Privacy Policy
FilipeMG (filipemg.com) is a personal brand operated by BOLO DE COCO LTD. The Privacy Policy below is the same one that applies to bolodecoco.com and is mirrored here automatically — any update on bolodecoco.com propagates to this page.
Controller
BOLO DE COCO LTD
Registration Number (HE): HE 490597
Organisation Number: 675481
VAT Number: 60344777O
Registered office: Dimotikis Agoras, 20, 6021 Larnaca, Cyprus
Contact for privacy matters:
Email: contact@bolodecoco.com
Book a call: bolodecoco.com/book
What data we collect
Depending on how you interact with the website, we may collect:
- Identification and contact data, such as your name, company name, email address, phone number, and any information you include in a contact form or email.
- Booking data, such as your selected meeting time, time zone, and any details you provide when scheduling a call.
- Communication data, such as the content of messages you send to us.
- Technical data, such as IP address, browser type, device information, and server log data.
- Cookie and consent data, where applicable.
How we collect your data
We collect personal data when you:
- browse our website;
- contact us through a form, email, or other channel;
- schedule a meeting;
- interact with embedded or linked third-party tools, where applicable.
Purposes and legal bases
We process personal data for the following purposes:
a. Responding to enquiries and pre-contract communication
We use your data to review and respond to your enquiry, assess your request, and communicate with you before any engagement.
Legal basis: Article 6(1)(b) GDPR — steps prior to entering into a contract; Article 6(1)(f) GDPR — legitimate interests in managing business enquiries.
b. Scheduling and managing calls
We use your data to organise discovery calls, consultations, or other meetings.
Legal basis: Article 6(1)(b) GDPR; Article 6(1)(f) GDPR.
c. Operating, securing, and improving the website
We process technical and log data to maintain security, functionality, and reliability.
Legal basis: Article 6(1)(f) GDPR — legitimate interests in website security and operation.
d. Cookies and similar technologies
Where non-essential cookies, analytics, or embedded third-party tools are used, we process related data only on the basis of consent.
Legal basis: Article 6(1)(a) GDPR — consent.
Recipients and processors
We may share personal data with service providers that help us operate the website and our communications:
- Zeeg (scheduling) — EU-based, GDPR-compliant scheduling tool. Hosted in the European Union. Processes booking data (name, email, selected time, notes) on our behalf to organise calls.
- Resend (transactional email) — US-based email delivery provider. Processes the content of messages you send us so that they can be delivered to our inbox.
- Supabase / Lovable Cloud (database & hosting infrastructure) — used to store form submissions and serve the website.
- Legal, accounting, or regulatory advisers where strictly necessary.
We do not sell personal data, and we share it only to the extent necessary for the purposes described above.
International transfers
Some of our processors are located outside the European Economic Area (EEA):
- Resend, Inc. is established in the United States. Transfers rely on the EU–U.S. Data Privacy Framework and, where applicable, on the European Commission's Standard Contractual Clauses (SCCs) together with supplementary safeguards.
- Zeeg data remains hosted within the EU; no international transfer is required for scheduling.
- Supabase / Lovable Cloud hosting infrastructure is provisioned in EU regions where available. Where any sub-processor lies outside the EEA, transfers rely on the European Commission's Standard Contractual Clauses (SCCs) with supplementary safeguards.
You can request more information on the safeguards in place by contacting us at contact@bolodecoco.com.
Retention
We keep personal data only for as long as necessary for the purposes described above:
- contact and enquiry data: up to 24 months after the last meaningful contact;
- booking and meeting coordination data: up to 24 months after the meeting;
- server logs: usually 30 to 90 days, unless longer retention is required for security or legal reasons;
- cookie consent records: stored in your browser for up to 12 months, after which you will be prompted again.
Your rights
Under the GDPR, you may have the right to:
- access your personal data;
- rectify inaccurate data;
- erase your data;
- restrict processing;
- object to processing;
- data portability;
- withdraw consent at any time, where processing is based on consent.
To exercise your rights, contact us at contact@bolodecoco.com or via our booking page. You can withdraw cookie consent at any time using the Cookie Settings link in the website footer.
Complaints
If you believe your personal data has been processed unlawfully, you have the right to lodge a complaint with the supervisory authority in Cyprus.
Office of the Commissioner for Personal Data Protection
P.O. Box 23378
1682 Lefkosia / Nicosia, Cyprus
Email: commissioner@dataprotection.gov.cy
Cookies and third-party tools
This website may use cookies or similar technologies.
