Privacy Policy
Last updated: July 2026.
Afinados is an Eiseron product. This policy describes what data Afinados processes and why. The product is guest-first: you use the tools without signing up.
Who the controller is
Eiseron LTDA (CNPJ 41.516.538/0001-30) is the controller of the data processed by Afinados. Contact: [email protected]. The channel for the data protection officer (DPO) is [email protected].
Data we process
- Session cookie. A single signed first-party cookie, strictly necessary. It holds two distinct values: the secret used for CSRF protection (security) and a random guest token that links your saved setups to this browser without an account. The two are not the same value. Neither identifies you personally, and neither is used for tracking or advertising.
- Saved setups. Technical carburetor data (needle, jets, clip, shim, venturi). This is not personal data.
- Error logs. When something fails, we record the error for diagnostics and security. Before storing, we strip direct identifiers such as the IP and browser identification, so the stored record is de-identified. Collection and processing use our own self-hosted tool (OpenObserve); storage relies on Cloudflare R2 as a processor.
- Usage metrics. We use Cloudflare Web Analytics, an aggregate, cookieless analytics that counts visits and pages without tracking individuals and without building a profile.
- Delivery and protection (Cloudflare). To serve and protect the site, Cloudflare processes the visitor's IP.
There is no signup and no collection of identifying personal data from guests, and we use no other analytics or marketing tools.
Legal basis
The session cookie is treated as strictly necessary to the service. Error logs and aggregate metrics rely on the legitimate interest of keeping the service secure and working, in a proportionate way and without individual tracking.
Where data lives and security
The application, the database, and error monitoring run on servers outside Brazil (our own self-hosted infrastructure), and the de-identified error logs are stored on Cloudflare R2, also outside Brazil. We apply reasonable security measures to protect the service, and backups are encrypted and stored off the server.
Sharing and international transfer
We do not sell your data or share it for marketing. The service runs on our own infrastructure hosted outside Brazil, and we use Cloudflare as a processor for delivery, protection, and storage (Cloudflare R2). As a result, your IP and the de-identified error logs may be processed on servers outside Brazil. These international transfers rely on contractual and technical safeguards compatible with the LGPD.
Recommendation links and affiliation
Afinados may show recommendations for third-party products. When you click one, you are taken to the third party's site, which may log the visit and use its own cookies, including an identifier that attributes the visit to it (affiliation) for commission purposes. This processing happens outside Afinados and is governed by the third party's privacy policy. We do not share your personal data with these third parties; it is your click that takes you to them.
Retention and deletion
Your setups persist while the cookie and the record exist. You can delete setups at any time inside the tool, and clearing your browser cookies removes the link to this device. De-identified error logs are retained for up to 90 days and then discarded.
Your rights
Under Brazil's LGPD (article 18), you may request at any time, through the contact below:
- confirmation that we process your data and access to it;
- correction of incomplete or outdated data;
- anonymization, blocking, or deletion of unnecessary data;
- information about who the data is shared with;
- deletion of the processed data.
The channel for privacy matters is [email protected]. You may also file a complaint with the Brazilian Data Protection Authority (ANPD).
Children and adolescents
Afinados is not directed at people under 18, and we do not knowingly collect personal data from children or adolescents.
Changes
We may update this policy. The "last updated" date at the top marks the current version.