1. Who We Are
GenDome is a platform operated by SELVAGEN, the data controller for personal data processed by this service.
Contact for privacy matters: privacidade@selvagen.com.br
Last updated: technical draft, pending legal review
This Policy describes how GenDome, operated by SELVAGEN, collects, uses, stores and shares your personal data. It is aligned with Brazil's LGPD (Law 13.709/2018) and the EU GDPR.
GenDome is a platform operated by SELVAGEN, the data controller for personal data processed by this service.
Contact for privacy matters: privacidade@selvagen.com.br
We collect the following categories of data:
• Account data: email (required), name (optional), avatar image (optional), preferred language.
• Usage data: dome projects created, parameters used, exports performed, active plan, subscription history.
• Payment data: we do NOT store credit card data. Processing is handled entirely by Stripe. We only receive transaction confirmation and the last 4 digits of the card for invoice identification.
• Technical data: IP address, browser type, operating system, access timestamps (kept as security logs).
We use your data to:
• Operate the platform: authentication, save projects, export files. • Process payments via Stripe. • Send operational communications (signup confirmation, invoices, material service changes). • Improve the product through aggregated and anonymised analysis. • Comply with legal and tax obligations. • Prevent fraud and ensure infrastructure security.
We process your data on the following legal bases:
• Contract performance: to provide the service you signed up for. • Consent: for marketing communications (explicit opt-in). • Legal obligation: invoice issuance, accounting retention. • Legitimate interest: fraud prevention, platform security, product improvement.
We share data only with operators strictly necessary to run the service:
• Supabase (database and authentication) — stores account and project data. • Stripe (payment processing) — receives email and transaction data. • Hosting provider (application delivery) — receives technical logs. • Transactional email provider — receives email and name to deliver operational messages.
We do NOT sell, rent or commercialise your personal data with third parties for marketing purposes.
We use the following cookie categories:
• Session (essential): keep you authenticated during use. • Preferences (essential): language, theme, UI settings.
At this time, we do NOT use third-party analytics or marketing cookies. If that changes, we will update this Policy and request consent where applicable.
We retain your data for the following periods:
• Account and project data: while the account is active + 30 days after closure, to allow reactivation. • Authentication and security logs: up to 12 months. • Tax data (invoices, payment receipts): for the minimum legal period (5 years under Brazilian law).
After these periods, data is permanently removed or anonymised.
As the data subject, you have the right to:
• Confirmation that your data is being processed. • Access to your data. • Correction of incomplete, inaccurate or outdated data. • Anonymisation, blocking or deletion of unnecessary or non-compliantly processed data. • Portability of data to another provider. • Deletion of data processed based on consent. • Withdrawal of consent. • Information about shared use of your data.
To exercise any of these rights, send a request to privacidade@selvagen.com.br. We respond within 15 business days.
We implement the following technical and organisational measures:
• Encryption in transit (HTTPS/TLS) on all communications. • Encryption at rest in the database (Supabase native feature). • Passwords stored only as hashes, never in plain text. • Database access controlled via Row Level Security (RLS). • Administrative access restricted by principle of least privilege.
No system is 100% secure. In the event of an incident affecting your data, we will notify you and the relevant authority within legal deadlines.
Parts of the infrastructure running GenDome (Supabase, Stripe, hosting) may be located outside Brazil.
In these cases, providers ensure an adequate level of protection under LGPD art. 33 via standard contractual clauses, international certifications (SOC 2, ISO 27001) or other recognised safeguards.
The service is intended for users aged 18 and over. We do not knowingly collect personal data from minors.
If we identify minor data collected without parental authorisation, we remove it immediately.
We may update this Policy periodically. Material changes will be communicated by email and via platform notice with at least 30 days notice.
The last-updated date is always shown at the top of this document.
For privacy questions and rights requests: privacidade@selvagen.com.br