Privacy Policy
Last updated: May 22, 2026
1. Who we are
This Privacy Policy describes how Lynkame (“we”, “us”, or “the platform”) collects, uses, shares, and protects personal data from anyone using our service — cardholders, public profile visitors, and people who submit forms or place orders on the platform.
Data controller: Lynkame is a brand operated by Gustavo Gabry Orcay (Brazilian sole-proprietor / MEI), registered under CNPJ 66.826.643/0001-05, headquartered in Brazil. This policy complies with Brazil's General Data Protection Law (LGPD — Law 13,709/2018) and the Brazilian Civil Rights Framework for the Internet (Marco Civil — Law 12,965/2014).
2. What we collect
2.1 When you create an account
- Identification: name, email, password (stored hashed).
- Public profile: photo, bio, username, background colors and images, links and social handles you add.
- Contact: WhatsApp number (if connected), Pix key.
- Payments: subscription details handled by Stripe; Mercado Pago tokens, if you connect your account to receive Pix. We do not store full credit card data.
2.2 When someone visits your public profile
- Technical logs: IP address, browser agent, date/time of access, page visited — required by Marco Civil (art. 15).
- Aggregated metrics: profile view counts, link clicks. No visitor PII is exposed to you.
2.3 When someone submits a form, booking, or order
- The data the visitor chooses to submit: name, phone, email, message, menu choices, etc.
- Messages exchanged via the WhatsApp bot (only if you enable the feature and the customer initiates the conversation).
- When accepting or declining an electronic quote, we record the visitor's IP address and the exact timestamp of the action. This record is used solely to evidence contractual acceptance, based on contract performance (LGPD art. 7, V) and Brazil's Marco Civil da Internet (art. 7, II), and is retained for the 5-year statutory limitation period.
2.4 Business accounts (B2B)
- Link between manager and team members; company name; brand applied to staff cards; shared products/links across the team.
3. Why we process your data
We process data strictly to:
- Operate your NFC card and serve your public profile;
- Authenticate access and keep your account secure;
- Process subscription payments and pass Pix payments through to your end customers;
- Show you metrics (views, leads, clicks, sales);
- Send push notifications and transactional emails (booking reminders, new leads, order updates);
- Reply via the WhatsApp bot (only if you enable it);
- Comply with legal and tax obligations;
- Prevent fraud and abuse of the platform.
We never sell your data and do not use it for third-party advertising.
4. Legal bases
Each processing activity is grounded in one of the LGPD legal bases (art. 7):
| Activity | Legal basis |
|---|---|
| Creating and running your account | Contract performance (art. 7, V) |
| Processing payments | Contract performance (art. 7, V) |
| Tax-record keeping | Legal obligation (art. 7, II) |
| Keeping access logs | Legal obligation — Marco Civil (art. 7, II) |
| Metrics, fraud prevention | Legitimate interest (art. 7, IX) |
| Optional marketing communications | Consent (art. 7, I) — revocable any time |
| Collection via public form/menu | Visitor consent at submission (art. 7, I) |
7. How long we keep data
| Data | Retention |
|---|---|
| Active account | For as long as your account is active |
| Account after deletion | 30 days in backup, then erased |
| Access logs | 6 months (Marco Civil) |
| Tax / payment records | 5 years (Brazilian tax law) |
| Aggregated metrics (no personal data) | Indefinitely |
| Leads and form submissions | While your account is active, or until you delete them |
8. How we protect data
- HTTPS (TLS) on every page;
- Passwords hashed with bcrypt;
- OAuth tokens (Mercado Pago, etc.) encrypted at rest;
- Admin access restricted by role and protected with 2FA;
- Daily encrypted backups.
No system is 100% safe. In case of a security incident that may pose a real risk to you, we will notify you and the ANPD as required by LGPD art. 48.
9. Your rights
Under LGPD (art. 18) you have the right to:
- Confirm we process your data;
- Access the data we have about you;
- Correct incomplete or outdated data;
- Anonymize, block, or delete unnecessary data;
- Portability to another provider;
- Delete data processed under consent;
- Know who we share your data with;
- Withdraw consent at any time;
- Object to processing based on legitimate interest.
To exercise any of these rights, email support@lynkame.com.br. We respond within 15 days.
10. Children and minors
Lynkame is not intended for children under 13. Teenagers (13–17) may use the platform only with consent from at least one parent or legal guardian (LGPD art. 14). If we identify a minor account without the required consent, we will delete the data.
11. International data transfers
Some providers are based outside Brazil (Stripe, AI provider, email). Transfers happen under the conditions of LGPD art. 33, using standard contractual clauses or countries with adequate protection.
12. Changes to this policy
We may update this policy to reflect product or legal changes. Material changes will be communicated by email and/or a dashboard notice at least 15 days in advance.
13. How to contact us
- Email (general and Data Protection Officer): support@lynkame.com.br
- National Authority: ANPD — you may also file a complaint directly with the authority.