5M_
5mlearn
Privacy Policy & LGPD

Transparency on how 5mlearn treats your data.

We use data to deliver personalized micro-lessons, protect your daily habit, and comply with legal duties. You can export, correct, or delete information at any time.

Controller: 5mlearnUpdated Dec/2025
Controller & DPO

Talk directly with us

We answer within 2 business days. Include your user ID (after login) or registered email to speed up verification.

Email

support@5mlearn.com

Reply

WhatsApp

(24)99981-4872

Open
Data subject rights

Export, correct, or delete

Confirmation of processing, access/portability, correction, anonymization/deletion, objection, and review of automated decisions are available to all users.

Open /lgpdDownload data (JSON)

To exercise any right, use the LGPD center or contact the DPO. Incidents will be communicated via email and, if needed, through push/WhatsApp.

Data we collect

  • Account and profile: email, name/username, language, timezone, and optional profile data.
  • Product usage: active topics, daily deliveries, lesson progress, review queue/history, feedback, achievements, and usage events.
  • Communication: email queue/open/click metrics and notification/push preferences.
  • Billing: plan status, usage limits, and transactions processed by Stripe/PIX (card numbers are never stored).

Purposes and legal bases

  • Contract execution: deliver daily microlearning, personalize lessons/reviews, and send habit notifications.
  • Consent: push notifications and public profile sharing (explicit opt-in).
  • Legitimate interest: quality improvements, abuse prevention, and internal operational metrics.
  • Legal obligation: minimal billing records and security/audit logs.

Sharing with processors

  • Supabase (infra/database), Resend (transactional emails), OpenAI (lesson/coach generation), and Stripe/PIX (payments).
  • Each provider receives only the data strictly required to perform the contracted service.
  • International transfers follow provider adequacy/standard clauses; data is encrypted in transit and at rest.

Retention and security

  • We retain data while the account is active or until you request deletion/anonymization.
  • History may be trimmed for audit, fraud prevention, and quality improvements.
  • RLS and access roles are active in Supabase; admin accesses are audited.
  • If an incident occurs, affected users will be notified as required by LGPD/GDPR.