PRIVACY POLICY

1. Who We Are

AITEKS SOLUCOES EM TECNOLOGIA LTDA (CNPJ 57.420.480/0001-67), referred to as "Aiteks" or "we", is the data controller for personal information collected through the Upstream Tycoon platform and its associated products (Engineering Edition, Drilling Edition, CO2 Storage Edition).

2. Data We Collect

• Account data: name, email address, and password (stored as a bcrypt hash) provided at registration.
• Game progress data: simulation state (day, production, unlocked technologies, etc.), stored locally in your browser (localStorage) and, when enabled, synced to the cloud linked to your account.
• Usage data: game edition accessed, usage frequency, and scores submitted to the global leaderboard.
• Technical data: IP address, browser type, and operating system, collected automatically for security and diagnostic purposes.

3. How We Use Your Data

• Creating and managing your user account.
• Saving and restoring game progress across sessions and devices.
• Displaying rankings on the global leaderboard (username and score only).
• Improving the platform using anonymized usage data.
• Sending relevant product updates (only with your explicit consent).
• Complying with legal and regulatory obligations.

4. Legal Basis

Processing is based on the following grounds:

• Contract performance — to provide the platform services.
• Consent — for marketing communications.
• Legitimate interests — for security, diagnostics, and product improvement.
• Legal obligation — when required by applicable law (including Brazil's LGPD, Lei n. 13.709/2018).

5. Data Sharing

We do not sell, rent, or trade your personal data. We may share it only with:

• Infrastructure providers: hosting and database services used solely to operate the platform.
• Competent authorities: when required by court order or legal obligation.

6. Data Retention

We retain your data for as long as your account is active or as needed to fulfill the purposes described in this Policy. Account data is deleted within 30 days of a deletion request, unless a legal obligation requires otherwise.

7. Local Storage

Game progress is stored in your browser's localStorage under the key upstream-tycoon-save. This data resides exclusively on your device and is not transmitted without your consent. You can export, import, or delete it at any time via the in-game settings.

8. Security

We apply appropriate technical and organizational measures to protect your data against unauthorized access, loss, or disclosure — including password hashing (bcrypt), HTTPS connections, and role-based access controls.

9. Your Rights

Depending on your jurisdiction, you may have the right to:

• Confirm whether we process your personal data.
• Access the data we hold about you.
• Correct inaccurate or incomplete data.
• Request erasure or restriction of processing where permitted by law.
• Data portability.
• Withdraw consent at any time.
• Lodge a complaint with a supervisory authority (e.g., Brazil's ANPD).

To exercise any of these rights, contact us at the address in Section 13.

10. International Transfers

Data may be processed on servers outside Brazil. In such cases, we ensure an equivalent level of protection through appropriate contractual safeguards or adequacy decisions.

11. Minors

Our services are not directed at children under 13. If we identify data collected from a minor without parental consent, we will delete it promptly.

12. Updates to This Policy

We may update this Policy periodically. Registered users will be notified of material changes by email or an in-platform notice. Continued use after the revised Policy is published constitutes acceptance of the changes.