🥋
Samurai App
🚀 Start Now

Privacy Policy

Samurai BJJ — http://app.samuraibjj.com

Effective date: 27th October 2025

Last updated: 27th October 2025

This Privacy Policy explains how Samurai Jiu-Jitsu Ltda (“we”, “us”, “our”) collects, uses, shares, and protects personal data when you use Samurai BJJ (the “Service”). We comply with Brazil’s LGPD (Lei nº 13.709/2018) and, where applicable, other privacy laws such as GDPR and CCPA/CPRA.

1) Data Controller & DPO

Controller: Samurai Jiu-Jitsu Ltda, CNPJ 57.590.954/0001-19, Av. Mario Theophilo Guerra, São Pedro da Aldeira - RJ, Brazil

Data Protection Officer (DPO): [email protected]

2) Personal Data We Process

We may collect the following categories:

  • Account & Profile: name, username, email, phone (optional), academy/Organization, role, photo/avatar, password hash, language, preferences.
  • Usage & Device: device type, OS, browser, IP address, app version, timezone, log files, analytics events, crash reports, cookies and similar technologies.
  • Activity & Progress: attendance records, streaks, points/XP, badges, leaderboard positions, challenges completed, training modules viewed.
  • Payment & Billing (for payers/admins): plan, billing contact, partial payment details (tokenized by our processor), invoices, transaction history, tax IDs.
  • Support & Communications: messages, tickets, feedback, survey responses.
  • Media/Content (optional): images, videos, comments you upload.
  • Academy/Organization data: roster assignments, class schedules, coach notes (if used), and other data the Organization or you input.

We do not intentionally collect sensitive personal data unless strictly necessary and lawful (e.g., guardian consent for minors). We do not require health data.

3) How We Obtain Data

  • Directly from you (account creation, settings, uploads, forms).
  • From your Organization (e.g., your academy adds you to the platform).
  • Automatically through cookies, SDKs, and analytics.
  • From processors (payment providers) and service partners (e.g., SSO, email delivery).

4) Purposes & Legal Bases (LGPD/GDPR)

We process data for:

  • Provide and operate the Service (contract performance).
  • Account management and customer support (contract; legitimate interest).
  • Billing, payments, and fraud prevention (contract; legal obligation; legitimate interest).
  • Product improvement, analytics, and security (legitimate interest).
  • Marketing communications (consent where required; legitimate interest with opt-out).
  • Legal compliance and enforcement (legal obligation; exercise of rights).

Where we rely on consent, you may withdraw it at any time through settings or by contacting us.

5) Cookies and Similar Technologies

We use cookies, local storage, and SDKs for authentication, preferences, analytics, and performance. You can manage cookies via browser settings. Some features may not function without essential cookies.

6) Sharing & International Transfers

We may share data with:

  • Service providers/processors: hosting (cloud), analytics, email, payments, customer support, logging/monitoring, security. They act under contracts consistent with LGPD/GDPR and only process data on our instructions.
  • Your Organization/admins: if your account is managed by an Organization, admins may access certain data (e.g., attendance, progress, rosters).
  • Legal and compliance: to comply with law, lawful requests, or to protect rights, safety, or security.
  • Business transfers: in a merger, acquisition, or asset sale, data may be transferred subject to safeguards.

International transfers: If data is transferred outside Brazil, we use appropriate safeguards (adequacy decisions, contractual clauses, or other LGPD-approved mechanisms).

7) Children & Adolescents

The Service is intended for users 13+. Where minors use the Service through an Organization (e.g., youth classes), the Organization is responsible for obtaining necessary consents and providing assurances under LGPD/child protection laws. Parents/guardians may contact us to review or delete a minor’s data.

8) Data Retention

We retain personal data for as long as needed to provide the Service and fulfill the purposes above, comply with legal obligations, resolve disputes, and enforce agreements. We anonymize or delete data when no longer required.

9) Security

We employ technical and organizational measures appropriate to the risk (encryption in transit, role-based access, logging/monitoring, backups). No system is 100% secure; please protect your credentials and notify us immediately of suspected unauthorized access.

10) Your Rights (LGPD/GDPR/CCPA)

Subject to legal limits, you may have the right to:

  • Confirm the existence of processing and access your data.
  • Correct inaccurate or incomplete data.
  • Portability of data to another provider.
  • Anonymization, blocking, or deletion of unnecessary or excessive data or data processed in non-compliance.
  • Information about shared use and the possibility to deny consent (and the consequences).
  • Withdraw consent at any time when processing is based on consent.
  • Object to processing based on legitimate interest, and request a review of automated decisions that affect your interests.
  • Delete personal data, subject to legal/contractual retention.

Brazil residents can exercise rights under the LGPD; EU/EEA residents under the GDPR; California residents under CCPA/CPRA (including opt-out from “sale”/“sharing” of personal information, as applicable). We do not sell personal information in the conventional sense.

How to exercise your rights: email [email protected]. We may need to verify your identity and, if applicable, confirm Organization authorization.

11) Organization Responsibilities

If you access the Service through an Organization, it acts as a controller for certain data it submits. We act as a processor for that data under our contract with the Organization. Direct requests to your Organization where appropriate; we will support them as required by law and our agreements.

12) Third-Party Links & Services

Our Service may link to third-party websites/services. Their privacy practices are governed by their own policies.

13) Changes to this Policy

We may update this Policy from time to time. Material changes will be notified (e.g., in-app or email). The “Last updated” date reflects the latest version.

14) Contact

Questions or privacy requests: [email protected]

Samurai Jiu-Jitsu Ltda — Av. Mario Theophilo Guerra, São Pedro da Aldeira - RJ, Brazil

CNPJ: 57.590.954/0001-19