Privacy Policy
1. Introduction
This Privacy Policy (“Policy”) aims to inform data subjects who use the TONOTENIS application (“Application”) about how their personal data is collected, used, stored, shared, and protected.
This Policy has been prepared in accordance with Brazil's General Data Protection Law (LGPD — Law No. 13,709/2018), the Brazilian Internet Civil Framework (Law No. 12,965/2014), the Brazilian Consumer Protection Code (CDC — Law No. 8,078/1990), the Brazilian Child and Adolescent Statute (ECA — Law No. 8,069/1990), the Brazilian Digital Framework Law for Children and Adolescents (Law No. 15,211/2025), and other applicable legislation.
TONOTENIS is available for iOS and Android devices. This Policy applies equally to both versions.
This document was originally written in Brazilian Portuguese. In the event of translation into other languages, the Portuguese version shall prevail in case of discrepancy.
By using the Application, you acknowledge that you are aware of the terms of this Privacy Policy. The processing of your personal data is based on different legal bases depending on the nature of each activity, as detailed in Section 5.
For full identification of the party responsible for data processing, please refer to Section 2.
2. Data Controller Identification
The processing of personal data collected through TONOTENIS is the responsibility of:
- Controller: William Faria Siqueira, individual, registered under Brazilian individual taxpayer registry (CPF) No. 737.184.086-00
- Email for privacy matters: privacidade@tonotenis.com.br
- Email for general support: suporte@tonotenis.com.br
Data Protection Officer (DPO): pursuant to ANPD Resolution CD No. 2, dated January 27, 2022, the Controller qualifies as a small-scale processing agent and is therefore exempt from appointing a data protection officer. The Controller personally fulfills the DPO functions and can be contacted at privacidade@tonotenis.com.br.
3. Definitions
For a better understanding of this Policy, the following definitions apply:
| Term | Definition |
|---|---|
| Data Subject | A natural person to whom the personal data being processed refers (LGPD Art. 5, V) |
| User | An individual who uses the TONOTENIS application to record matches, track statistics, or manage playing venues |
| Personal Data | Information relating to an identified or identifiable natural person (LGPD Art. 5, I) |
| Sensitive Personal Data | Data concerning racial or ethnic origin, religious belief, political opinion, trade union membership, health or sex life data, genetic or biometric data (LGPD Art. 5, II) |
| Data Processing | Any operation carried out with personal data, including collection, storage, use, sharing, and deletion (LGPD Art. 5, X) |
| Controller | A natural or legal person responsible for decisions regarding the processing of personal data (LGPD Art. 5, VI). Identified in Section 2 |
| Processor | A natural or legal person who processes personal data on behalf of the Controller (LGPD Art. 5, VII) |
| Place | Clubs, academies, schools, condominiums, or groups where users play tennis or beach tennis |
| Place Manager | A User with granular administrative permissions over a Place, as detailed in Section 14 |
| ANPD | Brazil's National Data Protection Authority (ANPD), the federal public administration body responsible for overseeing, implementing, and enforcing compliance with the LGPD |
| Children and Adolescents | As defined by the ECA: a child is a person under 12 years of age; an adolescent is a person between 12 and 18 years of age |
4. Data Collected
4.1 Data Provided by the Data Subject
During registration and use of the Application, we collect the following data provided directly by the Data Subject:
| Category | Data | Purpose |
|---|---|---|
| Identification | Full name, nickname | Identification within the Application and display to other users |
| Authentication | Email, password (stored exclusively as a cryptographic hash, never in plain text) | Secure account access |
| Demographic Data | Gender, date of birth | Categorization in rankings and statistics by age group; minimum age verification |
| Location | Address (optional): postal code, city, state, country, latitude, longitude, geohash | Suggestion of nearby venues |
