Privacy / Website & studio
Website Privacy Notice
This notice explains how StraightForward Studios handles data on the website, in messages sent to the studio, and through the infrastructure required to keep everything available and secure. Product policies remain separate.
Last updated: July 16, 2026View legal center1. Scope and responsibility
While the SFWD Studios legal entity is being incorporated, website operations and processing decisions made directly by the studio are conducted under the SFWD Studios brand in São Paulo, Brazil. The legal company name, registration number, and other applicable business details will be added here after incorporation.
This notice covers the institutional website and messages sent to the studio. Applications and games have their own policies when the context requires it; Ultimate Truco’s policy is available separately.
2. What we handle today
The website application integrates no form, studio account, advertising, pixel, or analytics tool configured by the studio. If you choose to write by email, we receive the address you use, your name if provided, your message, and any attachments.
To deliver and protect the page, hosting, access, and security providers may process minimal technical data such as IP address, browser, device, request date and time, and security signals. We do not use this information for advertising, profiling, or behavioral tracking.
Your language preference and the version of the notice you dismissed are stored locally in your browser and are not sent to StraightForward Studios.
3. Purposes and legal grounds
We handle only what is necessary for specific purposes that fit the context.
- Legitimate interests, with minimization and a contextual assessment, to make the website available, protect it, and respond to and administer ordinary communications sent to the studio.
- Steps prior to a contract or performance of a contract when a message concerns a proposal, engagement, purchase, or support covered by a contractual relationship.
- Compliance with legal or regulatory obligations and the establishment, exercise, or defense of legal claims, including retention of specific records where necessary.
4. Providers and sharing
We do not sell personal data. Access is limited to providers required for hosting, access control, security, and email, or to authorities when a valid legal obligation applies.
OpenAI hosts the website and acts as processor for hosted data on the controller’s behalf under the ChatGPT Sites Data Processing Addendum. Network delivery and security infrastructure involve Cloudflare. Google/Gmail participates only when you send a message to the published address. Each provider’s role depends on the operation and the applicable contractual documentation.
5. International operations and transfers
Website hosting involves continuous processing of technical request data by OpenAI OpCo, LLC, in the United States and by authorized subprocessors. Transmission takes place online with each visit and may generate technical logs and cookies. The purpose is to host, maintain, support, control access to, and protect the page. Processing lasts while the website is published and for the period afterward required for support and deletion under the ChatGPT Sites DPA.
Cloudflare infrastructure may route or process IP addresses, security signals, and the __cf_bm cookie outside Brazil according to network routing, for delivery and automated-traffic protection. Google/Gmail may process an address, name, message content, and attachments in international infrastructure, including the United States, only when you choose to send an email, to receive, store, and reply for the period described in the retention section.
Additional countries, subprocessors, and the valid mechanism for each operation under Brazil’s LGPD depend on routing and the applicable contractual documentation. Documentary mapping is being completed before the website opens publicly, so we do not claim a specific mechanism without evidence. Upon request, we will provide available information and clauses, subject to commercial and industrial confidentiality.
- The controller determines purposes, minimizes collection, and responds to data-subject requests; OpenAI acts as processor for hosted data under the DPA.
- Measures include minimization, HTTPS connections, access controls, and the confidentiality, security, and assistance obligations described in provider documentation.
6. Retention
Local preferences remain in the browser until you clear them or until a new version replaces them. Messages are kept while needed to reply and follow up; after that, they are deleted or retained only where a legal obligation, contractual relationship, or the establishment, exercise, or defense of legal claims justifies the record.
We do not maintain our own browsing database. Necessary technical records may be retained by providers for the operational and security periods defined in their services.
7. Your rights
Under Brazil’s LGPD, you may request confirmation and access, correction, information about sharing, anonymization, blocking or deletion where applicable, portability within regulatory limits, objection, and review of automated decisions. We currently make no automated decisions about website visitors.
To exercise a right or ask a question, email contact@sfwdstudios.com. We may request the minimum information needed to verify identity and avoid disclosing data to the wrong person. If a request to the controller is not resolved, you may also petition Brazil’s National Data Protection Authority, without limiting other channels available by law.
8. Security, children, and changes
We apply measures proportionate to the size and nature of the website, including data minimization, secure connections, and specialized providers. No system is infallible, but we work to reduce risk by design.
The website is not designed to intentionally collect data from children. Material changes to this notice will be published here with a new update date and, when necessary, additional prominence.
