Privacy Policy

Last Updated: April 13, 2025

1. INTRODUCTION

WePray ("we," "us," or "our") operates the website www.wepray.org, its language variations (such as en.wepray.org or pt.wepray.org), and the WePray mobile application (collectively, the "Services").

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Services. By accessing or using our Services, you consent to this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use our Services.

2. INFORMATION WE COLLECT

2.1 Personal Data

While using our Services, we may collect personally identifiable information that can be used to contact or identify you ("Personal Data"), including but not limited to:

  • Email address
  • Full name
  • Username
  • Phone number
  • Address, state, province, ZIP/postal code, city
  • Payment information (processed securely through our payment processors)
  • Account credentials
  • User preferences
  • Profile information
  • Cookies and Usage Data

2.2 Usage Data

We also collect information that your browser or device sends when you access our Services ("Usage Data"). This may include:

  • IP address
  • Browser type and version
  • Pages visited and time spent
  • Time and date of your visit
  • Device information (type, ID, operating system)
  • Diagnostic data
  • Referring websites

2.3 Location Data

With your consent, we may collect and process information about your geographic location ("Location Data"). You can enable or disable location services at any time through your device settings.

2.4 Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our Services and hold certain information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, some portions of our Services may not function properly.

Types of cookies we use:

  • Essential cookies: Necessary for the operation of our Services
  • Preference cookies: Remember your settings and preferences
  • Analytics cookies: Help us understand how visitors interact with our Services
  • Marketing cookies: Used to deliver relevant advertisements and marketing communications

3. LAWFUL BASIS FOR PROCESSING

We process your Personal Data based on the following legal grounds:

  • Consent: Where you have explicitly consented to the processing
  • Contract: Processing necessary for the performance of a contract with you
  • Legitimate Interests: Processing necessary for our legitimate interests, provided those interests are not overridden by your rights
  • Legal Obligation: Processing necessary to comply with our legal obligations

4. HOW WE USE YOUR INFORMATION

We use your data for various purposes, including to:

  • Provide, maintain, and improve our Services
  • Process transactions and manage your account
  • Communicate with you, including responding to your inquiries and providing updates
  • Personalize your experience with our Services
  • Monitor and analyze usage patterns and trends
  • Detect, prevent, and address technical issues and security breaches
  • Comply with legal obligations
  • Enforce our Terms of Service
  • Provide targeted advertisements and marketing communications (with your consent where required by law)

5. DATA RETENTION

We retain your Personal Data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. The criteria used to determine our retention periods include:

  • The length of time we have an ongoing relationship with you
  • Whether there is a legal obligation to which we are subject
  • Whether retention is advisable considering our legal position (such as for statutes of limitations, litigation, or regulatory investigations)

Typically, we retain:

  • Account information: For the duration of your account plus 2 years
  • Transaction data: For 7 years for tax and accounting purposes
  • Communications: For 3 years after your last interaction with us
  • Usage data: In aggregated form for up to 2 years

6. DATA SHARING AND DISCLOSURE

6.1 Service Providers

We may share your information with third-party vendors, service providers, and contractors who perform services on our behalf. These parties are only provided with access to information needed to perform their functions and are prohibited from using it for other purposes.

Categories of service providers we use:

  • Cloud storage providers
  • Payment processors
  • Analytics providers
  • Customer support services
  • Marketing and advertising partners
  • Communication services

6.2 Business Transfers

If we are involved in a merger, acquisition, financing, or sale of business assets, your information may be transferred as part of that transaction.

6.3 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency) or to:

  • Comply with legal obligations
  • Protect and defend our rights or property
  • Prevent or investigate possible wrongdoing
  • Protect the personal safety of users or the public
  • Protect against legal liability

6.4 With Your Consent

We may share your information in other contexts with your consent.

7. INTERNATIONAL DATA TRANSFERS

Your information, including Personal Data, may be transferred to and processed in countries other than the one in which you reside. These countries may have data protection laws that differ from those in your country.

If you are located outside the United States and provide information to us, we transfer and process that data in the United States and other countries where our service providers operate.

