Privacy Policy.

Last updated: April 18, 2026

This Privacy Policy describes how Patrick Godinho LTDA (referred to as "we", "us" or "the company") collects, uses, stores, shares and protects personal data of visitors to this website (patrickgodinho.com) and of individuals who contact us through the channels listed here.

We process personal data in accordance with the Brazilian General Data Protection Law (Lei Geral de Proteção de Dados Pessoais — Law 13.709/2018, "LGPD").

1. Data controller

2. What data we collect

We aim to collect the minimum data necessary. Specifically:

• Access logs: IP address, browser user-agent, pages accessed, date/time and HTTP referrer. Collected automatically by our infrastructure provider (Cloudflare) for security, abuse prevention and operational diagnostics.
• Contact data: when you send an email to contato@patrickgodinho.com or reach out via LinkedIn, we receive the data you choose to share (name, email address, message content, any attachments).
• Language preference: stored locally in your browser (via localStorage) so the site remembers your language choice. This is not transmitted to any server.

This website does not use marketing cookies, tracking pixels or web analytics at the time of this policy's last update. If we add such technologies in the future, we will update this policy and (where required) request your consent.

3. Purposes and legal bases

We process personal data for the following purposes, based on the legal grounds indicated:

• Responding to inquiries and evaluating potential commercial engagements — legal basis: execution of pre-contractual procedures at the data subject's request (LGPD art. 7, V) and legitimate interest (LGPD art. 7, IX).
• Site security and abuse prevention (rate limiting, blocking malicious traffic) — legal basis: legitimate interest (LGPD art. 7, IX).
• Compliance with legal obligations, including tax, accounting and regulatory duties — legal basis: compliance with legal or regulatory obligation (LGPD art. 7, II).

4. Sharing with third parties

We do not sell personal data. We share data with the following categories of operators (processors) who act on our behalf under contractual confidentiality obligations:

• Cloudflare, Inc. (USA) — website hosting, CDN, DNS, DDoS protection and logs. Privacy policy: cloudflare.com/privacypolicy.
• Google LLC (USA) — fonts served from Google Fonts (fonts.googleapis.com / fonts.gstatic.com). When your browser loads a page, it requests font files from Google, which may log your IP address. Privacy policy: policies.google.com/privacy.
• Email provider — when you send an email to us, the message is delivered through our email infrastructure (forwarded to the company's mailbox). Routing is handled by Cloudflare Email Routing.
• Competent authorities, when required by law, court order or regulatory request.

Future integrations. We intend to integrate with Meta Platforms (Facebook/Instagram/WhatsApp Business) to enable advertising and messaging channels. When these integrations are activated, we will update this policy to describe the data shared with Meta and the applicable legal bases. Meta's privacy policy: facebook.com/policy.php.

5. International data transfers

Some of our operators (notably Cloudflare and Google) have infrastructure and personnel outside Brazil. International transfers are carried out on the legal bases allowed by LGPD article 33, including contractual guarantees with the operators and legitimate interest, always with technical and organizational measures appropriate to the nature of the data.

6. Retention

We keep personal data only for as long as necessary for the purposes for which it was collected, observing applicable legal retention obligations (e.g., tax records up to 5 years; commercial correspondence as needed to evidence the relationship). Access logs are typically retained for up to 30 days at the infrastructure layer. Email correspondence is retained while it remains relevant to the commercial relationship or potential future engagement.

7. Your rights

Under LGPD article 18, you have the right to request, at any time:

• Confirmation of the existence of processing
• Access to your data
• Correction of incomplete, inaccurate or outdated data
• Anonymization, blocking or deletion of unnecessary, excessive or unlawfully processed data
• Data portability to another service or product provider
• Deletion of data processed under your consent
• Information about public and private entities with which we have shared your data
• Information about the possibility of not providing consent and the consequences
• Revocation of consent

To exercise any of these rights, email contato@patrickgodinho.com. We will respond within the period set by law (15 days, extendable under LGPD).

8. Security

We apply technical and administrative measures reasonably expected for a business of our size and risk profile: TLS encryption in transit (HTTPS enforced on all pages), access controls, least-privilege principles, rate limiting and DDoS protection at the edge (Cloudflare). No system can guarantee absolute security; we commit to notifying affected data subjects and the Brazilian Data Protection Authority (ANPD) in the event of a data breach likely to cause relevant risk or harm, as required by LGPD article 48.

9. Children and adolescents

This website is not directed to children or adolescents. We do not knowingly collect data from minors. If you believe we have inadvertently collected data from a minor, please contact us so we can delete it.

10. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be indicated by updating the "Last updated" date at the top of this page. We recommend reviewing this page periodically.

11. Contact

Questions, requests and complaints related to privacy and personal data:

You also have the right to file a complaint with the Brazilian National Data Protection Authority (ANPD): gov.br/anpd.