Privacy Policy
This Privacy Policy explains how Hazor Negócios Digitais(“Hazor”, “we”, “us”) collects, uses, shares, and protects information when you visit gracefinance.com(the “Site”) or purchase the Freedom Snowball Guide.
1. Information We Collect
You give us
- Email address — required to receive your download link and any support correspondence.
- Name and billing information — collected by Paddle during checkout; we receive only the customer name and email associated with the order.
We collect automatically
- IP address and user-agent string — recorded with each request for fraud prevention, bot detection, and approximate geolocation.
- First-party tracking identifiers — a visitor ID stored in
localStorageand a session ID stored insessionStorage(expires after 30 minutes of inactivity). These are opaque random strings and do not contain personal information. - Page views and CTA clicks — what pages you visit, when, the referrer, and the UTM parameters in the URL.
From third parties
- Paddle sends us order details (email, amount, transaction ID, refund status) via webhook after a successful purchase or refund.
- Meta Pixel sets first-party cookies (
_fbp,_fbc) on your browser to attribute ad-driven traffic.
2. How We Use Your Information
- To deliver the Freedom Snowball Guide via email.
- To verify ownership when you request a re-send of your download link.
- To process refunds and respond to support requests.
- To measure traffic, conversion, and ad performance.
- To prevent abuse, fraud, and unauthorized access.
- To comply with legal obligations.
3. How We Share Your Information
We do not sell or rent your personal information. We share information only with the following service providers, strictly to operate the Service:
- Paddle (merchant of record for payments) — processes your transaction, handles billing, issues invoices, and remits sales tax. See paddle.com/legal/privacy.
- Supabase — stores order records and the product PDF in a private bucket.
- Resend — sends the transactional email containing your download link.
- Meta Platforms (Facebook / Instagram) — receives purchase events via the Conversions API (CAPI) for ad measurement and optimization. Email addresses are hashed (SHA-256, lowercased) before transmission.
- Vercel — hosting and edge infrastructure.
4. Cookies and Local Storage
- First-party identifiers (
gf_vid,gf_sid) — set by our own tracking code to measure traffic on our Site only. - Meta Pixel cookies (
_fbp,_fbc) — set by Facebook to attribute ad-driven visits. - Paddle session cookies — set during checkout for fraud prevention.
You can clear these at any time via your browser settings. Doing so does not affect your ability to receive support; we identify orders by the email used at checkout.
5. Data Retention
Order records, including the email associated with the purchase, are retained indefinitely to satisfy applicable tax and accounting obligations and to support refunds and customer service. Tracking events (page views, CTA clicks) are purged after 90 daysfrom our database via an automated cleanup job. Rate-limit logs are purged after 7 days.
6. Your Rights
California residents (CCPA / CPRA)
You have the right to know what personal information we hold about you, to request its deletion, and to opt out of the sharing of personal information for cross-context behavioral advertising. We share hashed email addresseswith Meta Platforms via the Conversions API for ad measurement; under CCPA § 1798.140(ah), this transfer may qualify as “sharing”. To opt out of this transfer, or to exercise any other CCPA right, email support@thegracefinance.com with the subject line “Privacy Request” and we will suppress your email from future Conversions API events.
Other U.S. states with comprehensive privacy laws
Residents of states with comprehensive privacy laws (e.g., Virginia, Colorado, Connecticut, Utah) have similar rights of access, correction, deletion, and opt-out. Use the same address above.
EU/UK residents (GDPR / UK-GDPR)
Our Service is intended primarily for U.S. customers. If you nonetheless visit from the EU or UK, you may exercise GDPR / UK-GDPR rights (access, rectification, erasure, restriction, portability, objection) by emailing the address above.
7. Children
The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, contact us and we will delete it.
8. Security
We use industry-standard measures to protect your information: HTTPS/TLS for all traffic, signed webhooks (HMAC) for server-to-server events, server-only secrets stored in hardened environments, rate-limited public endpoints, and row-level security on our database. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.
9. International Transfers
Our service providers may store data in the United States and other countries. By using the Service, you consent to the transfer of your information to these jurisdictions, which may have different data-protection laws than your country of residence.
10. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date above. Material changes will be communicated by email when possible.
11. Contact
Questions about this Privacy Policy or your data? Email support@thegracefinance.com, or visit our Contact page.