At Entrepreneurity, we take user privacy seriously. This policy describes what data we collect, how we use it, who we share it with, and how we protect it. It applies to all users of the website, waitlist, and simulation game.
Data we collect
We collect information you voluntarily provide: email and role when signing up for the waitlist; name, email, institution, subject, and message when using the contact form. If you create an account, we store your email and authentication credentials through Firebase Authentication (Google). We do not collect biometric data, precise location, or contact lists.
How we use your data
We use your data to: send you updates about Entrepreneurity (launch notifications, educational content); respond to your contact messages; operate and improve the service. You can unsubscribe at any time using the unsubscribe link in each email.
Analytics and cookies
We use PostHog for anonymous web analytics with anonymous identifiers, without IP capture. We do not track personally identifiable information. We use strictly necessary first-party cookies: authentication session token and language preference. We do not use advertising or third-party cookies.
Third-party services
We share data with providers that operate the service: Amazon Web Services (infrastructure, storage, email delivery; us-east-1 region), Google Firebase Authentication (user authentication), and PostHog (anonymous analytics). Each provider operates under data processing agreements. We never sell or share your data for advertising purposes.
Children's privacy
Entrepreneurity is designed for classroom use under teacher supervision. For students under 13, the educational institution or teacher acts as agent for parental consent, in accordance with COPPA's school consent exception. We collect only data strictly necessary for the educational purpose. We do not show targeted advertising to minors.
Data retention
We retain your account data while your account is active. Waitlist and contact form data is retained for up to 12 months after fulfilling its purpose. Game session data is archived at the end of the academic term. You can request deletion of your data at any time.
Security
Your data is encrypted in transit (TLS 1.2+) and at rest (AWS default encryption). We apply least-privilege access controls and do not use shared credentials. In the event of a security breach, we will notify affected users within 72 hours.
Your rights
You have the right to access, correct, delete, and export your personal data. EU users have additional rights under GDPR, including objection and restriction of processing. Brazil users have similar rights under LGPD. To exercise your rights, contact us through our contact page.
Changes to this policy
We will notify material changes by email. Minor changes will be posted on this page with the updated date. Continued use of the service after notification constitutes acceptance.
Contact
If you have questions about this privacy policy, contact us through our contact page.