| Image | Profile photo (optional) | Profile personalization |
| Sport Preferences | Sports played (tennis, beach tennis) | Experience personalization |
| Playing Style | Forehand and backhand (right-handed, left-handed, ambidextrous) | Statistical profile information |
4.2 Data Generated Through Application Use
| Category | Data |
|---|---|
| Matches | Scores, set-by-set results, tiebreaks, match date, court type (clay, hard, grass), match format, participants, status (WO/retirement/completed) |
| Live Scores | Real-time scoring, teams/players, serve, match status, events, and free-text messages |
| Statistics | Wins/losses, head-to-head (H2H), performance by period, percentages |
| Rankings | Position, score, round participation, entry/exit requests |
| Who's Playing | Intended date, times, venue, sport, attendance intention |
| Birthdays | Day and month of birth, shared with members of the same Place |
| Place Messages | Notices and announcements sent by managers (categories: normal, urgent, critical) |
| Polls | Poll title, options, individual votes, vote visibility settings |
| Memberships | Place associations, join date, verification status |
| Ownership Transfer | Requests for ownership transfer of Places between managers |
4.3 Technical Data Collected Automatically
| Data | Service | Purpose |
|---|---|---|
| Device model, operating system, app version | Sentry | Crash diagnostics |
| Stack traces and error logs | Sentry | Bug fixing and stability monitoring |
| IDFA (iOS) / GAID (Android) | Google AdMob | Ad personalization (when consented) |
| Consent data (UMP) | Google AdMob | Ad privacy preference management |
| Authentication token (JWT) | Supabase Auth | Secure session maintenance |
| In-app navigation data | Internal | User experience improvement |
Note: the Application does not collect sensitive personal data as defined in Art. 5, II of the LGPD (racial origin, religious belief, political opinion, health data, sex life, genetic or biometric data).
Note regarding minors: For users identified as under 18 years of age, the following technical data is not collected: IDFA (iOS) / GAID (Android) and any advertising tracking data. Diagnostic monitoring (Sentry) is maintained exclusively with anonymized technical data, without personal identifiers.
5. Legal Bases for Data Processing
Pursuant to Art. 7 of the LGPD, personal data processing may only occur when based on one of the legal bases provided by law. The table below identifies the applicable legal basis for each processing activity:
| Processing Activity | Legal Basis | Legal Ground |
|---|---|---|
| Account and profile creation and maintenance | Performance of contract | Art. 7, V |
| Match recording, statistics, and rankings | Performance of contract | Art. 7, V |
| Live scores | Performance of contract | Art. 7, V |
| Place messages and polls | Performance of contract | Art. 7, V |
| Who's Playing | Performance of contract | Art. 7, V |
| Premium Subscription (status, dates, product) | Performance of contract | Art. 7, V |
| Sharing of birthdays (day/month) with members of the same Place | Legitimate interest | Art. 7, IX |
| Personalized advertising (AdMob) | Consent | Art. 7, I |
| ATT/IDFA tracking (iOS) | Consent | Art. 7, I |
| Crash diagnostics and bug fixing (Sentry) | Legitimate interest | Art. 7, IX |
| Service communications (operational notifications) | Performance of contract | Art. 7, V |
| Compliance with legal obligations (Internet Civil Framework, court orders) | Legal obligation | Art. 7, II |
| Processing of adolescent data (12–17 years) | Parental or legal guardian consent | Art. 14, §1 |
| Processing of children's data (< 12 years) | Not permitted — use prohibited | Art. 14 |
Withdrawal of consent: when the legal basis is consent, the Data Subject may withdraw it at any time, without prejudice to the lawfulness of processing carried out prior to withdrawal, pursuant to Art. 8, §5 of the LGPD. Withdrawal may be done through device settings (for ATT/tracking) or by contacting privacidade@tonotenis.com.br.
Legitimate interest: when invoked as a legal basis, the Controller ensures that processing is proportionate, minimized to what is necessary, and that the fundamental rights and freedoms of the Data Subject have been considered, pursuant to Art. 10 of the LGPD.
