" above always reflects the latest version.

13. Contact

Questions about this policy or about your personal data can be sent to contato@satoshishouse.com.