Privacy Policy
Last updated: 14 de maio de 2026
1. Introduction {#introducao}
This Privacy Policy describes how the website mensageirosdovento.com (hereinafter “the site”) collects, uses, stores and protects personal data of its visitors, in compliance with the Brazilian General Data Protection Law (Lei nº 13.709/2018 — LGPD, Brazilian GDPR).
By accessing the site, you agree to the collection of data strictly necessary for the basic operation of the pages. Additional collection — such as usage metrics and personalization — depends on your express consent, which may be granted or revoked at any time through the cookie banner or the “Manage cookies” button in the footer.
2. Data Controller and Data Protection Officer (DPO) {#controlador}
Data Controller: Projeto Mensageiros do Vento — IDK.Network
Data Protection Officer (DPO): The author and developer.
Contact for privacy matters: contato@idk.network
In compliance with Article 41 of the LGPD, the Data Protection Officer serves as the communication channel between the data controller, data subjects and the Brazilian National Data Protection Authority (ANPD).
3. Data Collected {#dados-coletados}
The site collects only data strictly necessary for its operation and, when authorized, aggregated data for statistical analysis. We do not sell, rent or share personal data with third parties for marketing purposes.
3.1. Cookies and Local Storage {#cookies}
Cookies and localStorage are small files stored in your browser. The site uses three categories, all listed below with purpose, retention period and applicable legal basis.
Strictly Necessary (always active)
These are essential for basic site functionality and do not require consent — legal basis: legitimate interest (Article 7, IX) and contract performance (Article 7, V) for authentication. They cannot be disabled.
| Name | Purpose | Retention |
|---|---|---|
letter_seen |
Identifies whether the welcome envelope (manifesto) has already been viewed, preventing it from reappearing. | 365 days |
cms_token, cms_refresh_token |
Authentication tokens (Keycloak/JWT) for users who log in to access settings of the account linked to the game. | 24 h / 12 h |
pkce_code_verifier, pkce_state, pkce_return_to |
CSRF protection and OAuth2 PKCE flow during login. Stored in sessionStorage. |
Until end of browser session |
mdv_consent_v1 |
Records your consent choices (Article 8 §6 and Article 37 of the LGPD). Allows us to respect your preferences in future visits. | 365 days |
Preferences (optional)
They personalize your experience on the site. Legal basis: consent (Article 7, I). You may accept or refuse this category.
| Name | Purpose | Retention |
|---|---|---|
cms_theme |
Remembers the theme preference (light/dark) between visits, when applicable. | 365 days |
Analytics (optional)
These allow us to understand how the site is used in an aggregated and anonymous manner, helping to improve content and performance. Legal basis: consent (Article 7, I). These cookies are not loaded before your express consent.
| Name | Purpose | Retention |
|---|---|---|
_ga, _ga_PPE81KTFBL |
Google Analytics — distinguishes unique users and sessions for aggregated usage metrics. | 2 years |
4. International Data Transfer {#transferencia-internacional}
When you consent to the Analytics category, aggregated browsing data is processed by Google LLC, headquartered in the United States of America. This international transfer occurs under the terms of Article 33 of the LGPD and is covered by the contractual commitments and protection standards adopted by Google for services offered to Brazilian and European users.
Google Analytics privacy policy: policies.google.com/privacy. You may revoke this consent at any time via the cookie banner or footer.
5. Restricted Administrative Area {#area-restrita}
The site has an administrative area (/cms/*) for internal use, accessible only to authenticated project collaborators. In this area, additional resources are used — Firebase Cloud Messaging (operational notifications) and Google Maps (in-game map editor). These resources are not loaded on public pages and do not affect ordinary visitors.
Legal basis for processing collaborator data in the restricted area: performance of contract/employment relationship (Article 7, V) and legitimate interest (Article 7, IX) for CMS operation.
6. Your Rights {#direitos}
As a data subject, the LGPD guarantees you (Article 18) the following rights:
- Confirmation of the existence of processing of your data;
- Access to the data we hold about you;
- Correction of incomplete, inaccurate or outdated data;
- Anonymization, blocking or deletion of unnecessary data or data processed in non-compliance;
- Portability of data to another service provider;
- Deletion of personal data processed with your consent;
- Information about public and private entities with whom we share data;
- Information about the possibility of not providing consent and its consequences;
- Revocation of consent at any time, through express manifestation.
To exercise any of these rights, send an email to contato@idk.network with the subject “LGPD — Data Subject Rights”. We will respond within the legal deadline of up to 15 days.
7. Consent Management {#consentimento}
Your consent choices are stored locally in your browser (cookie mdv_consent_v1) with date and time. To change your preferences at any time:
- Click on “Manage cookies” in the site footer; or
- Clear the site data in your browser so the banner is shown again on your next visit.
8. Security {#seguranca}
We adopt technical and administrative measures to protect your data against unauthorized access, loss or undue alteration — including HTTPS connections, authentication via OAuth2/OpenID Connect with short-lived tokens, and isolation of the administrative area.
9. Changes to this Policy {#alteracoes}
We may update this policy periodically. Material changes will be communicated via a banner on the site. The date of the last update appears at the top of this document. If changes affect processing subject to consent, we will request your re-agreement.
10. National Data Protection Authority {#anpd}
You may also report issues directly to the ANPD at gov.br/anpd.
This policy was drafted based on Lei nº 13.709/2018 (LGPD, Brazilian GDPR) and on the ANPD’s Cookies Guidance.