PRIVACY POLICY AND PERSONAL DATA PROCESSING
Last updated: October 13, 2025.
1. DATA CONTROLLER
1.1. This Privacy Policy governs the processing of personal data carried out by Balance Journey,, hereinafter referred to as the Controller, acting as the entity responsible for data processing under Brazilian Law No. 13.709/2018 (General Data Protection Law – LGPD).
1.2. By accessing, browsing, or using this website — or by purchasing any product or service made available herein — the Data Subject acknowledges and agrees to the terms of this Privacy Policy and, when applicable, expressly consents to the processing of their personal data as described below.
2. PERSONAL DATA PROCESSED
2.1. The Controller may collect and process the following personal data, directly or indirectly:
Full name;
Email address;
Phone number and/or WhatsApp;
Payment information, through integrated platforms;
Browsing and device data (cookies, IP address, approximate location, browser type, access time);
Profile and preference data based on platform interactions;
Any other information voluntarily provided through forms, registrations, messages, or support requests.
2.2. The Controller does not collect sensitive personal data under Article 5, II, of the LGPD, unless strictly necessary and with specific consent from the data subject.
3. PURPOSES OF DATA PROCESSING
3.1. The personal data collected may be used for the following purposes:
To provide, operate, and improve contracted services;
To communicate with the data subject, including for support, customer service, and direct marketing purposes (when authorized);
To send content, updates, promotions, and newsletters, subject to prior consent;
To execute obligations arising from contracts entered into with the User;
To comply with legal or regulatory obligations;
To protect and exercise rights in judicial, administrative, or arbitration proceedings;
To prevent fraud and ensure the security and integrity of the platform and its users.
4. LEGAL BASIS FOR PROCESSING
4.1. The processing of personal data will be based on one or more of the following legal grounds, as applicable:
Consent of the data subject (Article 7, I, LGPD);
Performance of a contract or preliminary procedures (Article 7, V);
Compliance with legal or regulatory obligations (Article 7, II);
Legitimate interest of the Controller, respecting the fundamental rights and freedoms of the data subject (Article 7, IX);
Exercise of regular rights in judicial, administrative, or arbitration proceedings (Article 7, VI).
4.2. The Controller undertakes to conduct legitimate interest impact assessments whenever processing is based on this ground, ensuring that the data subject’s rights and freedoms are not infringed.
5. DATA SHARING
5.1. Personal data may be shared with third parties, always securely and in accordance with the purposes stated herein, including but not limited to:
Payment and financial intermediation platforms (e.g., Hotmart, Stripe, Mercado Pago);
Hosting services, cloud storage, and information security providers;
Digital marketing, email marketing, CRM, and automation tools;
Contracted partners and service providers, when necessary for the execution of related activities;
Public authorities and regulatory agencies, when required by law, regulation, or court order.
6. DATA SUBJECT RIGHTS
6.1. The data subject may, at any time and upon request, exercise the rights provided under Article 18 of the LGPD, including:
Confirmation of whether processing exists;
Access to processed data;
Correction of incomplete, inaccurate, or outdated data;
Anonymization, blocking, or deletion of unnecessary or excessive data, or data processed in noncompliance with the law;
Portability of data to another service provider, upon express request;
Deletion of data processed with consent;
Information about data sharing with third parties;
Revocation of consent, when applicable.
6.2. To exercise these rights, the data subject may contact the Controller via forms.
6.3. The Controller will make reasonable efforts to respond to requests within a reasonable time frame, observing legal deadlines and applicable technical or regulatory limitations.
7. INFORMATION SECURITY
7.1. The Controller adopts appropriate technical and administrative security measures, in line with market standards, to protect personal data against unauthorized access, destruction, loss, alteration, disclosure, or any form of unlawful or improper processing.
7.2. Such measures include, but are not limited to: access controls, encryption, activity monitoring, and the use of environments protected by firewalls and secure authentication mechanisms.
8. COOKIES AND TRACKING TECHNOLOGIES
8.1. This platform uses cookies and similar technologies to enhance user experience, personalize content, and collect analytical data.
8.2. The User may configure their browser at any time to block cookies or alert about their use, acknowledging that disabling cookies may affect the proper functioning of certain website features.
9. DATA RETENTION PERIOD
9.1. Personal data will be stored for as long as necessary to fulfill the purposes set forth in this Policy, in accordance with applicable legal, contractual, or regulatory requirements — or until deletion is requested by the data subject, when applicable.
9.2. Once the retention period ends, data will be securely deleted or anonymized for statistical purposes, as permitted by law.
10. POLICY CHANGES
10.1. This Privacy Policy may be amended at any time, at the Controller’s discretion, or due to legal or regulatory updates.
10.2. The updated version will be made available on this website, with the revision date shown at the top. Continued use of the services after publication constitutes tacit acceptance of the revised terms.
10.3. If the changes significantly affect the way personal data is processed, users will be clearly notified through the available communication channels.
11. CONTACT CHANNEL
11.1. For questions, clarifications, or to exercise any rights under this Policy, the data subject may contact us through forms.
11.2. Requests will be handled in accordance with the LGPD, within the applicable legal deadlines, and may require identity verification to ensure the security of the information.
12. LEGAL REFERENCES
Law No. 13.709/2018 – General Data Protection Law (LGPD)
Law No. 12.965/2014 – Brazilian Internet Civil Rights Framework
Consumer Defense Code – Law No. 8.078/1990 (when applicable)