Steven Thompson Logo
StevenThompson.ai
Steven Thompson Logo
StevenThompson.ai
Privacy & Data Governance

Transparent privacy aligned to GDPR, LGPD & US standards

We believe in clear, honest privacy practices. This policy explains exactly what data we collect, why we need it, and how you can control it. Compliant with GDPR (EU), LGPD (Brazil), and US privacy standards.

GDPR Compliant
LGPD Aligned
Transparent
Data Collection

What information we collect and why

Page Views & Analytics

What We Collect

Google Analytics 4 tracks page visits, session duration, and user interactions

Legal Basis

Legitimate interest (GDPR Art. 6.1.f) / Analytics consent (LGPD Art. 7.IX)

Retention Period

26 months (GA4 default)

Language Preference

What We Collect

Cookie to remember your language choice (EN/PT)

Legal Basis

Necessary for service functionality (GDPR Art. 6.1.b)

Retention Period

1 year or until cleared

Contact Form Data

What We Collect

Name, email, company, and message when you contact us

Legal Basis

Consent (GDPR Art. 6.1.a) / Legitimate interest for business contact

Retention Period

3 years for business records

Your Rights

How to control your personal data

Access (GDPR Art. 15 / LGPD Art. 18.II)

Request a copy of your personal data we hold

Rectification (GDPR Art. 16 / LGPD Art. 18.III)

Correct inaccurate or incomplete data

Erasure (GDPR Art. 17 / LGPD Art. 18.VI)

Request deletion of your personal data

Portability (GDPR Art. 20 / LGPD Art. 18.V)

Receive your data in a structured, machine-readable format

Objection (GDPR Art. 21 / LGPD Art. 18.IV)

Object to processing based on legitimate interests

Restriction (GDPR Art. 18 / LGPD Art. 18.I)

Limit how we process your data in certain circumstances

To exercise any of these rights, contact us at Steven@StevenThompson.ai

We will respond within 30 days (GDPR) or 15 days (LGPD) of receiving your request.

Technical Implementation

How we protect and process your data

Security Measures
  • • HTTPS encryption for all data transmission
  • • Secure hosting on Vercel with SOC 2 compliance
  • • Regular security updates and monitoring
  • • Access controls and audit logging
  • • Data minimization principles applied
International Transfers
  • • Google Analytics: Standard Contractual Clauses (SCCs)
  • • Vercel hosting: US with adequate safeguards
  • • Email services: Brazil-based when possible
  • • No data sales to third parties
  • • Processor agreements in place
Children's Privacy

Our services are not directed to individuals under 16 (GDPR) or 13 (LGPD/US). We do not knowingly collect personal information from children.

If you believe we have collected information from a child, please contact us immediately for removal.

Special Categories

We do not collect sensitive personal data such as health information, political opinions, or biometric data through this website.

Business discussions may reference healthcare topics, but no personal health data is processed.

Contact & Data Protection

Data Controller: Steven Thompson
Address: Alameda Rio Claro, 241 - Bela Vista, São Paulo - SP, 01332-010, Brazil
LGPD Representative: Steven Thompson (same contact)

Policy Updates

We may update this privacy policy to reflect changes in our practices or legal requirements. Material changes will be communicated via email or website notice.

Last Updated: September 2025
Version: 1.0