Legal

Privacy Policy

The quick version before the legal stuff:

1.I collect your name and email when you use the contact form. That's it.
2.I use that info to reply to you. I don't sell it, share it, or add you to a newsletter.
3.I use basic analytics (PostHog) to see how people use the site. No creepy tracking.
4.If there's ever a data breach, I'll notify you within 72 hours.
5.Want your data deleted? Email me and I'll handle it.

Last updated: March 2, 2026

1. Who We Are

This website (services.thenifemi.com) is operated by Purple Engineering LTDA., a company registered in Brazil, trading as “Nifemi”. For privacy inquiries, contact us at hello@thenifemi.com.

2. Data We Collect

We collect the minimum amount of data needed to operate this site:

Information you provide

Contact form: name, email address, selected service, and message content.
Email correspondence: any information you include in emails sent to us.
Project engagement: business name, project requirements, and any materials shared during discovery or delivery.

Information collected automatically

Analytics data: page views, referral source, browser type, device type, and approximate geographic location (country level). Collected via PostHog.
Server logs: IP address, request timestamp, and URL accessed. Retained by our hosting provider (Vercel) per their standard data retention policies.

We do not collect payment information through this website. Payments for services are handled through separate invoicing and payment processors as agreed during engagement.

3. How We Use Your Data

To respond to your contact form submissions and inquiries.
To provide and deliver the services you've engaged us for.
To understand how visitors use this website and improve it.
To comply with legal obligations.

We do not use your data for marketing, advertising, or profiling. We do not sell, rent, or share your personal data with third parties for their own purposes.

4. Legal Basis for Processing (GDPR / LGPD)

If you are in the EU/EEA or Brazil, our legal basis for processing your data is:

Legitimate interest: responding to inquiries you initiate, improving the website.
Contractual necessity: processing data required to deliver services you've engaged.
Legal obligation: retaining records as required by Brazilian tax and commercial law.

5. Third-Party Services

We use the following third-party services that may process your data:

Vercel (hosting): serves this website and processes server logs.
PostHog (analytics): collects anonymous usage data to help us understand how the site is used.
Resend (email): delivers contact form submissions to our inbox.

Each of these providers has their own privacy policies. We select providers that maintain reasonable data protection standards.

6. Cookies

This website uses minimal cookies. PostHog may set analytics cookies to distinguish unique visitors. We do not use advertising cookies, tracking pixels, or retargeting tools. Your browser settings allow you to block or delete cookies at any time.

7. Data Retention

Contact form data: retained for up to 2 years or until you request deletion.
Project-related data: retained for 5 years after engagement ends, as required by Brazilian commercial and tax law.
Analytics data: retained per PostHog's default retention settings.

8. Data Security

We implement reasonable technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. This includes encrypted connections (HTTPS), secure hosting infrastructure, and access controls limiting who can view your data.

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

9. Your Rights

Depending on your jurisdiction (GDPR, LGPD, CCPA, or other applicable law), you may have the right to:

Access the personal data we hold about you.
Request correction of inaccurate data.
Request deletion of your data.
Object to or restrict processing of your data.
Request data portability.
Withdraw consent at any time where processing is based on consent.
Lodge a complaint with a supervisory authority (e.g., ANPD in Brazil, your local DPA in the EU).

To exercise any of these rights, email hello@thenifemi.com. We will respond within 30 days.

10. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify affected individuals and relevant supervisory authorities within 72 hours of becoming aware of the breach, as required by GDPR and LGPD. Notification will include the nature of the breach, data affected, and steps taken to mitigate impact.

11. International Transfers

Your data may be processed in countries outside your own, including Brazil and the United States (where our hosting and service providers operate). We rely on the data protection standards maintained by our service providers and applicable legal frameworks for international data transfers.

12. Children

This website and our services are not directed at individuals under 18 years of age. We do not knowingly collect personal data from children. If we learn that we have collected data from a child, we will delete it promptly.

13. Changes to This Policy

We may update this policy from time to time. Changes will be posted on this page with an updated date. If we make significant changes, we will make reasonable efforts to notify affected individuals.

14. Contact

Questions or concerns about this policy? Email hello@thenifemi.com.