Overview
Your privacy is important to us. It is the policy of Bia Kaori Mi to respect your privacy regarding any information we may collect from you across this website, biakaorimi.com, and any other sites we own and operate.
This policy explains what personal information we collect, why we collect it, how it is used and protected, and what rights you have in relation to it. By continuing to use this site, you accept the practices described below.
This policy applies to all visitors, regardless of location. It incorporates obligations under Brazilian law (LGPD), US federal and state frameworks (CCPA, COPPA, CAN-SPAM), and GDPR-aligned principles for international visitors.
Information We Collect
We only request personal information when we genuinely need it to provide a service. We collect it by fair and lawful means, with your knowledge and consent, and inform you of its purpose at the time of collection.
Information you provide directly
- Contact data - name and email address when you reach out via the speaker invitation form or email.
- Communications - the content of messages you send us.
Information collected automatically
- Usage data - pages visited, time on site, browser type, device type, operating system, referring URL, and approximate geographic region.
- Log data - IP address, access timestamps, and server response codes, retained for security and diagnostic purposes.
- Cookie data - as described in Section 5.
We do not collect sensitive personal data (health records, financial data, government IDs, biometric data) unless you voluntarily provide it in direct communication with us.
How We Use Your Information
Information is used solely to operate this website and to respond to your inquiries. Specific purposes include:
- Responding to messages, questions, speaker invitation requests, or press inquiries submitted via the contact form;
- Maintaining site security and preventing abuse;
- Complying with applicable legal obligations.
We do not sell, trade, rent, or share your personal information with third parties for marketing purposes. We do not use your data for automated decision-making or profiling that produces legal or similarly significant effects. We do not run advertising on this site.
Legal bases for processing (GDPR/LGPD): legitimate interests (security, server logs), contract performance (responding to your inquiry), and legal obligation (regulatory compliance).
Data Retention
We retain collected information only as long as necessary to fulfill the purpose for which it was collected, or as required by law. General retention periods:
- Contact inquiries - up to 2 years after last communication.
- Server logs - up to 12 months for security and diagnostic purposes.
- Contact form data - name and email submitted via the contact form are retained by Formspree (our form processor) and forwarded to us. We retain your inquiry for up to 2 years. See Section 6 for Formspree details.
- Cookie data - per individual cookie lifespan (see Section 5).
When data is no longer needed, it is securely deleted or permanently anonymized. If immediate deletion is not technically feasible, we will isolate it from further processing pending deletion.
Cookies and Third-Party Services
First-party cookies
This site does not set any first-party tracking, analytics, or advertising cookies. We do not run Google Analytics, Google AdSense, or any advertising network. We do not use affiliate tracking cookies.
We use your browser's localStorage (not a cookie) to remember that you have dismissed the privacy notice banner. This stores only a single value ("dismissed") and contains no personal data. It is never transmitted to any server.
Google Fonts
This site loads typefaces (Barlow and Barlow Condensed) from Google Fonts via fonts.googleapis.com. When your browser requests a font file, Google receives your IP address and browser information as part of a standard HTTP request. Google may use this to generate usage statistics. Google states it does not use font API data to build user profiles or serve advertising.
Legal basis (GDPR/LGPD): legitimate interest in delivering readable typography. If you wish to block this, you can use a browser extension such as uBlock Origin to block fonts.googleapis.com; the site will render using your system fonts instead.
Formspree (contact form processor)
When you submit the contact form, your data (name, email address, and message) is sent to Formspree, Inc. (San Antonio, Texas, USA), which processes it on our behalf and forwards it to us by email. Formspree may log your IP address for spam prevention and security purposes. Formspree is GDPR compliant and relies on Standard Contractual Clauses as a data processor. For details, see Formspree's Privacy Policy.
Legal basis (GDPR/LGPD): contract performance (you are initiating contact with us).
YouTube (embedded video)
One page of this site embeds a YouTube video. The video uses a click-to-load mechanism: no connection is made to YouTube's servers until you click the play button. When you click play, the video loads via youtube-nocookie.com, YouTube's privacy-enhanced domain. At that point, YouTube may set cookies on your device and collect data in accordance with Google's Privacy Policy. You can avoid this entirely by not clicking play.
Legal basis (GDPR/LGPD): consent (you initiate playback by clicking).
This site contains no advertising, no analytics trackers, and no affiliate tracking. The only data transmissions are: Google Fonts (IP address, on every page load), Formspree (your form submission, only when you submit), and YouTube (only when you click play).
Sharing & Third Parties
We do not share personally identifiable information publicly or with third parties except in the following circumstances:
- Service providers - Formspree (contact form processing) and Google (font delivery via Google Fonts). Each processes only the minimum data necessary and is bound by their own privacy policies and data processing agreements.
- Legal requirements - when disclosure is required by law, court order, or governmental authority.
- Protection of rights - when necessary to protect the safety, rights, or property of Bia Kaori Mi, its users, or the public.
This site may contain links to external websites not operated by us. We are not responsible for their content or privacy practices. We encourage you to review their privacy policies.
Children's Privacy
This site is not directed at children under the age of 13 (or 16 where applicable under local law). We do not knowingly collect personal information from minors. If you believe we have inadvertently collected data from a child, please contact us immediately and we will take prompt steps to delete it.
This section reflects compliance with the US Children's Online Privacy Protection Act (COPPA) and equivalent Brazilian provisions under the LGPD and the Child and Adolescent Statute (ECA).
Your Rights
Depending on your location, you may have the following rights regarding your personal data:
Access
Request a copy of the personal data we hold about you.
Correction
Request correction of inaccurate or incomplete information.
Deletion
Request erasure of your personal data, subject to legal obligations.
Portability
Receive your data in a structured, machine-readable format.
Objection
Object to processing based on legitimate interests.
Opt Out
Decline to provide personal information; some services may be unavailable as a result.
California residents (CCPA)
California residents have additional rights under the California Consumer Privacy Act, including the right to know what personal information is collected, the right to opt out of sale (we do not sell personal data), and the right to non-discrimination for exercising these rights.
Brazilian residents (LGPD)
Brazilian residents have rights under Lei Geral de Proteção de Dados (Lei nº 13.709/2018), including confirmation of processing, access, correction, anonymization or deletion of unnecessary data, portability, information about third-party sharing, and revocation of consent at any time without penalty.
To exercise any of these rights, contact us at contact@biakaorimi.com. We will respond within the legally required timeframe (45 days under CCPA; 15 business days under LGPD).
Security
We implement commercially reasonable technical and organizational measures to protect your personal data against unauthorized access, disclosure, alteration, or destruction - including HTTPS encryption for all data in transit, access controls, and regular review of our data handling practices.
No method of transmission over the internet is 100% secure. In the event of a data breach that poses a risk to your rights, we will notify affected parties and relevant authorities as required by applicable law.
User Responsibilities
By using this site, you agree not to:
- Engage in activities that are illegal or contrary to good faith or public order;
- Distribute racist, xenophobic, or otherwise discriminatory content, illegal material, content promoting terrorism, or content that violates human rights;
- Damage the systems of this site, its suppliers, or third parties by introducing or spreading malicious code or viruses.
Changes to This Policy
We may update this Privacy Policy periodically to reflect changes in our practices or for legal, operational, or regulatory reasons. When we do, we will revise the “Last updated” date in the page header. Continued use of the site after changes are posted constitutes your acceptance of the updated policy.
Contact
For questions about how we handle your data, or to exercise any of your rights, contact us at contact@biakaorimi.com. We will respond no later than the deadline required by applicable law.