Last updated: 2026-05-27

Privacy Policy

This Privacy Policy describes how Amazon Hacking, a CESUPA program, collects, uses and protects the personal data of users of this website and the popular voting system. Data processing strictly follows Brazil's General Data Protection Law (LGPD — Law 13,709/2018).

Data Controller: Centro Universitário do Estado do Pará (CESUPA) — [email protected]

3. Data collected during voting

To ensure the integrity of the popular vote, we collect additional data at the time of voting:

Phone number (for identity validation via digital channels)

IP address and approximate access region

Technical characteristics of the browser and device (user agent and endpoint technical identification data)

Automated integrity validation metadata (CAPTCHA systems and network risk analysis tools)

4. Purpose of processing

Data is collected exclusively to:

Authenticate the user and maintain an active session

Ensure electoral integrity (single vote per user)

Detect and prevent fraud, illicit automated access, or multiple artificial votes

Send the identity validation code

Generate anonymous site performance statistics

Monitor platform technical stability and security

5. Legal basis (LGPD)

Personal data processing is based on the following legal grounds under the LGPD:

Performance of a contract or preliminary procedures (Art. 7, V): for the creation, login, and maintenance of the user account by their own choice to participate in the event.

Legitimate interest (Art. 7, IX): for gathering operational metrics and audits to optimize platform experience and functionality.

Fraud prevention and data subject security (Art. 11, II, 'g'): applied to vote validation and digital environment integrity checks, aiming to curb electronic abuse and invalid votes.

6. Data retention

Data	Purpose	Retention
Technical session and network data	Security and Authentication	7 days
Technical validation token	Vote validation	5 minutes
Preference identifiers	Language and basic customization	13 months
Account data (name, email)	Identification	Until end of edition
Vote record and metadata	Electoral integrity	Until end of edition

7. Third-party sharing

Identity Provider (Google)

OAuth Authentication — receives user credentials directly to complete a secure login.

Security and Network Infrastructure Services

Protection against denial-of-service (DDoS) attacks, content delivery, and barriers against illicit automated access.

Network Risk Analysis Services

IP reputation verification and electronic connection integrity systems at the time of voting.

Messaging and Notification Tools

Systems responsible for sending identity verification codes via digital channels (WhatsApp and email).

Technical Monitoring Platforms

Internal and cookieless systems focused on analyzing general traffic statistics and diagnosing code failures in real time.

8. Cookies and local storage

`Language Preference`

Stores the visitor's choice of language. First-party cookie, valid for 13 months. Can be cleared in browser settings.

`Session Identifier`

Keeps the user securely authenticated after login. Features strict security attributes (HttpOnly, Secure, SameSite). Expires in 7 days.

`Consent LocalStorage`

Records that the privacy notice was viewed and dismissed, avoiding redundant popups.

9. Data subject rights (LGPD)

Your rights

Under the LGPD, you have the right to:

Confirm the existence of processing of your data
Access your collected personal data
Correct incomplete, inaccurate, or outdated data
Request deletion of data (except where retention is required to fulfill safety, audit, and voting integrity obligations)
Request information about the entities with whom we share data

How to exercise

Send your request to [email protected] identifying yourself with the email used at login. We will respond within 15 business days.