Privacy Policy
Responsible protection and processing of your data
Ifá Wisdom values your privacy and is committed to protecting users' personal data. This policy describes transparently what information we collect, how we use it, with whom we share it, and what your rights are as a data subject.
Data Controller
Ifá Wisdom is responsible for processing the personal data collected through this platform. For privacy-related questions, you can reach out through the Contact page.
Data We Collect
We collect only the minimum necessary for the platform to operate: (1) Email for authentication and important communications; (2) Username for personalizing the experience; (3) Oracle consultation history for your personal Diary; (4) Learning progress and gamification (XP, Asé, level); (5) Payment data securely processed by Stripe. We never collect sensitive data such as detailed religious beliefs, political affiliation, or health status.
How We Use the Data
Your data is used exclusively for: secure authentication on the platform; maintaining your Diary of spiritual consultations; tracking progress in the learning modules; processing payments for Premium plans and one-off consultations; communications about your account, security, or important updates; and aggregated anonymous analysis to improve the platform. We never sell your data to third parties nor use it for behavioral advertising.
Storage and Security
Data is stored on Supabase, a secure platform with SOC 2 Type 2 certifications. We implement Row Level Security (RLS) policies that ensure only you can access your consultations and personal data. All communications are encrypted via HTTPS/TLS. Backups are performed regularly and kept in secure locations.
Sharing with Third Parties
We share strictly necessary data with the following processors (LGPD Art. 5, VII), all under appropriate contractual safeguards:
Supabase Inc. (USA) — database hosting, authentication and Row Level Security. Data: email, profile, consultations, comments, progress. Legal basis: contract performance. SOC 2 Type 2.
Stripe Inc. (USA/Ireland) — payment processing, subscription and invoice management. Data: email, user ID, card data (never stored by Ifá Wisdom — only by Stripe, PCI-DSS Level 1 certified). Legal basis: contract performance.
Resend Inc. (USA) — transactional email delivery (signup confirmation, comment notifications, newsletter). Data: email, notification content. Legal basis: contract performance + legitimate interest (newsletter under opt-in).
Vercel Inc. (USA) — web application hosting and performance analytics. Data: access logs, Core Web Vitals metrics (anonymised). Legal basis: legitimate interest.
Google LLC — Google Analytics 4 for traffic analysis. Only with prior consent via the cookie banner. Data: pseudonymised (no PII). Legal basis: consent (LGPD Art. 7, I).
Anthropic PBC (USA) — language model (Claude Haiku 4.5) for Odu interpretation. Data: user question + drawn Odu (no personal identifiers). Legal basis: contract performance. Anthropic does not use API data to train its models.
International transfers to the USA are covered by the European Commission's Standard Contractual Clauses (SCCs). For Brazil, transfers follow LGPD Art. 33 with equivalent contractual guarantees.
Your Rights
As a data subject, you have the right to: access your personal data; request the correction of incorrect data; request deletion of your account and data (right to be forgotten); export your data in a portable format; object to processing in certain circumstances; and lodge a complaint with the data protection authority. To exercise these rights, contact us through the Contact page.
Data Protection Officer (DPO)
In compliance with LGPD Art. 41 and GDPR Art. 37, the Ifá Wisdom Data Protection Officer can be contacted at:
Email: paboohwow@gmail.com Contact page: available at /contact
The DPO handles rights requests (access, rectification, erasure, portability, objection), complaints, and questions about personal data processing. Response time is up to 15 calendar days. Account deletion and data export can be triggered directly at /profile without contacting the DPO.
You also have the right to lodge a complaint with the Brazilian Data Protection Authority (ANPD — gov.br/anpd) or the competent data protection authority in your country.
Retention Period
We retain your data only for as long as necessary: account data while you keep an active registration (deleted within 30 days after a cancellation request); consultation history according to your preference (you can archive or delete entries individually); payment data for the legally required period (7 years for tax obligations); and security logs for up to 90 days.
Changes to This Policy
This policy may be updated to reflect changes in legislation, in our practices, or in the platform's functionality. We will notify significant changes via email or notice on the platform. The date of the last update is shown at the bottom of this page.