6. Purposes of Data Processing
Your personal data is processed for the following purposes:
6.1 Service Execution
- Creation and maintenance of user accounts
- Recording and tracking of matches (including various formats and set-by-set results)
- Calculation and display of statistics and head-to-head records (H2H)
- Management of rankings and competitions (positions, rounds, requests)
- Live scores (real-time scoring, events, messages)
- Who's Playing (scheduling of playing intentions)
- Place Messages (manager announcements to members)
- Place polls and surveys
- Display of birthdays (day/month) for members of the same Place
- Ownership transfer of Places between managers
- Communication between members of the same Place
6.2 Service Improvement
- Usage analysis for feature enhancement
- Bug fixes and technical issue resolution
- Development of new features
6.3 Communication
- Sending push notifications about matches, events, and Place announcements
- Communications about Application updates
- Responding to inquiries and providing user support
- Operational notifications (request outcomes, security alerts)
6.4 Advertising
- Display of ads via Google AdMob (banner, interstitial, rewarded interstitial)
- Ad personalization based on Data Subject consent (ATT/UMP)
6.5 Security and Fraud Prevention
- Detection of duplicate or fraudulent accounts
- Prevention of ranking and match manipulation
- Monitoring of abuse in live score and messaging features
7. Advertising and Tracking
7.1 Google AdMob
The Application displays ads provided by Google AdMob in the following formats:
- Banner: fixed ads in specific areas of the interface
- Interstitial: full-screen ads displayed during screen transitions
- Rewarded interstitial: full-screen ads with optional rewards
Google AdMob may collect device data (including advertising identifiers IDFA/GAID), ad interaction data, and technical device information. The processing of such data by Google is governed by the Google Privacy Policy.
The frequency of ad display is managed by the TONOTENIS server and may be adjusted without prior notice.
7.2 App Tracking Transparency (ATT) — iOS
On iOS devices, the Application requests tracking permission through Apple's App Tracking Transparency (ATT) framework. The Data Subject may:
- Allow tracking: ads may be personalized based on device data and behavior
- Deny tracking: ads will be contextual only (no personalization). Denying tracking has no functional impact on the use of the Application
7.3 Consent Management (UMP)
The Application uses Google's UMP (User Messaging Platform) framework to manage ad consent. The Data Subject's preferences are stored locally on the device and respected by Google AdMob.
7.4 Premium Subscription
The Premium Subscription removes all ads from the Application. Data aspects:
- Payment is processed exclusively by the App Store (Apple) or Play Store (Google)
- TONOTENIS does not have access to credit card data, bank account details, or payment methods
- TONOTENIS receives from the payment provider only: subscription status, start and renewal dates, and product identifier
- Transaction data is governed by Apple's and Google's privacy policies
7.5 Grace Period
Temporary ad-free periods may be granted to new users or in other situations determined by the Controller. Data stored: start date, end date, activation source, and offer status.
7.6 Minors and Advertising
Users under 18 years of age do not receive ads of any kind in the Application. This measure applies regardless of the ad type (banner, interstitial, or rewarded).
Additionally:
- Advertising identifiers (IDFA/GAID) are not collected from users under 18 years of age
- No data from minors is shared with Google AdMob or other advertising partners
- The UMP framework is not presented to users under 18 years of age
- This restriction complies with Law No. 15,211/2025 (Digital ECA), CONANDA Resolution No. 163, and the Apple App Store and Google Play Store policies
Note: users under 18 years of age who hold an active Premium Subscription at the time they reach the age of majority will transition to the standard ad experience if the subscription expires.
8. Data Sharing
8.1 With Other Users
Some data is visible to other Application users to enable its functionalities:
| Data | Who Can See | Context |
|---|---|---|
| Name/nickname | All members of the same Place | Rankings, matches, member lists |
| Profile photo | All members of the same Place | Rankings, match results, profile |
| Game statistics | Members of the same Place (managers with canSeeStats permission) | History and performance |
| Match results | Participants and Place members | Match tracking |
| Live scores | Place members during the match | Real-time tracking |
| Who's Playing | Members of the same Place and sport | Scheduling of intentions |
| Birthday (day/month) | Members of the same Place | Birthday display |
| Poll votes (if public) | Place members | Poll results |
8.2 With Third Parties
Your data may be shared with the following third parties:
| Third Party | Data Shared | Purpose | Country |
|---|---|---|---|
| Supabase (AWS infrastructure) | All stored data | Database, authentication, file storage | South America (São Paulo) |
| Sentry | Technical error data (device model, OS, stack traces) | Crash monitoring and bug fixing | USA |
| Google AdMob | Advertising identifier (IDFA/GAID), device data | Ad display and personalization | USA |
| App Store / Play Store | Subscription transaction data | Premium Subscription payment processing | USA |
| Competent authorities | As required by law or court order | Compliance with legal obligations | Brazil |
We do not sell, trade, or rent your personal data to third parties.
