Back to login

Privacy Policy

Last updated: 05/15/2026

1. Introduction

This Privacy Policy describes how Metaverso Educacional ("we", "our" or "Platform") collects, uses, stores and protects the personal data of Dashboard and Teaching Platform users. We are committed to protecting the personal data of all users, with special attention to children and adolescents, in compliance with the General Data Protection Law (LGPD — Law No. 13,709/2018) and the Child and Adolescent Statute (ECA — Law No. 8,069/1990).

2. Data Collected
2.1 Registration Data
ProfileData collected
StudentName, date of birth, e-mail (or guardian's, if minor), linked school/institution
TeacherName, e-mail, CPF, linked institution, professional data
InstitutionCompany name, CNPJ, address, legal representative data, institutional e-mail
Parent/GuardianName, e-mail, CPF, relationship with student
2.2 Usage Data
  • Student progress and performance in the virtual lab.
  • Activity and interaction history on the Platform.
  • Reports generated by teachers and institutions.
  • Access logs, including date, time and IP address.
2.3 Chat Data
  • Content of messages exchanged between teachers and students.
  • Conversation metadata (date, time, participants).
  • Results of message monitoring.
2.4 Technical Data
  • Device type and browser used.
  • Operating system.
  • Cookie data and similar technologies (see Section 10).
3. Purpose of Data Processing

We use personal data for the following purposes:

PurposeLegal basis (LGPD)
Account creation and managementContract execution (Art. 7, V)
Virtual lab operationContract execution (Art. 7, V)
Educational progress trackingContract execution (Art. 7, V)
Performance reports generationContract execution (Art. 7, V)
Parental controlGuardian consent (Art. 14, §1)
Chat monitoringMinor protection (Art. 14) and legitimate interest (Art. 7, IX)
Platform securityLegitimate interest (Art. 7, IX)
Platform communicationsContract execution (Art. 7, V)
Technical supportContract execution (Art. 7, V)
Service improvementLegitimate interest (Art. 7, IX)
4. Data of Minors

Processing of children's personal data (up to 12 years) will be carried out exclusively with the specific and prominent consent of at least one parent or legal guardian, pursuant to Art. 14 of the LGPD.

For adolescents (12 to 17 years), processing will be carried out with guardian consent or in their best interest.

We collect only data strictly necessary for providing the educational service.

Minor data will never be:

  • Shared with third parties for commercial purposes.
  • Used to create behavioral profiles for advertising purposes.
  • Transferred without guardian consent.

The parent or guardian may at any time:

  • Consult the minor's collected data.
  • Request correction of incorrect data.
  • Request data deletion.
  • Revoke consent.
5. Chat Monitoring

What is monitored: all messages exchanged between teachers and students are automatically analyzed. The parent or guardian, through the Parental account, can review the full content of the linked student's conversations at any time.

Purpose of monitoring:

  • Protection of minors against inappropriate content, harassment or abuse.
  • Detection of offensive or inappropriate language.
  • Ensuring the chat is used for educational purposes.

Retention: chat messages are stored for the period necessary to fulfill the described purposes and legal obligations. After that period, they are anonymized or deleted.

Transparency: users are informed about monitoring before using the chat for the first time.

6. Data Sharing
6.1 Within the Platform
FromToShared data
StudentTeacherProgress, performance, activities
StudentInstitutionProgress, performance, reports
StudentParent/GuardianProgress, performance (parental control)
TeacherInstitutionGenerated reports, management data
6.2 With Third Parties

We may share data with:

  • Service providers: hosting, infrastructure, payment processing — under confidentiality and data protection agreements.
  • Competent authorities: when required by law or court order.
  • In case of merger or acquisition: with prior notice to users.

We do not sell, rent or commercialize our users' personal data.

7. Storage and Security

Data is stored on secure servers with: encryption in transit (TLS/SSL) and at rest, role-based access control, regular backups, and continuous security monitoring.

Internal data access is restricted to authorized employees under confidentiality.

In case of a security incident that may cause risk or damage to data subjects, the National Data Protection Authority (ANPD) and affected users will be notified as required by law.

