This Policy describes how PingArmor processes personal data under Brazilian Law No. 13.709/2018 (LGPD). Please read it carefully and reach out to the DPO if you have any questions.
1. Who we are
The PingArmor service is a brand operated by Rafael Soarde Matias, a Brazilian individual residing in Araraquara/SP, Brazil. For LGPD purposes, Rafael Soarde Matias is the Controller of personal data collected in PingArmor operations. The official channel for the Data Protection Officer (DPO) is [email protected]. Full Controller details (CPF and home address) are available on formal request, to preserve the operator's personal security.
2. Data we collect
We collect only what is strictly necessary to provide the Service. The data falls into four categories:
Account: username, email, password (stored as a bcrypt hash) and preferred language.
Device fingerprint (HWID): SHA-256 hashes derived from stable hardware identifiers of your computer, processed in separate namespaces. The original identifiers never leave your PC and the server stores only the hashes — the exact recipe is kept private to reduce the risk of antifraud bypass.
Payment: Stripe transaction identifier, subscription status and partner code (when applicable). We do not have access to card number, CVV or expiry date.
Tunnel operation: WireGuard public key, internal tunnel IP (10.255.247.x), login/heartbeat timestamps and aggregated server operational logs (no packet content).
3. What we use the data for (purpose and legal basis)
Each data category has a defined purpose and a specific LGPD legal basis:
Account: contract performance (art. 7 V) — to create your account, authenticate and send operational emails (verification, password reset, receipts).
HWID: legitimate interest (art. 7 IX) — to bind the license to a single device and prevent multi-trial abuse. A documented Legitimate Interest Assessment (LIA) is available on request to the DPO.
Payment: contract performance (art. 7 V) and compliance with a legal obligation (art. 7 II) — fiscal record of payments.
Tunnel operation: contract performance (art. 7 V) — necessary to create and maintain the WireGuard connection.
4. How long we keep your data
Each type of data has a defined retention term:
Account: while the account is active. After the User deletes the account, identification data is wiped within 30 days, except for legal records (see item 4).
HWID: 90 days for trial HWID after last use; 2 years for active account HWID after last login.
Operational logs: 90 days for aggregated server logs; 1 year for authentication and heartbeat logs.
Fiscal records (Stripe receipts, partner commissions): 5 years, in compliance with art. 174 of the Brazilian Tax Code.
5. Who we share with (Processors)
To deliver the Service we use a small set of Processors that handle personal data on our behalf. They operate in four areas: payment processing, transactional email delivery (account verification, receipts, password reset), DNS/CDN protection for the site and hosting of the server and database. We share only the minimum required for each purpose and only with Processors contractually bound to handle data in accordance with this Policy and LGPD. The nominal list of Processors can be requested from the DPO at [email protected].
6. International transfer
Some Processors operate outside Brazil (United States and Europe). Transfers rely on art. 33, item II, of LGPD — standard contractual clauses present in the agreements signed with each Processor. A copy of the contractual clauses (Data Processing Addendums) can be requested from the DPO at [email protected].
7. Local network monitoring by the app
The PingArmor desktop application reads, in real time, the list of active TCP connections on your computer (only IP addresses, ports and process names) using a native Windows API. This reading lets the app detect when your game connects to a server.
We do not read the contents of network packets and we do not send this information to the PingArmor server or any third party — all processing happens exclusively on your device.
The connection list is kept only in memory while the app is running. If you enable Verbose log mode in Settings, selected events are written to a local debug.log file with automatic 7-day rotation — you can delete the file at any time from the app log folder.
The legal basis for this local reading is legitimate interest (LGPD art. 7, item IX) in protecting the operation of the service against connection failures. The Legitimate Interest Assessment (LIA) is available on request to the DPO at [email protected].
8. Your rights
LGPD grants you, as the data subject, the following rights (art. 18). You may exercise them by emailing the DPO at [email protected]:
Confirm whether your data is being processed.
Access a copy of your data.
Correct incomplete, inaccurate or outdated data.
Anonymise, block or delete unnecessary or excessive data, or data processed in violation of LGPD.
Port your data to another service or product provider.
Delete your data, except under art. 16 (compliance with a legal obligation, study by a research body, transfer to a third party, or controller's exclusive use).
Obtain information about processors with whom the Controller shared your data.
Obtain information about the possibility of refusing consent and its consequences.
Withdraw consent, when processing is based on consent.
9. DPO, ANPD and updates to this Policy
The Data Protection Officer (DPO) is the official channel for any matter related to this Policy. To reach the DPO, email [email protected].
If you are not satisfied with the DPO's reply, you may also file a complaint with the Brazilian Data Protection Authority (ANPD) at www.gov.br/anpd.
This Policy may be updated periodically. Significant changes will be communicated by email or a prominent notice on the website. Continued use of the Service after such notification constitutes acceptance of the updated version.
10. Partners (Referral Program)
If you are a partner in the Referral Program (you receive a formal invitation, accept a versioned contract and offer a discount to referred users), we process additional contract-related data. Details:
Contract data: discount and commission percentages, referral code, term length, accepted terms version, SHA-256 hash of the terms at acceptance time, IP truncated to /24 (IPv4) or /48 (IPv6), User-Agent truncated to 256 characters.
PIX key (only if commission > 0%): stored encrypted at rest (ChaCha20-Poly1305) with dedicated AAD. Solidary mode (commission = 0%) does not require a PIX key.
Associated sales: each sale generated via your code is linked to the snapshot of the contract in force on that date (immutable audit).
Legal basis: contract execution (LGPD art. 7, V) for program data; legal obligation (art. 7, II) for tax data retained.
Retention: contract data and sales are retained for 5 years after termination, per art. 195 §5 of the Brazilian Tax Code. After that, they are anonymised or deleted.
Portability: the endpoint /partner/contract/export delivers a JSON file with your contracts, amendments, events and sales (LGPD art. 18, V).