9. International Data Transfers
Personal data collected by TONOTENIS may be transferred to servers located outside Brazil, in accordance with Art. 33 of the LGPD:
- Supabase: infrastructure hosted on AWS, South America region (São Paulo)
- Sentry: servers in the United States of America
- Google AdMob: servers in the United States of America
International transfers are based on the following safeguards, pursuant to Art. 33 of the LGPD:
- Verification that international processors adopt security and data protection standards compatible with the LGPD
- Contractual clauses ensuring the protection of transferred data
- Assurance that data remains subject to the rights set forth in this Policy and the LGPD
10. Storage and Security
10.1 Storage Location
Data is stored on secure servers provided by Supabase (AWS infrastructure), in the South America region (São Paulo).
10.2 Security Measures
We implement the following technical and administrative measures to protect personal data:
- Encryption in transit: all communications use HTTPS/TLS
- Password encryption: passwords are stored exclusively as secure cryptographic hashes (never in plain text)
- Encryption at rest: data stored encrypted on AWS/Supabase servers
- Role-Based Access Control (RBAC): database access restricted by role
- Row Level Security (RLS): row-level security policies in PostgreSQL ensuring each user can only access data they are entitled to
- SECURITY DEFINER: database functions that execute controlled operations with defined privileges, preventing direct table access
- JWT Authentication: JSON Web Tokens via Supabase Auth for secure session maintenance
- Image storage: profile photos stored in Supabase Storage with access controls
- Continuous monitoring: security monitoring and alerts
- Regular backups: periodic data backups
10.3 Limitation
No system is completely invulnerable. While we adopt reasonable security measures, we cannot guarantee absolute protection against all types of threats. In the event of a security incident, we will follow the procedures described in Section 17.
11. Data Retention and Deletion
11.1 Retention Periods
| Situation | Period | Details |
|---|---|---|
| Active account | While active | All data maintained for service provision |
| Deletion requested (grace period) | 30 days | Soft delete: data preserved, deletion can be canceled by the Data Subject |
| Deletion completed (after grace period) | Up to 7 days | Personally identifiable data (name, email, photo, address) is anonymized |
| Match results | Indefinite | Maintained for ranking integrity, linked to an anonymous reference (e.g., “removed player”) |
| Rankings and competitive history | Indefinite | Maintained for statistical data integrity |
| Advertising data (AdMob) | Per Google's policy | Managed by Google AdMob |
| Error data (Sentry) | Approximately 90 days | Managed by Sentry per its retention policy |
| Polls and surveys | While the Place is active | Removed when the Place is deleted |
| Legal compliance | Per applicable legislation | Internet Civil Framework: access logs for 6 months (Art. 15) |
11.2 How to Request Deletion
The Data Subject may request account deletion in two ways:
- Through the Application: Settings > Account > Delete Account
- By email: sending a request to privacidade@tonotenis.com.br
11.3 Grace Period (Soft Delete)
Upon requesting deletion, the account enters a grace period of 30 days:
- During this period, the account is inactive (soft delete), but data is preserved
- The Data Subject may cancel the deletion and reactivate the account at any time during the grace period
- After the grace period expires, personally identifiable data is irreversibly anonymized
11.4 Blocking Conditions
Account deletion may be temporarily prevented if the Data Subject:
- Is the Owner of one or more Places — ownership must be transferred or the Place must be deleted first
- Has active live matches
- Has pending ownership transfers
11.5 Place Deletion
When a Place is deleted by its owner:
- Place-specific data (settings, memberships, messages, polls) is removed
- Match results may be retained for ranking integrity
- Members are notified of the deletion
11.6 Anonymization
After the grace period, anonymization consists of the removal of the following data: full name, email, profile photo, address, and other data that allows direct identification. Match results and statistical data remain linked to an anonymous reference.