8. Data Retention
Data typeRetention period
Account dataWhile account is active + 6 months after closure
Progress and reportsWhile account is active + 1 year after closure
Chat messages1 year after sending, then anonymized or deleted
Access logs6 months (per Internet Civil Framework)
Minor dataDeleted upon guardian request or account closure
9. Data Subject Rights

Under the LGPD, you have the right to:

  • Confirmation and access: know if we process your data and access it.
  • Correction: correct incomplete, inaccurate or outdated data.
  • Anonymization, blocking or deletion: of unnecessary data or data processed in non-compliance.
  • Portability: transfer your data to another provider.
  • Deletion: request deletion of data processed based on consent.
  • Information: know with whom your data is shared.
  • Consent revocation: withdraw consent at any time.
  • Opposition: oppose processing in certain situations.

To exercise your rights, contact us at the email indicated in Section 14.

10. Cookies and Similar Technologies
TypePurposeRequired?
EssentialLogin, session, securityYes
FunctionalUser preferences, languageNo
AnalyticsUsage metrics, Platform improvementNo

Non-essential cookies are only activated with user consent.

Users can manage cookies in browser settings or through the Platform's preference panel.

Sign in with Google and Apple

We offer sign-in to the admin dashboard and to the Unity application (Educational Metaverse) through Google (Google Sign-In) and Apple (Sign In with Apple) accounts.

When you choose this method, we receive from the provider only the data strictly required to identify your account:

  • Google: public name, verified email address, and unique Google account identifier. We do not access your calendar, contacts, drive, or any other service.
  • Apple: name (when you choose to share it), email address (real or anonymous relay @privaterelay.appleid.com), and unique Apple account identifier.

This data is stored in the same database as your account and used only to validate subsequent sign-ins. No provider password is received or stored by us.

You can unlink at any time in Settings > Linked accounts. Revoking on the Google or Apple side also ends access starting from your next sign-in.

Error monitoring (Sentry)

We use the Sentry service (sentry.io, Functional Software Inc., USA) to detect and diagnose errors automatically — both in the dashboard and in the Unity application.

When an error occurs, Sentry automatically collects:

  • Error message and technical stack trace
  • Browser version, operating system, language, and screen resolution
  • URL where the error occurred and recent user actions (breadcrumbs) that help reproduce the problem
  • IP address (used by Sentry for approximate geographic detection and attack mitigation)
  • Identifier of the logged-in account, when available, so we can contact you if the error affects your experience

The data is used exclusively to investigate failures and improve product stability. It is not shared with third parties, does not feed marketing profiles, and is automatically deleted after 30 days.

We apply masking rules (PII scrubbing) so sensitive fields like passwords, tokens, and payment data are removed before being sent to Sentry.

Unity application (Educational Metaverse)

The 3D application (Unity), installed on computers or tablets, collects additional data required to operate the virtual lab:

  • Sign-in credentials (email or OAuth Google/Apple) — used only to authenticate the user on the server.
  • Device configuration: PC name, operating system, processor, amount of RAM, GPU model and vendor. This data is used to validate technical compatibility and diagnose crashes.
  • Connection IP address — collected by the authentication server. It is used only for rate limiting, session security, and legal compliance. It is not permanently stored after the session.
  • Classroom activity: lessons watched, robots built, challenge scores, and time spent, synced with the dashboard.

The Unity application does NOT record keyboard, mouse, microphone, camera, desktop, or other applications on the device.

11. International Data Transfer

If data is stored or processed on servers outside Brazil, we ensure that: the destination country has an adequate level of protection, or appropriate safeguards are adopted (standard contractual clauses, certifications).

Users will be informed about international transfers when applicable.

12. Data Protection Officer (DPO)

Metaverso Educacional has designated a Data Protection Officer responsible for: receiving and responding to data subject requests, interacting with the ANPD, and guiding the organization on data protection practices. DPO contact: operacional@bebyte.net

13. Changes to this Policy

This Policy may be updated periodically.

Significant changes will be communicated with a minimum of 30 days' notice through the Platform.

For minor data, changes that expand processing will require new guardian consent.

14. Contact

For questions, requests or exercise of rights, contact us at: operacional@bebyte.net

  • Support: accessible through the Platform Dashboard

If you do not receive a satisfactory response, you may contact the National Data Protection Authority (ANPD).

© 2026 Metaverso Educacional.