Privacy Policy

This Privacy Policy explains how Heizen Tecnologia Ltda. (“Heizen”, “we”, “us”, or “our”) collects, uses, discloses, and protects personal information when you use our websites, products, and services (collectively, the “Services”). Heizen operates multiple brands including Fapptory(fapptory.me — courses, memberships, and digital products) and Onnie(onnie.ai — AI workspace platform). This Policy applies to all Services across all Heizen brands.

If you have questions, contact us at hq@fapptory.me.

1) Who we are

• Controller / Business: Heizen Tecnologia Ltda., Av. Brig. Faria Lima 1811, Office 1119 — ZIP 01452001, Brazil/São Paulo.
• Contact: hq@fapptory.me

Fapptory provides online courses, community memberships, digital products, and educational content. All Services are operated by Heizen Tecnologia Ltda.

2) Scope

This Policy applies to:

• Website visitors (e.g., marketing pages, blog, course catalog)
• Registered users who create accounts, enroll in courses, or subscribe to the newsletter
• Students accessing course content, video lessons, and related materials

This Policy does not cover third-party websites or services you may access through links in our Services.

3) Information we collect

We collect information in three main ways: (a) provided by you, (b) collected automatically, and (c) from third parties.

3.1 Information you provide

• Account and profile information: name, email address, authentication identifiers, and profile details.
• Course and enrollment data: enrollment information, course progress, lesson completion records, quiz responses, and preferences.
• Newsletter subscription: email address and confirmation status.
• Support communications: messages you send to support, feedback, and other communications.
• Billing information (if you are a paying customer): billing contact info and limited payment details. Payments are processed by our merchant of record (Paddle); we do not store full card details.

3.2 Information collected automatically

• Usage data: pages visited, courses viewed, video playback progress, feature usage, interaction events, performance metrics, logs, and diagnostic information.
• Device and technical data: IP address, browser type, device identifiers, operating system, language, and timestamps.
• Cookies and similar technologies: see Section 7.

3.3 Information from third parties

• Identity/auth providers (if you sign in via SSO/OAuth): basic profile details (e.g., email, name).
• Service providers supporting infrastructure, analytics, email delivery, video hosting, and security.

4) How we use information

We use information to:

• Provide and operate the Services (create accounts, authenticate users, deliver course content, stream video lessons, track progress, send notifications).
• Secure the Services (prevent fraud and abuse, monitor suspicious activity, enforce access controls).
• Improve and develop (debugging, product analytics, testing, and performance optimization).
• Communicate with you (service emails, security notices, newsletter, updates, and support responses).
• Manage billing and subscriptions (invoicing, plan enforcement, usage tracking, and payment processing).
• Comply with law (respond to lawful requests, enforce terms, resolve disputes).

Where required, we rely on appropriate legal bases (see Section 5).

5) Legal bases (EEA/UK and similar jurisdictions)

Where applicable, we process personal data under one or more of the following legal bases:

• Contract: to provide the Services you requested.
• Legitimate interests: to secure, improve, and operate our Services (balanced against your rights).
• Consent: for certain cookies/marketing communications where required.
• Legal obligation: to comply with applicable laws and lawful requests.

6) How we share information

We may share information:

6.1 With service providers (processors)

We use trusted vendors for hosting, databases, monitoring, email delivery, video streaming, analytics, customer support, and security. They may process personal data on our behalf under contractual obligations and confidentiality terms.

6.2 For legal and safety reasons

We may disclose information if we believe in good faith it is necessary to:

• comply with law or legal process,
• protect the security or integrity of the Services,
• prevent fraud, abuse, or illegal activity,
• protect our rights, property, or safety, or that of our users or the public.

6.3 Business transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, information may be transferred as part of that transaction, subject to appropriate safeguards.

7) Cookies and similar technologies

We use cookies and similar technologies (e.g., local storage, pixels) for:

• Essential: authentication, security, and core site functionality.
• Preferences: remembering settings (e.g., theme, language, video playback position).
• Analytics: understanding usage and improving performance.
• Marketing (optional): measuring campaigns and improving outreach (where applicable).

You can control cookies through your browser settings. If we offer a cookie banner, you can manage preferences there as well. Disabling certain cookies may affect functionality.

8) Data retention

We keep personal data only as long as necessary to:

• provide the Services,
• meet legal, accounting, or reporting obligations,
• resolve disputes and enforce agreements,
• maintain security and prevent abuse.

Retention periods vary depending on data type. Account holders may request deletion of their account and associated data. Some logs may be retained for security and auditing purposes.

9) Security

We use administrative, technical, and organizational measures designed to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

10) International transfers

We may process and store information in countries different from where you live. When transferring personal data internationally, we use appropriate safeguards such as contractual protections and, where applicable, standard contractual clauses.

11) Your rights and choices

Depending on your location, you may have rights to:

• Access your personal data
• Correct inaccurate or incomplete data
• Delete personal data (subject to exceptions)
• Object to processing or restrict processing
• Portability (receive a copy in a structured format)
• Withdraw consent where processing is based on consent

11.1 How to exercise your rights

Email us at legal@heizen.io. We may verify your identity and request additional information to process your request.

12) U.S. state privacy disclosures (CCPA/CPRA and similar)

If you are a resident of certain U.S. states, you may have additional rights, including the right to know, delete, correct, and opt out of certain processing.

• Sale/Sharing of personal information: We do not sell personal information as commonly defined by these laws.
• Targeted advertising: If we use targeted advertising, we will provide opt-out mechanisms where required.

To submit a request, contact legal@heizen.io.

13) Children's privacy

Our Services are not directed to children, and we do not knowingly collect personal information from children under the age required by applicable law (e.g., under 13 in the U.S.). If you believe a child has provided personal data, contact us to request deletion.

14) Email and communications

We may send:

• Service communications (account, security, billing, product updates)
• Course notifications (enrollment confirmations, new lesson alerts, progress updates)
• Newsletter (educational content, build logs, and platform updates — only with your opt-in consent)
• Marketing communications (only where permitted; you can opt out at any time)

To unsubscribe from marketing or the newsletter, use the link in the message or contact legal@heizen.io. You may still receive essential service communications.

15) Third-party links and integrations

The Services may include links to third-party websites or integrations. Your use of third-party services is governed by their own privacy policies. We are not responsible for third-party practices.

16) Changes to this Privacy Policy

We may update this Policy from time to time. If changes are material, we will provide notice as required (e.g., by posting the updated Policy and updating the “Last updated” date, or by sending a notification).

17) Contact us

• Privacy contact: hq@fapptory.me
• Company: Heizen Tecnologia Ltda. CNPJ: 47.624.793/0001-83
• Address: Av. Brig. Faria Lima 1811, Office 1119 — São Paulo — ZIP 01452001
• Country/State: Brazil/São Paulo