12. Data Subject Rights
In accordance with the LGPD, the Data Subject has the following rights:
| Right | Description | LGPD Legal Ground |
|---|---|---|
| Confirmation and access | Know whether we process your data and access it | Art. 18, I and II |
| Correction | Correct incomplete, inaccurate, or outdated data | Art. 18, III |
| Anonymization, blocking, or deletion | Request anonymization or deletion of unnecessary, excessive, or non-compliant data | Art. 18, IV |
| Portability | Receive your data in a structured format (JSON) for transfer to another provider, upon request to privacidade@tonotenis.com.br | Art. 18, V |
| Deletion of consent-based data | Request deletion of data processed based on consent | Art. 18, VI |
| Information about sharing | Know which public and private entities your data has been shared with | Art. 18, VII |
| Information about non-consent | Be informed about the possibility of not providing consent and the consequences | Art. 18, VIII |
| Withdrawal of consent | Withdraw consent at any time | Art. 18, IX |
| Review of automated decisions | Request review of decisions made solely based on automated processing (relevant for ranking calculations) | Art. 20 |
| Objection | Object to processing in certain situations | Art. 18, §2 |
| Petition to ANPD | File a complaint with the National Data Protection Authority | Art. 18, §1 |
12.1 How to Exercise Your Rights
To exercise any of these rights, the Data Subject may:
- Through the Application: access Settings > Account > My Data
- By email: send a request to privacidade@tonotenis.com.br
We will respond to requests within 15 business days, pursuant to Art. 19, II of the LGPD.
12.2 Ad Consent Management
Consent for advertising tracking can be managed via:
- iOS: Settings > Privacy & Security > Tracking (for ATT)
- Android: Settings > Google > Ads (for GAID)
- In the Application: UMP form presented when applicable
13. Use by Minors
13.1 Minimum Age
The minimum age for using TONOTENIS is 12 (twelve) years.
13.2 Age Group Classification
| Age Group | Classification | Rule |
|---|---|---|
| Under 12 years | Child (ECA, Art. 2) | Use not permitted. The Application is not intended for children (LGPD Art. 14) |
| 12 to 17 years | Adolescent (ECA, Art. 2) | Use permitted with consent from at least one parent or legal guardian (LGPD Art. 14, §1) |
| 18 years or older | Adult | Full capacity to use the Application |
13.3 Age Verification
The date of birth provided during registration is used for automatic age verification. The Application uses a neutral date-of-birth entry screen (free-format, without pre-filled values), in compliance with Google Play Store and Apple App Store guidelines.
Pursuant to Law No. 15,211/2025 (Digital ECA), the Controller commits to implementing age verification mechanisms that go beyond simple self-declaration, in accordance with available technologies and applicable supplementary regulations.
13.4 Parental Consent for Adolescents (12 to 17 years)
When registration indicates that the Data Subject is between 12 and 17 years of age, the following process applies:
- Registration is paused and the legal guardian's email is requested
- The legal guardian receives an email containing:
- A clear description of the personal data that will be collected from the adolescent
- How the data will be used
- Which third parties will have access to the data
- A link to the full Privacy Policy
- A link or code to provide consent
- The legal guardian provides consent through the received link/code
- Consent is recorded with: guardian identification, date and time, linked minor's account, and the Policy version in effect
The collection of the legal guardian's email for contact purposes is permitted without prior consent, pursuant to Art. 14, §3 of the LGPD.