When we transfer Personal Data outside your jurisdiction, we implement appropriate safeguards, which may include:

  • Standard Contractual Clauses approved by relevant data protection authorities
  • Ensuring the recipient country has been deemed to provide adequate protection
  • Obtaining your explicit consent to the proposed transfer
  • Implementing technical and organizational measures to protect your data

8. DATA SECURITY

We implement appropriate technical and organizational measures to protect your Personal Data, including:

  • Encryption of sensitive information
  • Regular security assessments
  • Access controls and authentication requirements
  • Staff training on data protection

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.

9. YOUR DATA PROTECTION RIGHTS

Depending on your location, you may have the following rights regarding your Personal Data:

  • Right to Access: Request copies of your Personal Data
  • Right to Rectification: Request correction of inaccurate or incomplete information
  • Right to Erasure: Request deletion of your Personal Data in certain circumstances
  • Right to Restrict Processing: Request limitation of processing of your Personal Data
  • Right to Data Portability: Request transfer of your Personal Data to you or a third party
  • Right to Object: Object to processing of your Personal Data for certain purposes
  • Right to Withdraw Consent: Withdraw consent where processing is based on consent
  • Right to Non-discrimination: Receive equal service and pricing even if you exercise your privacy rights

California Residents' Rights

Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), California residents have additional rights regarding their Personal Data, including:

  • The right to know what Personal Data is collected, used, shared, or sold
  • The right to delete Personal Data
  • The right to opt-out of the sale or sharing of Personal Data
  • The right to correct inaccurate Personal Data
  • The right to limit the use and disclosure of sensitive Personal Data

To exercise your rights, please contact us using the information in Section 14. We may ask for specific information to confirm your identity before processing your request.

10. CHILDREN'S PRIVACY

Our Services are not intended for children under 13 years of age ("Children"). We do not knowingly collect personally identifiable information from Children. If you are a parent or guardian and believe your child has provided us with Personal Data, please contact us, and we will take steps to remove that information from our servers.

In certain jurisdictions, the minimum age may be higher (16 in the European Economic Area under GDPR). We comply with these varied age requirements and do not knowingly collect data from underage users.

11. AUTOMATED DECISION MAKING AND PROFILING

We may use automated decision-making and/or profiling in regard to your Personal Data for certain activities, including:

  • Personalized product recommendations
  • Customized content delivery
  • Risk assessments for fraud prevention

You have the right not to be subject to a decision based solely on automated processing if the decision produces legal effects or similarly significantly affects you, unless:

  • It is necessary for entering into or performing a contract with you
  • It is authorized by applicable law
  • It is based on your explicit consent

If you wish to contest an automated decision, please contact us using the information in Section 14.

12. THIRD-PARTY SERVICES

12.1 Analytics Providers

We use third-party analytics services to monitor and analyze the use of our Services, including:

  • Google Analytics: Google's Privacy Policy
  • Google Firebase: Firebase Privacy Policy
  • Matomo: Matomo's Privacy Policy

12.2 Behavioral Remarketing

We use remarketing services to advertise on third-party websites after you have visited our Services:

  • Google Ads: You can opt out via Google Ads Settings
  • Facebook: You can learn more about Facebook's interest-based ads at Facebook's Ad Preferences and review their Data Policy

12.3 Links to Other Sites

Our Services may contain links to third-party websites not operated by us. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services. We strongly encourage you to review the privacy policy of every site you visit.

13. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. For significant changes, we will provide additional notice, such as a prominent website notice or an email notification.

Your continued use of our Services after changes to the Privacy Policy constitutes acceptance of those changes.

14. CONTACT US

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us:

  • Email: privacy@wepray.org
  • Website: en.wepray.org/contact
  • Phone: +55 19 99925-2434
  • Mail: WePray, Rua Joao Fructuoso Miranda Filho, 331, Hortolandia, SP, ZIP 13184-060, Brazil
  • Data Protection Officer: dpo@wepray.org

Complaints: If you have unresolved concerns, you have the right to complain to your local data protection authority.