Privacy Policy

Last updated: May 2026

IAbrief takes privacy seriously. This policy describes how we collect, process, store, and share personal data of visitors to iabrief.com, in compliance with the European Union’s General Data Protection Regulation (GDPR) and Brazil’s General Data Protection Law (LGPD — Law 13.709/2018).

1. Data Controller

The data controller is IAbrief, operated by Vinicios Nogueira. For any data processing question, please contact us via the contact page with the subject “Privacy”.

2. Data We Collect

We collect different categories of data, always with declared purpose:

  • Browsing data: we automatically collect IP address (anonymized for analytics), browser type, operating system, pages visited, time on page, and referrer. This data is used via Google Analytics 4 with anonymized IP to understand how content is consumed.
  • Functional cookies: we store user preferences (chosen language, cookie consent, advertising consent state) via first-party cookies. These cookies are essential for basic site functionality.
  • Third-party cookies: services like Google AdSense, Google Analytics, Google Site Kit, and Cloudflare install cookies for ad personalization, audience measurement, and abuse protection. These cookies are managed under the respective providers’ policies.
  • Newsletter: if you opt to subscribe to our newsletter (when active), we collect your email address and stated preferences.
  • Comments and contact: when you email our channels, we process your name, email, and message content.

We do not collect sensitive data (health, political opinion, religion, sexual orientation) and do not request government IDs or documents.

3. Purpose of Processing

Collected data is used exclusively for:

  • Delivering requested content and keeping the site functional.
  • Personalizing experience (language, display preferences).
  • Measuring audience in aggregate to improve editorial content.
  • Displaying contextually relevant ads via Google AdSense.
  • Sending newsletter when you explicitly subscribe.
  • Responding to direct contacts (suggestions, corrections, partnerships).

We do not sell, rent, or share your data with third parties for marketing purposes.

4. Legal Basis (GDPR/LGPD)

  • Consent — newsletter, non-essential cookies, personalized ads.
  • Legitimate interest — aggregated analytics with anonymized IP, fraud security.
  • Contract execution — not applicable (no paid service).
  • Legal obligation — minimum legal log retention.

5. Your Rights

You have the right, at any time, to:

  • Confirm we process your data.
  • Access the data we hold about you.
  • Correct incomplete or outdated data.
  • Request anonymization, blocking, or deletion.
  • Request data portability.
  • Revoke previously given consent.
  • Object to processing based on legitimate interest.

To exercise any of these rights, write to our contact page with subject “Privacy — rights exercise”. We respond within 15 days.

6. Data Retention

  • Newsletter: kept while you remain subscribed; deleted within 30 days of unsubscribe.
  • Access logs: retained for 6 months for audit and security, then deleted.
  • Aggregated analytics: retained for 14 months (default GA4 setting).
  • Email communications: retained while conversation is active, max 24 months.

7. Sharing with Third Parties

We share data strictly with essential operational vendors:

  • Google (Analytics, AdSense, Site Kit) — all GDPR/LGPD-compliant via Standard Contractual Clauses.
  • Hostinger — hosting provider.
  • Cloudflare (when applicable) — protection and CDN.
  • Brevo (when newsletter active) — email marketing provider.

None of the providers are permitted to use your data for their own purposes beyond what IAbrief has contracted.

8. Cookies — Control

You can block or delete cookies via browser settings. For visitors from EEA/UK/Switzerland, we display a consent banner managed by Google’s Consent Management Platform (CMP). The choice can be reviewed at any time.

Blocking essential cookies may impair functionality like language switching and proper content display.

9. Security

The site is served exclusively via HTTPS (TLS 1.3). The server is hosted in an ISO 27001-certified datacenter. Admin passwords use the Application Password standard (16+ random characters). We do not store credit cards or payment data.

10. Children

IAbrief is not directed at children under 13. We do not intentionally collect data from minors. If you are a legal guardian and identified that your dependent provided data, contact us for immediate removal.

11. Changes to This Policy

We update this policy as the operation evolves or as required by law. The date at the top indicates the last revision. Substantial changes are communicated via home page notice for 30 days.

12. DPO/Privacy Officer Contact

IAbrief, being an independent small-scale publication, doesn’t have a formal DPO but designates Vinicios Nogueira as the contact point for data protection questions. Contact via the contact page with subject “Privacy”.