13.5 Restrictions for Minor Accounts
The following restrictions apply to all users under 18 years of age:
- No advertising: no ads are displayed (banner, interstitial, or rewarded)
- No advertising tracking: IDFA (iOS) and GAID (Android) identifiers are not collected
- No behavioral analysis: no data is used for profiling or behavioral analysis
- Data minimization: only data strictly necessary for sports functionalities is collected, pursuant to Art. 14, §4 of the LGPD
- Anonymized diagnostics: diagnostic data (Sentry) is maintained without personal identifiers
- Maximum protection settings by default: minor accounts are created with the most restrictive privacy settings enabled by default
13.6 Legal Guardian Rights
The legal guardian of a minor has the following rights:
- Access: view the minor's personal data at any time
- Correction: request correction of incomplete or inaccurate data
- Deletion: request deletion of the minor's account and data
- Withdrawal of consent: withdraw consent at any time, which will result in deactivation of the minor's account
- Account management: manage the minor's account privacy settings
To exercise these rights: privacidade@tonotenis.com.br
13.7 Compliance with the Digital ECA (Law No. 15,211/2025)
In compliance with Law No. 15,211/2025, which comes into effect on March 17, 2026, TONOTENIS commits to:
- Implementing effective and reliable age verification, not limited to self-declaration
- Conducting a Data Protection Impact Assessment (RIPD/DPIA) for the processing of children's and adolescents' data
- Applying maximum protection settings by default for minor accounts
- Not offering paid loot boxes or pay-to-win mechanics accessible to minors
- Providing parental supervision tools
14. Place Managers
14.1 Manager Responsibilities
If you are a Place manager (club, academy, school), you are responsible for:
- Ensuring that members are aware of the use of their data in the context of the Place
- Using member data only for the purposes of the Application
- Not sharing member information outside the context of the Application
- Respecting member privacy when using management functionalities
14.2 Permissions and Accessible Data
The TONOTENIS permissions system is granular. The Place Owner assigns individual permissions to each manager. There are no fixed roles (such as “Administrator” or “Moderator”) — each manager receives only the permissions they need.
| Permission | Accessible Data |
|---|---|
canManageMemberships | Name, nickname, photo, Place join date, membership status |
canSeeStats | Member game statistics and performance |
canAddRankings | Member participation and positions in rankings |
canManageLiveMatches | Live match data (scores, events, messages) |
canManageMessages | Place messages and announcements |
canManagePolls | Polls, options, and votes (when public) |
canEditData | Place registration data (name, logo, settings) |
canManageManagers | List and permissions of other managers |
canAddTournaments | Tournament and competition data |
canManageSettings | Place operational settings |
isOwner | All of the above + ownership transfer + Place deletion |
14.3 Misuse
TONOTENIS may revoke management permissions or suspend the accounts of managers who use member data improperly, abusively, or in violation of this Policy.
15. Cookies and Similar Technologies
TONOTENIS, being a native mobile application, does not use traditional browser cookies. However, we use:
- Local storage (SharedPreferences/UserDefaults): to maintain user preferences and Application settings
- Authentication tokens (JWT): to securely maintain your session
- Ad consent data: local storage of UMP consent preferences for ad management
- Settings cache: temporary local storage of Application settings for improved performance
16. Push Notifications
16.1 Token Collection
For push notification delivery, the Application collects a device token provided by the operating system's notification service (APNs for iOS, FCM for Android). This token is a technical device identifier and does not provide access to personal data.
16.2 Notification Types
The Application may send push notifications in the following categories:
- Matches: confirmations, results, live score invitations
- Rankings: position updates, new rounds
- Place: manager messages, poll results
- Account: security alerts, operational notifications
- Updates: information about new features
16.3 Data Subject Control
The Data Subject may disable push notifications at any time through device settings:
- iOS: Settings > Notifications > TONOTENIS
- Android: Settings > Apps > TONOTENIS > Notifications
The Application displays the current notification permission status on the Settings screen, with guidance on how to enable or disable them in the device settings.
Disabling notifications does not affect the Application's functionality, but may result in not receiving important alerts.
