Privacy Policy

Effective Date: April 9, 2026
Last Updated: April 9, 2026

This Privacy Policy explains how Jewel Systems (“we,” “us,” or “our”), operating under the trade name Sophia Foundry, collects, uses, and protects your personal data when you use the Sophia Forge website and related online services (“Service”).

This policy complies with the Brazilian General Data Protection Law (Lei nº 13.709/2018 — LGPD) and the Marco Civil da Internet (Lei nº 12.965/2014).

1. Data Controller

The data controller responsible for your personal data is:

Jewel Systems (Sophia Foundry)
Email: [email protected]

This is also the contact channel for exercising your data subject rights under the LGPD.

2. What Data We Collect

We collect the following personal data when you create an account:

  • Name — to identify you within the Service
  • Email address — for account authentication, communications, and account recovery
  • Date of birth — to verify that you meet the minimum age requirement (18 years)

We may also collect limited technical data such as IP addresses and access logs for security and legal compliance purposes.

We do not collect sensitive personal data as defined by the LGPD (such as data related to race, religion, health, sexual orientation, political opinion, or biometric data).

3. How We Use Your Data

We use your personal data for the following purposes:

  • Account creation and authentication — to allow you to register, log in, and manage your account
  • Age verification — to verify compliance with our minimum age requirement and applicable law
  • Service-related communications — to send you essential notices about your account, security alerts, and updates to our Terms of Service
  • Non-essential communications — to send product updates or newsletters, which you may opt out of at any time

We do not use your data for profiling, targeted advertising, or any automated decision-making.

4. Legal Basis for Processing

Under the LGPD, we process your personal data based on the following legal grounds:

  • Consent (Art. 7, I) — provided at the time of account registration
  • Performance of a contract (Art. 7, V) — necessary to provide the Service as described in our Terms of Service
  • Legitimate interest (Art. 7, IX) — for maintaining the security and integrity of the Service
  • Legal obligation (Art. 7, II) — to comply with applicable laws, including age verification requirements

You may withdraw your consent at any time by deleting your account or contacting us. Withdrawal of consent does not affect the lawfulness of processing carried out prior to withdrawal.

5. Data Storage and Security

Your personal data is stored in a database hosted by a cloud provider located in the South America (São Paulo) region.

We implement reasonable technical and organizational measures to protect your data against unauthorized access, alteration, disclosure, or destruction. However, no method of electronic storage is 100% secure, and we cannot guarantee absolute security.

6. Data Retention

We retain your personal data for as long as your account is active.

When you delete your account, we perform a full purge of your personal data. We do not retain personal data after account deletion, except where required by law (such as records required under the Marco Civil da Internet, which mandates retention of application access logs for six months).

7. Data Sharing

We do not sell, rent, or share your personal data with third parties.

In the future, we may use third-party service providers for specific functions (such as email delivery or payment processing). If we do, we will update this Privacy Policy to reflect those changes. Any third-party providers will only receive the minimum data necessary to perform their function and will be contractually bound to protect your data.

We may disclose your data if required by law, court order, or government request.

8. International Data Transfers

Your data is currently stored in Brazil. If in the future we use service providers located outside of Brazil (for example, for email delivery), we will ensure that appropriate safeguards are in place as required by the LGPD, including contractual clauses or other legally recognized transfer mechanisms.

9. Cookies and Tracking

We use essential cookies solely for authentication purposes. These cookies are necessary for the Service to function and allow you to stay logged in. They are httpOnly cookies, meaning they cannot be accessed by client-side scripts, which helps protect against cross-site scripting (XSS) attacks.

We use the following cookies:

  • access_token — a short-lived authentication token (expires after 15 minutes). Used to verify your identity on each request.
  • refresh_token — a longer-lived token (expires after 7 days). Used to issue a new access token when the current one expires, so you don't have to log in repeatedly.

We do not use cookies for analytics, tracking, advertising, or any purpose other than authentication.

Because these cookies are strictly necessary for the operation of the Service, they do not require your consent under the LGPD. However, we inform you of their use for transparency.

10. Your Rights

Under the LGPD (Art. 18), you have the following rights regarding your personal data:

  • Confirmation — confirm whether we process your personal data
  • Access — request a copy of the personal data we hold about you
  • Correction — request correction of incomplete, inaccurate, or outdated data
  • Anonymization, blocking, or deletion — request anonymization, blocking, or deletion of unnecessary or excessive data, or data processed in violation of the LGPD
  • Portability — request the transfer of your data to another service provider
  • Deletion — request deletion of data processed with your consent
  • Information on sharing — request information about which third parties, if any, have access to your data
  • Consent withdrawal — withdraw your consent at any time
  • Opposition — object to data processing that does not comply with the LGPD

To exercise any of these rights, contact us at [email protected]. We will respond to your request within the timeframes required by applicable law.

11. Children and Adolescents

The Service is not directed at individuals under 18 years of age. We do not knowingly collect personal data from minors. If we become aware that we have collected data from a minor, we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the “Last Updated” date at the top of this page.

For material changes, we will make reasonable efforts to notify you in advance — for example, through an email, a notice on the website, or an announcement in our Discord server.

Your continued use of the Service after changes take effect constitutes your acceptance of the updated Privacy Policy.

13. Contact

If you have questions about this Privacy Policy or wish to exercise your data subject rights, contact us:

Jewel Systems (Sophia Foundry)
Email: [email protected]