Quiosque25
Log in

Privacy Policy

Last updated: June 13, 2026

1. Introduction

Quiosque25 (“we”, “us”) operates a music promotion platform that connects music artists and labels (“Clients”) with short-form content creators (“Creators”). Clients order campaigns in which Creators publish Instagram Reels featuring the Client’s track; Creators can also earn revenue by using licensed tracks from our catalog.

This Privacy Policy describes how we collect, use, store and protect personal data, in compliance with the Brazilian General Data Protection Law (LGPD — Law No. 13,709/2018) and, where they apply, other data protection laws such as the GDPR. By using the platform, you acknowledge the practices described in this document.

2. Data we collect

What we collect depends on how you use the platform:

  • Clients (artists and labels): your name or artist name, email address, phone or WhatsApp number if you choose to leave one, links to your track and its public metadata (title, artist, artwork), your genre and market selections, and order details.
  • Creators: email address and password (encrypted), Instagram username and unique identifier (instagram_pk), the WhatsApp number used for verification, payout details (Pix key or bank details), view counts of your Reels and earnings history.
  • Technical data: IP address, browser and device information, and session data collected automatically during access.
  • Marketing data: UTM parameters and advertising click identifiers (such as fbclid, ttclid and gclid) that tell us which ad or link brought you to the site.

3. Legal basis for processing (LGPD, Art. 7)

We process personal data on the following legal grounds:

  • Consent (Art. 7, I): by creating an account or submitting your contact details, you consent to the collection and processing described in this document. You may revoke your consent at any time.
  • Contract performance (Art. 7, V): processing necessary to provide the contracted service — running campaigns, tracking Reels, calculating earnings and processing payments.
  • Legitimate interest (Art. 7, IX): fraud detection, platform security, measuring advertising effectiveness and improving our services, always respecting your rights and expectations.

4. How we use your data

We use personal data for the following purposes:

  • Platform operation: authentication, Instagram verification, Reel tracking and verification, campaign delivery and reporting, and earnings calculation.
  • Payments: campaign payments are processed by Paddle, our merchant of record; Creator payouts are processed via Pix in Brazil or bank transfer elsewhere.
  • Communication: transactional emails (estimates, order confirmations, payout notifications), reminders about an estimate you requested, and WhatsApp verification messages. You can opt out of non-essential emails at any time.
  • Fraud detection: monitoring for artificial views, duplicate accounts and bot activity to protect the integrity of the platform.
  • Analytics and advertising measurement: understanding how visitors find and use the site, and reporting conversion events to the advertising platforms listed below.

5. Data sharing

We do not sell your personal data. We share data only with service providers that help us run the platform:

  • Infrastructure: Supabase (database, authentication, storage) and Vercel (hosting). Data is encrypted in transit and at rest.
  • Payments: Paddle, our merchant of record for campaign payments — Paddle processes your card details under its own privacy policy, and we never see full card numbers; banks and Pix networks for payouts, receiving only the data necessary to execute a transfer.
  • Communications: Resend (email delivery) and Twilio (WhatsApp verification messages).
  • Analytics: Google Analytics, Microsoft Clarity and Umami — usage statistics and anonymized session replays with typed input masked.
  • Advertising platforms: Meta (Facebook/Instagram) and TikTok — we use their pixels and server-side events to measure ad performance. Where identifiers such as an email address are sent for matching, they are hashed first.
  • Instagram public data: our scanning system reads only public Instagram data (public Reels and their view counts), including via third-party API providers. We never access private messages or non-public account data.

We may also disclose data where required by law or by a court order.

6. Storage and security

  • Data is stored on Supabase cloud infrastructure, encrypted in transit (TLS/SSL) and at rest.
  • Passwords are stored using cryptographic hashing, never in plain text.
  • Payout details are handled with additional security measures and restricted access.
  • Retention: account data is kept while your account is active and removed within 30 days after deletion, except where retention is required by law (for example, tax records for up to 5 years). Lead data (estimate requests) is kept until you ask us to delete it.

7. Your rights (LGPD, Art. 18)

As a data subject, you have the following rights:

  • Confirmation and access: to know if we process your data and obtain a copy of it.
  • Correction: to request correction of incomplete, inaccurate, or outdated data.
  • Anonymization, blocking, or deletion: to request anonymization or deletion of unnecessary data or data processed in non-compliance with the LGPD.
  • Portability: to request the transfer of your data to another service provider, in a structured and interoperable format.
  • Deletion of consent-based data: to request deletion of data processed based on your consent.
  • Sharing information: to know which public or private entities your data was shared with.
  • Consent revocation: to revoke your consent at any time, without affecting the legality of processing performed previously.

8. How to exercise your rights

You can exercise your rights in two ways:

  • By email: send your request to support@quiosque25.com, identifying yourself and describing the right you wish to exercise.
  • Through the platform: registered Creators can use the “Delete my account” option in profile settings to request complete deletion of their data.

We respond to requests within 15 business days, as provided by the LGPD.

9. Cookies and similar technologies

We use the following cookies and similar technologies:

  • Essential: authentication, security and language preference. The platform cannot work without them.
  • Analytics: Google Analytics, Microsoft Clarity and Umami help us understand how the site is used. Data is aggregated; session recordings mask typed input.
  • Advertising: Meta and TikTok pixels, plus first-party cookies that store click identifiers (fbclid, ttclid, gclid) and UTM parameters for up to 90 days, so we can attribute orders to the right ad.

You can manage cookies in your browser settings and use the opt-out tools offered by Google, Meta and TikTok. Disabling essential cookies may prevent the platform from working correctly.

10. Changes to this policy

We may update this Privacy Policy periodically to reflect changes in our practices or applicable legislation. In case of significant changes, you will be notified by email. The date of the last update will always be indicated at the beginning of this document. Continued use of the platform after the publication of changes constitutes acceptance of the updated version.

11. Data Protection Officer (DPO) contact

For questions related to the processing of personal data, contact our Data Protection Officer:

Email: support@quiosque25.com

If you believe that the processing of your personal data violates the LGPD, you have the right to file a complaint with the National Data Protection Authority (ANPD).