17. Security Incidents
Pursuant to Art. 48 of the LGPD, in the event of a security incident that may pose a risk or relevant harm to Data Subjects, the Controller will take the following measures:
17.1 Notification to the ANPD
The Controller will notify the ANPD within a reasonable time frame, as defined by the ANPD, reporting:
- A description of the nature of the affected personal data
- Information about the affected Data Subjects
- An indication of the technical and security measures in place
- The risks related to the incident
- The measures taken to reverse or mitigate the effects of the incident
17.2 Notification to Data Subjects
Affected Data Subjects will be notified directly, through registered contact channels (email and/or in-app notification), about:
- The nature of the incident
- The data potentially affected
- Recommended protective measures
- Available support channels
17.3 Internal Record
The Controller will maintain an internal record of all security incidents, even those that do not pose a relevant risk to Data Subjects, in accordance with best practices and ANPD guidelines.
18. User Responsibilities
The user is responsible for:
- Keeping their access credentials confidential
- Providing truthful and up-to-date information
- Providing a truthful date of birth, as it is used for minimum age verification and birthday display
- Not sharing other users' data without authorization
- Reporting any unauthorized use of their account
- Reporting privacy violations by other users or managers to privacidade@tonotenis.com.br
- Legal guardians: ensuring that the consent provided for minors under their responsibility is valid and up to date, and notifying the Controller in case of withdrawal by emailing privacidade@tonotenis.com.br
19. Changes to This Policy
This Privacy Policy may be updated periodically to reflect changes in our practices, Application features, or legislation.
In the event of significant changes:
- We will notify Data Subjects through the Application and/or by email
- The “last updated” date will be modified
- We will keep previous versions available upon request
Consent renewal: in the event of substantial changes that affect consent-based data processing, we will request a new expression of consent from the Data Subject, pursuant to Art. 8, §6 of the LGPD.
20. Contact and Data Protection Officer
20.1 Contact Channels
| Subject | Channel |
|---|---|
| Privacy, personal data, Data Subject rights | privacidade@tonotenis.com.br |
| Technical support, features, general inquiries | suporte@tonotenis.com.br |
| In the Application | “More” menu > “About” > “Contact Us” |
20.2 Data Protection Officer (DPO)
As detailed in Section 2, the Controller fulfills the DPO functions pursuant to ANPD Resolution CD No. 2/2022.
20.3 ANPD
If the Data Subject believes that the processing of their personal data violates the LGPD, they may file a petition with the National Data Protection Authority:
- Website: gov.br/anpd
21. Final Provisions
- This Policy is governed by the laws of the Federative Republic of Brazil
- The court of the Data Subject's place of residence is elected as the jurisdiction for resolving any disputes, pursuant to the CDC
- Cases not covered herein shall be resolved in accordance with the LGPD, the Internet Civil Framework, and other applicable legislation
- This Policy has an effective date as indicated at the beginning of this document
- In the event of a merger, acquisition, corporate reorganization, or asset sale, personal data may be transferred to the successor, who shall be bound by the terms of this Policy. Data Subjects will be notified in advance of any change in the Controller
- In the event of a conflict between this Privacy Policy and the Terms of Use regarding the processing of personal data, the provisions of this Policy shall prevail
Version History
| Version | Date | Changes |
|---|---|---|
| 1.0 | 03/12/2025 | Initial version |
| 2.0 | [LAST UPDATE DATE] | Added sections on controller identification, advertising/tracking, user-generated content (UGC), and account/data deletion. Expanded legal bases, data sharing, international transfers, and data subject rights. Detailed use by minors (13+), place managers, and security incidents. Updated timezone to UTC. |
TONOTENIS
your games, your stats, your community.
Document prepared in accordance with Brazil's General Data Protection Law (LGPD — Law No. 13,709/2018), the Brazilian Internet Civil Framework (Law No. 12,965/2014), the Brazilian Consumer Protection Code (CDC — Law No. 8,078/1990), the Brazilian Child and Adolescent Statute (ECA — Law No. 8,069/1990), and the Brazilian Digital Framework Law for Children and Adolescents (Law No. 15,211/2025).