Privacy Policy
Last updated: May 31, 2026
This Privacy Policy describes how Pistonix ("we", "our") collects, uses and protects the personal data of visitors to pistonix.com.br. It is aligned with Brazil's General Data Protection Law (LGPD, Law 13.709/2018).
1. Who we are
Pistonix is a brand under active development, headquartered in Passo Fundo, RS — Brazil. The official communication channel is contato@pistonix.com.br.
2. Data we collect
We collect only what is strictly required to operate the site and the waitlist:
- Waitlist: email (required), name and bike model (optional), provided voluntarily through the form at /en/contact.
- Automatic technical data: a cryptographic hash of the source IP (SHA-256 + salt) and request timestamp, used only to limit form abuse. The raw IP is never stored.
- Usage metrics: aggregated, anonymous data collected
via two cookie-free tools with no persistent fingerprinting:
Cloudflare Web Analytics and Umami
(self-hosted analytics on our own server in Brazil,
analytics.servicespomatti.com). Neither stores your IP address nor builds an individual profile.
3. How we use it
- Send product updates, roadmap and basemap announcements by email.
- Prioritize waitlist subscribers on the first batch of Pistonix Forge.
- Limit form abuse (per-IP-hash rate limiting, dedupe by email).
- Understand site usage patterns to improve content and UX.
We do not use your data for: targeted advertising, sale to third parties, building commercial profiles or sharing with marketing partners.
4. Legal basis
Waitlist data is processed based on the data subject's consent (LGPD Art. 7º, I), expressed when submitting the form. Technical data and aggregated metrics are processed based on legitimate interest (LGPD Art. 7º, IX) for security and service improvement.
5. With whom we share
We run our own stack. Data is stored on:
- A self-hosted Postgres database in Brazil (vps-pomatti), operated by Pistonix.
- Cloudflare as CDN and reverse proxy. Cloudflare may retain access logs per their own policy.
- Mailu (self-hosted mail server) to deliver signup notifications.
- Umami (self-hosted analytics on our own server in Brazil) for aggregated, anonymous usage metrics, with no cookies.
We do not share your email with any marketing third party, external CRM or ad platform.
6. Retention
Waitlist data is kept while you wish to receive our communications. You can request deletion at any time by email. IP hashes used for rate limiting are discarded after 1 hour.
7. Your rights
Under the LGPD you have the right, at any time, to:
- Confirm whether we are processing your data.
- Access the data we hold about you.
- Correct incomplete, inaccurate or outdated data.
- Request anonymization, blocking or deletion.
- Withdraw consent and request removal from the list.
- Request portability of your data in a structured format.
To exercise any of these rights, email contato@pistonix.com.br with the subject "LGPD — [requested right]". We respond within 15 days.
8. Security
We apply reasonable technical and organizational measures: TLS on all requests, environment-scoped credentials, cryptographic hashing for sensitive data (IP), periodic database backups. No system is 100% secure — in case of an incident affecting your data, we will notify you by email within a reasonable timeframe.
9. Cookies
The site does not use tracking cookies. Cloudflare Web Analytics and
Umami do not use cookies. Cookies that may be set by Cloudflare for
attack mitigation (e.g. __cf_bm) are essential and do not
track browsing behavior.
10. Changes to this policy
We may update this policy as the product evolves. The "Last updated" date at the top of this page always reflects the current version. Material changes will be communicated to waitlist subscribers by email at least 15 days in advance.
11. Data Protection Officer contact
Given the early stage of the project, the single point of contact for privacy matters is the founder. Email: contato@pistonix.com.br.