Street Smart English – Privacy Policy
Last updated: November 24, 2025

1. Who We Are

Street Smart English (“SSE”, “we”, “us” or “our”) provides online English learning content, courses, coaching and related services through our websites, platforms and other digital channels, including StreetSmartEnglish.com (collectively, the “Services”).

For purposes of the Brazilian Lei Geral de Proteção de Dados – LGPD (Law No. 13.709/2018), SSE is the controller of your personal data when we decide how and why your data is processed. Planalto+2tjce.jus.br+2

For users located in the United States, applicable state and federal privacy laws (such as California’s CCPA/CPRA) may grant you specific rights regarding your personal information. California Attorney General+2IAPP+2

O Encarregado pelo tratamento de dados pessoais na Street Smart English é:

Encarregado/DPO (LGPD contact): Adebayo A. Olorounto CNPJ: 55.802.539/0001-56

If you have questions about this Policy or how we handle your data, you can contact us at:

Email (Privacy / DPO): [email protected]
Mailing address: Street Smart English, Caixa Postal 7051, Campinas, SP, Brasil, 13076-970

2. Scope of This Policy

This Privacy Policy explains how we collect, use, share, store and protect personal data when you:

Visit our website(s) or landing pages

Create an account or profile

Purchase or access our courses, programs, challenges or memberships

Interact with our marketing, emails, chats, and customer support

Take part in events, surveys, quizzes, or promotions

This Policy does not apply to third-party websites, apps or services that we do not control, even if you access them through our Services.

3. Data We Collect

We may collect the following categories of information:

3.1. Information You Provide Directly

Registration data: Name, email address, phone/WhatsApp, password, language level, city/region, company name, role.

Profile and course data: Photo/avatar (if you upload one), biography, learning goals, preferences, time zone, progress, quiz results, assignments, messages sent inside the platform.

Communications: Emails, chat messages, support tickets, feedback, testimonials and other communications you send to us.

Payment data: Billing name, CPF/CNPJ (if required), billing address and partial payment details. Note: full card data is typically processed directly by our payment providers (e.g., Stripe, PagSeguro, Hotmart, etc.) and not stored in our systems.

User-generated content: Audio or video submissions, comments, forum posts, homework and other content you upload or create within the Services.

3.2. Information Collected Automatically

When you use our Services, we may automatically collect:

Device and usage data: IP address, device type, browser type/version, operating system, access times, and pages viewed.

Log data: Session logs, error logs, performance metrics, and interaction logs with course content.

Cookies and similar technologies: We use cookies, pixels and similar tools for authentication, preferences, analytics, marketing and security (see section “Cookies and similar technologies”).

3.3. Information from Third Parties

We may receive information about you from:

Payment processors and e-commerce platforms (e.g., Hotmart, Stripe, PagSeguro) related to your purchases, subscriptions and payment status.

CRM and marketing partners (e.g., email providers, social platforms) when you give consent to receive communications or log in using social media accounts.

Corporate clients (for B2B training) who enroll you in a corporate program and share limited data such as your name, work email and role.

4. Legal Bases for Processing (LGPD & Other Laws)

Under the LGPD and other applicable laws, we rely on different legal bases to process your data, including: Planalto+2trf5.jus.br+2

Performance of a contract: To provide the Services you sign up for, including access to courses, support and platform features.

Compliance with legal obligations: To meet obligations related to tax, accounting, consumer rights and data protection.

Legitimate interests: To improve our Services, prevent fraud, ensure security, and send communications about similar products, subject to your rights and expectations.

Consent: For certain marketing activities, cookies (where required), publication of testimonials with your name/image, or other uses that legally require your explicit consent. You may withdraw consent at any time, without affecting prior processing based on consent.

5. How We Use Your Data

We may use your personal data for the following purposes:

To provide and manage the Services

Create and manage your account and profile

Deliver courses, classes, quizzes, certificates and support

Track your learning progress and personalize content

To communicate with you:

Send transactional emails (enrollment, receipts, access instructions, important updates)

Send reminders about classes, deadlines, renewals and support tickets

Respond to your questions, support requests and feedback

To improve and develop our Services

Analyze usage patterns and feedback

Test new features, content and tools

Monitor performance and fix technical issues

For marketing and relationship management

Send news, offers, challenges and content that may interest you (where permitted by law and/or your consent)

Segment users to deliver more relevant messages and promotions

Invite you to provide testimonials or case studies

For safety, security and legal compliance

Detect, investigate and prevent fraud, abuse or security incidents

Enforce our Terms of Service and other agreements

Comply with legal obligations, court orders or requests from competent authorities

We do not use your personal data to make decisions based solely on automated processing that produce legal or similarly significant effects without human involvement, unless required or permitted by law and with adequate safeguards.

6. Cookies and Similar Technologies

We use cookies, pixels and similar technologies to:

Keep you logged into your account

Remember your preferences (language, layout, etc.)

Measure traffic and usage patterns

Support marketing, retargeting and campaign measurement

You can manage cookies through:

Your browser settings (blocking or deleting cookies)

Any cookie banner or preference center we provide on our site

If you disable certain cookies, some features of the Services may not work correctly.

