1. Introduction
At Microfes Website ("we," "us," "our," or "Company"), we are committed to protecting your privacy and ensuring you have a positive experience on our website. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our services.
Please read this privacy policy carefully. If you do not agree with our policies and practices, please do not use our website. By accessing and using this website, you acknowledge that you have read and understood this Privacy Policy.
2. Information We Collect
2.1 Information You Provide Directly
- Account Registration: When you create an account, we collect information such as your name, email address, phone number, and password (which is securely hashed).
- Profile Information: Any additional information you choose to provide in your user profile.
- Communication: Messages, comments, and inquiries you send to us through contact forms or email.
- Feedback: Reviews, ratings, and feedback about our services.
2.2 Information Collected Automatically
- Device Information: Browser type, device model, operating system, IP address, and device identifiers.
- Usage Data: Pages visited, time spent on pages, click patterns, referring website, and navigation paths.
- Cookies & Tracking Technologies: We use cookies and similar technologies to track session activity and user preferences. These include:
- Authentication tokens for secure login sessions
- Session identifiers to maintain your login state
- Preference cookies for site personalization
- Log Data: Server logs containing access times, request types, and error messages.
2.3 Information from Third Parties
- Information from service providers who assist us with website operations, analytics, and communications.
- Publicly available information to verify account details or prevent fraud.
3. How We Use Your Information
We use the information we collect for the following purposes:
- Account Management: Creating and maintaining your user account and providing access to our services.
- Service Delivery: Processing requests, transactions, and providing customer support.
- Communication: Sending important notices, updates, and responding to your inquiries.
- Security: Detecting, investigating, and preventing fraudulent activities, security breaches, and other harmful conduct.
- Legal Compliance: Complying with legal obligations, court orders, and regulatory requirements.
- Improvement: Analyzing usage patterns to enhance website functionality and user experience.
- Marketing: Sending promotional materials (only with your consent where required by law).
- Session Management: Maintaining secure sessions with automatic timeout for security purposes (3-hour expiration).
4. Data Security Measures
We implement industry-standard security measures to protect your information:
- Encryption: Sensitive data is encrypted both in transit (HTTPS/TLS) and at rest using AES-256 encryption.
- Password Protection: Passwords are hashed using secure cryptographic algorithms and never stored in plain text.
- Authentication Tokens: Session authentication uses JWT (JSON Web Tokens) with HS256 algorithm and secure, HttpOnly cookies.
- Session Security:
- Sessions expire after 3 hours of inactivity
- Automatic session regeneration every 30 minutes
- Session fingerprinting to detect unauthorized access
- SameSite and Secure cookie attributes to prevent CSRF attacks
- Database Security: Database credentials are stored in encrypted environment files, not in version control.
- Access Control: Strict authentication and authorization protocols limit access to sensitive data.
- Regular Audits: We periodically review and update our security practices.
Note: While we implement robust security measures, no system is completely secure. We cannot guarantee absolute security of your information. You are responsible for maintaining the confidentiality of your account credentials.
5. Cookies and Tracking Technologies
We use cookies and similar tracking technologies to:
- Keep you logged in during your session
- Remember your preferences and settings
- Analyze site usage and performance
- Prevent unauthorized access and fraud
Types of Cookies:
- Essential Cookies: Required for site functionality (authentication, security, session management)
- Performance Cookies: Help us understand how visitors use the site
- Preference Cookies: Remember your choices for future visits
You can control cookies through your browser settings. Disabling essential cookies may limit site functionality.
6. Data Retention
We retain your personal information for as long as necessary to provide our services and fulfill the purposes outlined in this policy. Retention periods vary depending on the type of data:
- Account Data: Retained while your account is active and for 1 year after deletion for legal compliance
- Session Data: Automatically cleared when you logout or after 3 hours of inactivity
- Log Data: Retained for 90 days for security and troubleshooting purposes
- Communication Records: Retained for 2 years for record-keeping and dispute resolution
7. Sharing Your Information
We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:
- Service Providers: Third-party vendors who assist with website hosting, email delivery, and customer support, under strict confidentiality agreements.
- Legal Requirements: When required by law, court order, or government request.
- Business Transfer: In the event of a merger, acquisition, or sale of assets, with appropriate data protection measures.
- Your Consent: When you explicitly authorize us to share your information.
- Safety: To protect our rights, privacy, safety, or property, and that of our users.
8. Your Privacy Rights
Depending on your location, you may have the following rights regarding your personal information:
- Right to Access: Request access to the personal information we hold about you.
- Right to Correction: Request correction of inaccurate or incomplete information.
- Right to Deletion: Request deletion of your personal information (subject to legal obligations).
- Right to Portability: Request your data in a portable format for transfer to other services.
- Right to Withdraw Consent: Withdraw consent for marketing communications at any time.
- Right to Opt-Out: Opt out of non-essential cookies and tracking technologies.
To exercise these rights, please contact us using the information provided in Section 11.
9. Children's Privacy
Our website is not intended for children under the age of 13, and we do not knowingly collect personal information from children under 13. If we become aware that we have collected information from a child under 13, we will delete such information immediately. Parents or guardians who believe their child has provided information to our website should contact us immediately.
10. Third-Party Links
Our website may contain links to third-party websites. We are not responsible for the privacy practices of external websites. We encourage you to review the privacy policies of any third-party services before providing your information.
11. Contact Us
If you have questions about this Privacy Policy, wish to exercise your privacy rights, or have privacy concerns, please contact us:
12. Policy Updates
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by posting the updated policy on this page and updating the "Last Updated" date. Your continued use of the website following any changes constitutes your acceptance of the new Privacy Policy.
13. Compliance with Regulations
This Privacy Policy is designed to comply with:
- GDPR (General Data Protection Regulation) - for EU/EEA residents
- CCPA (California Consumer Privacy Act) - for California residents
- LGPD (Lei Geral de Proteção de Dados) - for Brazilian residents
- Other applicable international and local privacy laws
← Back to Home