Loading...
Loading...
Explore our services, become a pilot or be our partner.
Last updated: April 25, 2026 β version 1.0
Spartan Pilot is operated by Eduardo Sousa (MEI), individual based in Brazil. DPO contact: projetorok2026@gmail.com All communications regarding personal data processing (access, correction, deletion, objection) should be directed to this email. We respond to requests within 15 business days.
Data subject: natural person to whom personal data refers. Personal data: any information related to an identified or identifiable person. Processing: any operation performed with personal data. Controller: Spartan Pilot. Processor: third parties processing on behalf of the controller (Vercel, Firebase/Google, Discord).
Profile (via Discord login): Discord ID, username, avatar, email (when provided), Rise of Kingdoms nickname (optional), kingdom number (optional). Behavioral: orders placed, ratings given/received, referrals, chat messages on orders, loyalty points. Technical: IP in truncated SHA-256 hash (not isolatable for re-identification), user-agent, authentication cookies, preference cookies (language/theme), access logs for sensitive endpoints.
Service delivery: brokering orders between clients and pilots. Operational communication: notifying order status, messages, updates. Anti-fraud and security: detecting abuse, preventing double-spend, investigating disputes. Legal obligations: preserving records under Brazilian Consumer Code and tax law. Service improvement: understanding aggregate usage and prioritizing features.
Contract execution (art. 7, V) for profile and contractual data. Legitimate interest (art. 7, IX) for anti-fraud, audit logs, essential cookies. Consent (art. 7, I) for non-essential cookies and future marketing (currently unused).
We share data with Discord (authentication, bot messages), Vercel (infrastructure, logs), Google Cloud / Firebase (database, storage), and legal authorities when required by law. We do not sell personal data to third parties. We do not perform commercial profiling for advertising.
Profile data: while account exists. Completed orders: 5 years (Brazilian Consumer Code + tax obligations). Chat messages: indefinite until user requests deletion. ROK credentials in account-sales chat: 7 days (cron auto-delete). Technical logs (profileViews, partnerImpressions, partnershipClicks): 30 days. Notifications: 90 days. Audit log: indefinite (essential for disputes and fraud investigation). After account deletion: anonymization β personal fields become placeholders, contractual data preserved for legal retention period.
You have the right to: β’ Confirm processing β’ Access data β’ Correct incomplete or inaccurate data β’ Anonymize, block, or delete β’ Portability β’ Revoke consent β’ Object to processing based on legitimate interest We do not perform automated decisions affecting users, so the right to review automated decisions does not currently apply.
Automated endpoints (at /dashboard/client/privacy): β’ Export my data β generates JSON file with all your data and a 24h download link. β’ Delete my account β anonymizes personal data and revokes access. For any other case, email projetorok2026@gmail.com with your Discord ID and the right you wish to exercise. We respond within 15 business days.
Technical and administrative measures: β’ Encryption in transit (HTTPS / TLS 1.2+) β’ Authentication via JWT, HttpOnly + SameSite + Secure cookies β’ Firestore rules (database-level access control) β’ Audit log on sensitive endpoints β’ Rate limiting Conscious decision: Rise of Kingdoms credentials shared via account-sales chat (C10 feature) are stored in plaintext for up to 7 days, then auto-deleted. This is documented in docs/decisions/2026-04-25-conscious-acceptance.md (D-1), mitigated by reveal-on-click, visible countdown, restrictive rules, and audit log.
Essential cookies (platform does not work without them): authentication (spartan-auth). Preference cookies (optional, controlled via banner): language (NEXT_LOCALE), theme (theme), consent record (cookie-consent). We do not use third-party tracking cookies (Google Analytics, Meta Pixel) currently.
Data is processed on Google Cloud / Vercel servers located in the US and EU. Safeguards: Standard Contractual Clauses between processors and controller, technical adequacy of providers to GDPR and LGPD, restricted access for technical operation only. LGPD allows international transfer if the receiving country offers an adequate level of protection (art. 33). Our chosen providers meet this requirement.
Material updates will be communicated via banner notice on the site and update of the "Last updated" field at the top of this document. Historical versions of each policy are kept in git at docs/legal/privacy-policy-vN.0.md.
DPO email: projetorok2026@gmail.com Responsible: Eduardo Sousa, founder Spartan Pilot. Current version: 1.0 (2026-04-25).
For questions, contact projetorok2026@gmail.com.