← Back to home

Privacy Policy — Play Hard

Last updated: May 22, 2026 · GDPR-aligned & LGPD compliant

1. Commitment to Your Privacy

At Play Hard Studio ("Play Hard", "we", "us", "our"), we are obsessed with crafting software that feels premium, and we carry that exact same obsession over to how we secure and protect your data. This Privacy Policy outlines how we collect, store, process, and protect your personal information when you visit our website, submit our contact/briefing forms, or use our secure Client Portal.

By interacting with our site or portal, you agree to the terms of this Privacy Policy. If you do not agree, please refrain from using our services.

2. Data We Collect

We only collect the absolute minimum amount of data required to deliver world-class software engineering and digital products:

  • Commercial Leads (Contact Form): Name, email, company name, budget range, digital product requirements, and your message/briefing.
  • Client Portal Profiles: Company name, CNPJ or CPF (Brazilian tax IDs), owner's name, email, phone number, encrypted login passwords, and billing information.
  • Payment Transactions (Asaas Gateway): Billing and payment information processed directly inside the secure sandbox environment of our payment partner, Asaas. Play Hard does not store credit card numbers on its local servers.
  • Server Telemetry & Logs: IP addresses, browser types, operating systems, and basic telemetry data to maintain the performance and security of our VPS infrastructure.

3. Purposes of Data Processing

We process your personal data under legitimate legal frameworks (specifically: contract execution, pre-contractual negotiations, legitimate interest, and compliance with statutory obligations):

  • Project Estimation & Quotes: Reviewing your product briefs to compile custom commercial proposals and cost breakdowns.
  • Client Portal Access: Enabling you to monitor your software lifecycle, check active milestones, inspect Lighthouse audits, and open support tickets.
  • Billing & Invoices: Generating invoices and processing Pix/credit card payments securely via our Asaas API integration.
  • Technical Support: Managing, tracking, and resolving technical maintenance tickets created on your dashboard.

4. Sharing Data with Third Parties

Play Hard does not sell, rent, or trade your personal information under any circumstances. We only share information with trusted infrastructure providers that are essential to operate our products:

  • Supabase / Hostinger VPS: Our secure cloud server cluster, active PostgreSQL database, and authorization endpoint.
  • Asaas Payment Gateway: Our financial processing gateway for automated invoicing and billing settlement.
  • Hospedagem & Deploy (Vercel, Netlify, Nginx): For active hosting, server configurations, and live deployment previews of your builds.

5. Your Rights as a Data Subject

Depending on your jurisdiction (such as GDPR in Europe or LGPD in Brazil), you have full legal rights concerning your personal data. You may request the following at any time by contacting us at [email protected]:

  • Confirmation of whether we process your personal data.
  • Access to a full copy of the data we hold about you.
  • Correction of incomplete, outdated, or incorrect information.
  • Complete deletion of your personal data when it is no longer required for active contract execution or legal compliance.
  • Withdrawal of consent for non-essential marketing emails or notifications.

6. Information Security

We employ state-of-the-art digital security procedures to guard your information against unauthorized access, theft, loss, or disclosure:

  • Full encryption in transit (HTTPS/TLS) across all website connections, database calls, and active APIs.
  • Strict Row Level Security (RLS) policies on our PostgreSQL databases to ensure that logged-in users can only read/write their own records.
  • Hashed and salted user passwords handled secure-by-default by Supabase Auth protocols.
  • Highly restricted SSH key authentication to manage production servers, keeping unauthorized personnel entirely out of the operating systems.

7. Changes to This Policy

We may update this Privacy Policy from time to time to align with new features or legislation. If we make substantial changes, we will update the date shown at the top of this document.

8. Contact the Studio

If you have questions about this policy, or if you would like to assert your legal privacy rights, please reach out directly to our team:
Email: [email protected]