Privacy Policy — RetiraKit
RetiraKit.run values user privacy and is committed to protecting the personal data collected, in compliance with Brazilian data protection law (LGPD — Lei Geral de Proteção de Dados).
Data Controller
The controller of the personal data processed on the platform is Retira Kit Serviços de Entrega Rápida Ltda, registered under CNPJ 66.060.279/0001-07, responsible for operating RetiraKit.run.
Data Collected
- Full name;
- Email address and phone number;
- Data of athletes linked to the order (when there is more than one athlete);
- Delivery address, when applicable;
- Brazilian tax ID (CPF), when using the digital signature feature on the pickup receipt;
- Digital signature image, when using the signature feature on the platform — processed exclusively for PDF generation and not stored independently;
- Payment information (processed securely by third parties);
- Technical security and operational data, such as IP address, user agent, request identifier and error logs.
Purpose
Data is used to enable the booking and execution of the service, calculate delivery coverage and pricing, prevent fraud, provide support, monitor platform stability and comply with legal obligations.
In the context of kit pickup, attached documents may also be presented to the race organization solely for identity verification, eligibility check and completion of the pickup on behalf of the athlete.
Legal Basis
Processing is carried out based on the applicable LGPD legal bases for each purpose, especially contract execution, compliance with legal and regulatory obligations, and legitimate interest for security, fraud prevention and operational improvement.
Data Sharing
We do not sell or rent personal data. Sharing occurs with essential service providers, such as cloud infrastructure and database services, technical error monitoring, application performance metrics and geocoding providers.
When required by event regulations, strictly necessary data and documents may be shared with the race organization to enable kit collection, limited to the minimum necessary for that purpose.
Retention and Disposal
Documents attached to orders are kept only for the period necessary to execute the service and, as an operational rule, are deleted within 7 (seven) calendar days after the event date.
Address search and validation records for the Home Delivery option (including technical request data) are retained for up to 90 days, with a daily automatic purge routine.
Retention for longer periods may only occur in cases provided by law, including compliance with legal or regulatory obligations, exercise of legal rights and compliance with requests from a competent authority.
Digital Signature
When using the digital signature feature for the pickup receipt, the CPF and signature image are collected directly on the user's device and transmitted to the server solely for generating the PDF document configured by RetiraKit for the event.
The signature image is not stored independently in our systems — it is embedded in the PDF at the time of generation and, like other documents in the order, is subject to deletion within 7 (seven) calendar days after the event date.
The CPF provided is used only to fill in the document template and is processed with the same legal basis and security measures applicable to other personal data collected on the platform.
Cookies and Analytics
We use Matomo Analytics exclusively for access statistics in cookieless mode, without storing tracking cookies and focused on aggregate operational metrics.
When enabled, Google Analytics 4 is loaded only after you grant consent in the analytics category of the cookie banner. You can review or withdraw that consent at any time through the “Cookie preferences” link in the footer.
We also use Vercel Analytics and Vercel Speed Insights for aggregate usage and application performance metrics.
Google ecosystem integrations for campaign measurement may be prepared or activated in future cycles, always subject to the same transparency standards, applicable legal basis and preference controls described in this policy.
Error Monitoring
We use Sentry for technical error and availability monitoring. Sentry collects minimal technical information (such as form interaction data, IP address, user agent and request identifier) to diagnose and fix issues, ensuring the platform's security and stability.
Security and Validation
To prevent fraud and abuse, we use validation mechanisms such as Altcha, which collect minimal technical information (such as form interaction data) to ensure platform security.
User Rights
Users may request access to, correction of or deletion of their personal data, as well as exercise other rights provided under Brazilian data protection law (LGPD), at any time.
Contact
To exercise your rights under the LGPD, please contact us at privacidade@retirakit.run.
Security
We adopt technical and administrative measures to protect information against unauthorized access, loss or improper alteration. In the event of any conflict between this translation and the Portuguese version, the Portuguese version shall prevail.