Legal
How OwLira collects, uses, and protects your data.
Last updated:
OwLira ("we") respects the privacy of readers, guardians, educators, and partners. This policy explains how we process personal data in compliance with the GDPR (EU 2016/679), LGPD (Brazil Law 13.709/2018), and COPPA for children.
We collect only the minimum required to operate the portal and respond to requests:
Email and name when you subscribe to the newsletter, request catechesis samples, or submit a partnership form.
Institutional contact data (school, parish, role, country) in B2B forms.
Non-personal technical data via Plausible Analytics (page view, referrer, country, device) when you consent to analytics.
Anonymous error telemetry via Sentry to keep the portal stable.
Send requested communications (newsletter, samples, form replies).
Process commercial leads for partners, schools, and parishes.
Improve content and experience based on aggregated metrics.
Comply with legal, regulatory, and contractual obligations.
Explicit consent for newsletters and marketing.
Contract execution or pre-contract steps for B2B leads you initiated.
Legitimate interest for fraud prevention, security, and aggregated analytics without personal identification.
Legal obligation when required by a competent authority.
You may exercise the following rights under GDPR and LGPD at any time:
Access to the data we hold about you.
Rectification of incomplete or inaccurate data.
Anonymisation, blocking, or deletion of unnecessary data.
Portability of data to another provider.
Withdrawal of consent and deletion of data processed on that basis.
Information about how data is shared and used.
To exercise any right, email contact@owlira.com. We respond within 15 business days.
We do not sell personal data. We only share with essential processors bound by protection agreements:
Resend or Brevo for transactional email.
Google Cloud / Firebase for hosting and storage.
Sentry for error monitoring.
Plausible Analytics (only with analytics consent) for anonymous metrics.
Newsletter email: until you request unsubscription.
B2B leads: up to 24 months after the last contact unless a contract requires longer.
Technical logs: 6 months, encrypted at rest and in transit.
Generic contact data: 12 months after reply.
We run on Google Cloud / Firebase. Cloud Functions execute in the southamerica-east1 region (São Paulo, Brazil); sub-systems may process data in EU or US datacenters.
Cross-border transfers follow the GDPR Standard Contractual Clauses and LGPD art. 33 safeguards.
All portal forms are intended for adult guardians.
We do not knowingly collect data from children under 13. If you spot such a sign-up, email contact@owlira.com and we will remove it within 48 hours.
We use TLS on every connection, Firebase Secrets for encrypted credentials, HSTS, CSP, X-Content-Type-Options headers, and least-privilege access in Cloud Functions.
Data Protection Officer: OwLira team - contact@owlira.com.
Postal address and Brazilian jurisdiction available upon request.
DPO / last updated: contact@owlira.com