7. How We Share Your Data

We may share your personal data with:

Service providers (“operators” under LGPD) who process data on our behalf, such as:

Hosting and cloud infrastructure

Payment processors and financial intermediaries

Email, CRM and marketing tools

Analytics and security providers

Customer support and ticketing systems

These providers are bound by contractual obligations to protect your data and use it only according to our instructions. tjce.jus.br+2trf5.jus.br+2

Business partners and corporate clients

When your employer or organization sponsors your access to SSE, we may share limited progress information (e.g., completion rates, attendance, general performance statistics) as agreed with that organization.

Legal and regulatory authorities

When required to comply with laws, regulations, legal processes or governmental requests.

Business transfers

In connection with any merger, sale of assets, financing, acquisition or reorganization of our business, your data may be transferred as part of the transaction, subject to appropriate confidentiality and data protection obligations.

We do not sell or share your personal information with third parties for monetary consideration. If in the future we engage in activities that qualify as “sale” or “sharing” of personal information under CCPA/CPRA, we will update this Policy and provide the required “Do Not Sell or Share My Personal Information” mechanism. California Attorney General+2Yes on Prop 24+2

8. International Data Transfers

Because we may use global service providers and infrastructure, your data may be transferred to and processed in countries other than your country of residence, including the United States and Brazil.

When we transfer data internationally, we take appropriate measures to ensure that:

The receiving country provides an adequate level of data protection; or

We use contractual protections and other safeguards as required by applicable law.

9. Your Rights and Choices

9.1. Rights Under the LGPD (Brazil)

If you are in Brazil or subject to the LGPD, you have the right to request: Planalto+2trf5.jus.br+2

Confirmation of the existence of processing

Access to your personal data

Correction of incomplete, inaccurate or outdated data

Anonymization, blocking or deletion of unnecessary, excessive or unlawfully processed data

Portability of your data to another service provider, where technically feasible

Deletion of personal data processed based on consent, except where retention is permitted or required by law

Information about public and private entities with which we share your data

Information about the possibility of not providing consent and the consequences of refusal

Revocation of consent at any time, when processing is based on consent

You can exercise these rights by contacting us at [email protected]. We may need to verify your identity before responding.

9.2. Rights Under U.S. Privacy Laws (e.g., CCPA/CPRA)

Certain U.S. state laws (such as California’s CCPA/CPRA) grant residents specific rights, including: varonis.com+3California Attorney General+3Yes on Prop 24+3

The right to know what personal information is collected, used, shared, or sold

The right to access and obtain a copy of certain personal information

The right to request deletion of personal information (subject to legal exceptions)

The right to correct inaccurate personal information

The right to opt-out of the sale or sharing of personal information

The right to limit the use and disclosure of certain sensitive personal information

The right not to be discriminated against for exercising these rights

If you are a resident of a U.S. state with such rights and wish to exercise them, please contact us at [email protected] and specify your request and jurisdiction.

10. Data Security

We implement technical and organizational measures designed to protect your personal data against unauthorized access, destruction, loss, alteration or misuse. These may include:

Access controls and authentication

Encryption in transit and/or at rest (where applicable)

Regular backups and monitoring

Internal policies and training for staff and contractors

However, no system is 100% secure. You are responsible for keeping your password and account credentials confidential and for notifying us promptly if you suspect unauthorized use of your account.

11. Data Retention

We retain your personal data for as long as necessary to:

Provide the Services and fulfill the purposes described in this Policy

Comply with legal, tax, accounting and regulatory obligations

Resolve disputes and enforce our agreements

We use criteria such as the nature of the data, the purpose of the processing, and applicable legal requirements to determine appropriate retention periods. When data is no longer needed, we may delete, anonymize or aggregate it.

12. Children’s Privacy

Our Services are generally intended for users over 13 years of age (or older, depending on local law). We do not knowingly collect personal data from children under 13 without verifiable consent from a parent or legal guardian as required by law.

If you believe that a child has provided us with personal data without such consent, please contact us at [email protected] and we will take appropriate steps to delete the data or obtain proper authorization.

13. Third-Party Websites and Services

Our Services may contain links to third-party websites, apps or services (e.g., payment gateways, social networks, content platforms). We are not responsible for the privacy practices of those third parties.

We recommend that you review the privacy policies of each website or service you visit.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements or other factors.

When we make material changes, we will:

Update the “Last updated” date at the top of this page; and Provide additional notice if required by law (for example, via email or a prominent notice on our website).

Your continued use of the Services after the updated Policy becomes effective indicates that you have read and understood the changes.

15. How to Contact Us

If you have any questions, requests or concerns about this Privacy Policy or our data practices, please contact us:

Email (Privacy / DPO): [email protected]

Support email: [email protected]

Mailing address: [Company name, street, city, state, country, ZIP]

If you are in Brazil and believe your rights under the LGPD have been violated, you may also contact the Autoridade Nacional de Proteção de Dados (ANPD) or other competent authority.