Infusion.

Privacy Policy

Last updated: June 25, 2026

⚠️ Draft. This document is an initial template and should be reviewed by a lawyer, with the fields highlighted in yellow filled in before going public.

This Policy describes how Infusion collects, uses and protects your personal data, in line with Brazil's General Data Protection Law (Law 13.709/2018, LGPD). By joining our wishlist, you agree to the practices described here.

1. Who is the data controller

The party responsible for processing your data is [LEGAL ENTITY / Tax ID — to fill in], operator of the Infusion site. Contact for privacy matters: [contact e-mail — e.g., privacy@mitralab.io].

2. What data we collect

E-mail you provide when joining the wishlist.
Idea/description you optionally write in the form.
Display language and approximate country (derived by our infrastructure), used to understand the audience and improve the product.
Technical data (browser/device type) processed by our infrastructure for security and abuse prevention.

We do not store your IP address. It is used only transiently by the anti-bot service (Cloudflare Turnstile) at submission time and is not saved to our database.

3. Why we use the data

Notify you when your access to Infusion opens and share important news.
Understand interest and prioritize what to build.
Prevent spam, fraud and form abuse.

4. Legal basis

We process your e-mail based on your consent (art. 7, I of the LGPD), given when you sign up. Technical security data is processed based on legitimate interest (art. 7, IX) to keep the service safe. You may withdraw consent at any time (see item 7).

5. Who we share with

We do not sell your data. We use Cloudflare as an infrastructure processor (hosting, database and Turnstile anti-bot protection). Data may be processed on servers outside Brazil, with the safeguards required by the LGPD for international transfers.

6. Cookies and local storage

The site uses only essential local storage (to remember your chosen theme and language). We do not use advertising or analytics cookies, which is why we don't show a cookie banner.

Anti-bot protection (Cloudflare Turnstile). To prevent spam and bots on the wishlist form, we use Cloudflare Turnstile. To verify that you are a human, Cloudflare processes, at submission time, some technical data from your browser/device and interaction signals. Turnstile is privacy-focused — it does not use cross-site tracking cookies — and this processing follows the Cloudflare Turnstile Privacy Policy.

7. Your rights

At any time, you may request:

Confirmation that we process your data and access to it;
Correction of incomplete or outdated data;
Deletion of your data / withdrawal of consent;
Portability and information about sharing.

To exercise any right, write to [contact e-mail]. We will respond within the legal deadline.

8. How long we keep it

We keep your e-mail while you are on the wishlist. If the product is not launched, or you do not create an account, we remove your data within [24 months — adjust] of signup. You can request removal before that at any time.

9. Security

We adopt technical measures to protect your data, including encrypted connection (HTTPS), parameterized database queries and anti-bot protection on the form.

10. Changes to this policy

We may update this Policy from time to time. The date at the top shows the last revision. Significant changes will be communicated through available channels.