Privacy Policy

Last Updated: March 10, 2026

The portal Meu Cartão Ideal establishes this Privacy Policy with the objective of reaffirming its commitment to security, transparency, and respect in the processing of its users’ data. This document details how data is processed, in strict compliance with the General Data Protection Law (Law No. 13,709/18 – LGPD) and Google’s global Publisher Policies guidelines.

1. TRANSPARENCY: WHO MANAGES THIS PORTAL?

1.1. Identification of the Controller: This news and financial education portal is owned by and the responsibility of the company SPUN MIDIA LTDA, registered under CNPJ No. 43,629.487/0001-89, with its administrative headquarters in Rio Grande do Sul, Brazil. For legal purposes, this company is the “Controller” of the collected data. 1.2. Communication Channel (DPO): In compliance with Art. 41 of the LGPD, we have appointed a Data Protection Officer (DPO) to serve as the communication link between the portal, the users, and the National Data Protection Authority (ANPD). Requests can be sent to: [email protected].

2. TARGET AUDIENCE AND AGE RESTRICTION

2.1. Scope: This Privacy Policy applies to all individuals who access any website, portal, or digital platform owned by SPUN MIDIA LTDA or companies belonging to its holding and economic group. 2.2. Exclusivity for Adults: The financial education and news content on this portal is planned and intended exclusively for individuals over 18 (eighteen) years old. 2.3. Protection of Minors: We do not intentionally collect or solicit data from children or adolescents. If the system identifies the registration of a minor, all associated data will be summarily deleted from our databases, without prior notice, to ensure the best interest of the minor in accordance with Art. 14 of the LGPD.

3. DATA CATEGORIES AND PURPOSES OF PROCESSING

We process only the data strictly necessary for the operation of the portal, divided as follows:

3.1. Personal Data Provided:

  • Data: Full name and email address.

  • Purpose: Registration in our broadcast list for sending newsletters, market alerts, educational materials, and email marketing in general.

  • Legal Basis: Free and Unambiguous Consent (Art. 7, I, LGPD).

3.2. Automatically Collected Data:

  • Data: IP address, browser used, operating system, pages accessed, time spent on the site, interactions with the website, cookie information, and online identifiers.

  • Purpose: Identification of access for cybersecurity purposes, prevention of fraudulent attacks, and compliance with legal obligations for log retention.

  • Legal Basis: Legal Obligation (Art. 15 of the Brazilian Internet Civil Framework) and Fraud Prevention (Art. 11, II, ‘g’ of the LGPD).

3.3. Navigation and Profiling Data (Cookies):

  • Data: Page view history, interaction with banners, and time spent on the website.

  • Purpose: Statistical audience analysis and personalization of advertisements through interest-based targeting.

  • Legal Basis: Legitimate Interest (Art. 7, IX, LGPD).

4. ADVERTISING, GOOGLE ADS, AND THIRD PARTIES

To ensure our content remains free, we use third-party advertising technologies: 4.1. Third-Party Vendors: We inform you that Google, as an ad vendor, uses cookies to serve advertising on our portal based on the user’s prior visits. 4.2. Advertising Cookies: The use of these cookies allows Google and its partners to display relevant ads to you based on your interests and browsing history. 4.3. User Control: You have the right to opt out of personalized advertising. To do so, simply access Google’s Ad Settings.

5. DATA SHARING WITH THIRD PARTIES AND EMPLOYEES

5.1. Employees and Staff: Access to your information is restricted to employees and staff of the Controller who have a legitimate need for access to perform their technical and administrative duties. All our employees are subject to strict confidentiality clauses and data protection training. 5.2. Limitation of Use: We require all service providers to use the shared data exclusively for the execution of the purposes provided in this Policy, prohibiting its use for their own purposes or the sale of this information to third parties. 5.3. Legal Request: We reserve the right to share data with police, judicial, or administrative authorities if required to do so by law or by a specific judicial order.

6. RETENTION PERIOD AND DATA LIFE CYCLE

We respect the principle of necessity, keeping data only for the time required: 6.1. Personal Data: Name and email remain in our active database as long as the user’s interest in our content lasts. Disposal occurs after an opt-out request, processed in the shortest possible timeframe. 6.2. Connection Logs: Strictly stored for at least 06 (six) months, in accordance with the Brazilian Internet Civil Framework. 6.3. Tracking Data: Cookies have variable validity, which can be up to 24 months. 6.4. Exceptional Maintenance: We may retain information beyond the aforementioned periods only to comply with legal obligations, judicial orders, or for defense in administrative proceedings.

7. INTERNATIONAL TRANSFER AND SECURITY

7.1. Global Infrastructure: As we use international cloud services and analytics tools (such as Google servers), your personal data may be processed outside Brazilian territory. We guarantee that these providers follow international security and privacy standards. 7.2. Security Protocols: We implement robust technical measures, such as the use of HTTPS (SSL/TLS) protocol with high-layer encryption, to ensure that communications between your device and our server remain private and secure.

8. DISCLAIMER AND AFFILIATE LINKS

8.1. External Navigation: Our portal is educational and informative. By clicking on links to banks or financial institutions, you will be redirected to external websites. 8.2. Limitation of Liability: We have no control over the privacy practices of third-party websites. From the moment the user leaves our domain, responsibility for the processing of their data belongs exclusively to the destination website. We recommend that you always be mindful of the Privacy Policies of the websites you visit.

9. RIGHTS OF THE DATA SUBJECT

In compliance with Art. 18 of the LGPD, the user (or their legal representative) has the following rights:

  • Confirmation and Access: Knowing what data we process and requesting a copy of it.

  • Correction: Requesting the update of incomplete or incorrect information.

  • Deletion: Requesting the erasure of data collected under your consent.

  • Revocation: Canceling the authorization for sending email marketing at any time.

To exercise any of these rights, please use our DPO’s official channel: [email protected]. To revoke consent, you can directly use the opt-out option provided in the emails