ZERO CHARTS
Privacy
Policy
zerocharts.com.br
Last
updated: March 2026
Zero
Charts is committed to protecting your privacy. This Privacy Policy explains
how we collect, use, store, and protect your personal data, in compliance with
Brazil's LGPD (Law 13,709/2018), the EU General Data Protection Regulation
(GDPR — Regulation 2016/679), the UK GDPR, the California Consumer Privacy Act
(CCPA), and other applicable privacy laws.
•
Email address (account identification and recovery);
•
Password (stored as a cryptographic hash — never in
plain text);
•
Last.fm username (required for integration).
•
Listening history (scrobbles) linked to your Last.fm
profile;
•
Information about artists, songs, and albums you have
listened to;
•
Dates and play counts for tracks.
Payment
data (card details, billing address, etc.) is collected and processed
exclusively by Paddle, our Merchant of Record. Zero Charts does not store
payment information. Please refer to Paddle's Privacy Policy for details on how
they handle your payment data.
•
IP address and access logs (security and diagnostics);
• Device and browser information;
•
In-platform navigation data (pages visited, session
duration).
•
Create and manage your account;
•
Generate charts, listening history, and statistics;
• Create certificates and plaques;
•
Process subscriptions and billing (via Paddle);
•
Ensure platform security and prevent fraud;
• Continuously improve our features;
• Comply with legal obligations.
We
do not use your data for targeted advertising and we do not sell your data to
third parties.
•
Consent: Last.fm integration and collection of musical
data;
•
Contract performance: provision of the requested services;
•
Legitimate interest: platform security and improvement;
•
Legal obligation: compliance with applicable
regulations.
•
Consent (Art. 6(1)(a)):
Last.fm integration;
•
Contract performance (Art. 6(1)(b)):
service delivery and subscription processing;
•
Legal obligation (Art. 6(1)(c)):
compliance with regulatory requirements;
•
Legitimate interest (Art. 6(1)(f)): security, fraud
prevention, and platform improvement.
We
do not sell personal information of California residents. To exercise your
access, deletion, or opt-out rights, contact us through the channels at
zerocharts.com.br.
We
share your data only with:
•
Paddle (payment processing and subscription management
— Merchant of Record);
•
Last.fm (integration authorized by you);
•
Essential infrastructure providers (e.g., hosting),
bound by contractual confidentiality obligations;
•
Public authorities, when required by law or court
order.
Zero
Charts may transfer personal data outside your country of residence, including
to Brazil where our servers are hosted.
For
EEA and UK users: international transfers are carried out using appropriate
safeguards under the GDPR, such as Standard Contractual Clauses (SCCs) approved
by the European Commission, or based on adequacy
decisions where applicable.
For
users in other countries: we apply technical and contractual measures to
protect your data during international transfers in accordance with applicable
local law.
•
Account data: retained while your account is active;
•
Last.fm musical data: retained to enable your chart history;
•
Access/security logs: minimum 6 months (Brazil's Marco
Civil) or as required by local law;
•
Payment data: retained by Paddle according to their
policies and legal obligations.
Upon
account deletion, your personal data will be erased or anonymized, unless
retention is required by law.
•
Access the personal data we hold about you;
•
Correct inaccurate or incomplete data;
•
Request deletion of your data (subject to legal
retention requirements);
•
Withdraw consent at any time.
•
Data portability in a machine-readable format;
•
Object to processing based on legitimate interests;
•
Restrict processing in certain circumstances;
•
Lodge a complaint with your local supervisory
authority (e.g., ICO in the UK, your national DPA in the EU).
•
Know what categories of personal data we collect;
•
Request deletion of your personal data;
•
Not be discriminated against for exercising privacy
rights.
To
exercise any of these rights, contact us at zerocharts.com.br.
•
Passwords stored using secure cryptographic hashing;
•
Restricted access controls to personal data;
• Access monitoring and auditing;
•
Incident response procedures — we will notify relevant
authorities within 72 hours of becoming aware of a breach (as required by GDPR)
and users within the timeframes required by applicable law.
We
use only session cookies necessary to keep you authenticated while using the
platform. We do not use third-party tracking cookies or behavioral advertising
technologies.
Zero
Charts is not directed at children under 13 years of age, or under the minimum
age required by local law (e.g., 16 years in some EEA countries). We do not
knowingly collect data from minors. If we become aware that a minor's data has
been collected without appropriate consent, we will take immediate steps to
delete it.
To
comply with GDPR requirements, we have designated a Data Protection Officer
(DPO). DPO contact details are available at zerocharts.com.br. EEA users may
also contact their local supervisory authority directly.
We
may update this Privacy Policy periodically. For material changes that affect
your rights, we will provide reasonable advance notice. The 'Last updated' date
at the top of this document reflects the current version in effect.
For
questions, data requests, or to exercise your rights, visit zerocharts.com.br.
© 2026 Zero Charts — zerocharts.com.br