- Strictly necessary cookies may be used without consent where they are required for the operation of the website.
- Non-essential cookies or trackers, including analytics, marketing technologies, or embedded third-party services that set such cookies, will only be loaded after the required consent has been obtained.
Zeeg (scheduling)
We use Zeeg, an EU-based scheduling tool, to coordinate meetings. Zeeg is hosted in the European Union and is designed for GDPR compliance, which means booking data stays within the EEA. When you book a meeting, the data you provide (name, email, selected time, notes) is processed by Zeeg on our behalf for the sole purpose of organising the call.
Because Zeeg is a third-party embedded service, we do not load it automatically. On the booking page you will see a clear notice and a "Load scheduler" button. The Zeeg widget — and any cookies it requires to function — only loads after you click it (or if you have previously enabled marketing cookies through our cookie banner).
Resend (email delivery)
When you contact us through a website form, your message and contact details are transmitted via Resend, our transactional email provider, so they can be delivered to our inbox. Resend is established in the United States; transfers rely on the EU–U.S. Data Privacy Framework and SCCs where applicable (see Section 6).
What we actually store on your device
This website does not set tracking cookies. We use a single entry in your browser's localStorage named bdc_cookie_consent_v1 to remember your cookie preferences for up to 12 months. No analytics or marketing trackers are loaded unless you opt in through the cookie banner.
Children's data
Our website and services are not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.
Automated decision-making
We do not carry out automated decision-making or profiling that produces legal effects or similarly significantly affects you, within the meaning of Article 22 GDPR.
Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect legal, technical, or operational changes. The updated version will be published on this page with a revised date.
Additional processing on filipemg.com
Section added: 8 July 2026. This section supplements the mirrored policy above and covers processing specific to filipemg.com. In case of conflict, this section prevails for filipemg.com only. The controller remains BOLO DE COCO LTD.
1. Contact for privacy matters on this site
For requests specific to filipemg.com you may use filipe@bolodecoco.com. This inbox reaches the same controller as contact@bolodecoco.com and either address is valid for exercising your GDPR rights.
2. "The Read" — AI job-description analysis
/we-match is a free tool that analyses a job description you paste in and returns a fit score and breakdown. To provide it, we process:
- Job-description text you submit. Sent to Anthropic PBC (see §4) to generate the analysis. Not used to train third-party models — Anthropic's API terms exclude API inputs and outputs from model training by default.
- Optional contact details — your name, email, and (optionally) your company and role — collected only if you choose to unlock the full breakdown. Stored in our read_leads record together with the resulting overall score and a reference to your analysis session.
- The generated analysis itself, stored in our read_sessions record so it can be re-opened via the share link we email you.
Legal basis: Article 6(1)(a) GDPR — consent (you tick a consent checkbox and pass a bot-protection challenge before any analysis is run, and again before any contact detail is stored). Article 6(1)(b) GDPR — steps prior to a possible engagement, where you indicate interest in a call.
Share-link visibility. The results page at /we-match/view/{session_id} is reachable by anyone holding the unguessable session URL — the same model as an unlisted link. We do not index or advertise these URLs. You can request deletion of a specific session at any time (see §7).
3. Bot protection, rate limiting, and security logs
- Cloudflare Turnstile is loaded on /we-match to distinguish humans from automated abuse before an analysis is run. Turnstile processes your IP address and passive device/behavioural signals, and may set short-lived challenge cookies (e.g.
cf_chl_*,__cf_bm). These are strictly necessary for the anti-abuse function of the tool and are not used for tracking or advertising. - IP-hash rate limiting. We keep a salted hash of your IP address (never the raw IP) together with a request counter for a short rolling window, to cap how many analyses a single origin can trigger per hour.
- Standard server logs generated by our hosting provider are retained for up to 90 days for security and reliability.
Legal basis: Article 6(1)(f) GDPR — legitimate interests in preventing abuse and keeping the service available.
4. Additional processors specific to this site
In addition to the processors listed in the mirrored policy above, filipemg.com uses:
- Anthropic PBC (United States) — provides the Claude API used by The Read to generate the analysis of the job description you submit. Anthropic acts as our processor for this purpose. Transfers rely on the European Commission's Standard Contractual Clauses with supplementary safeguards.
- Cloudflare, Inc. (United States, with global edge presence) — provides the Turnstile bot-protection widget described in §3. Transfers rely on the EU–U.S. Data Privacy Framework and the Standard Contractual Clauses where applicable.
5. Generated PDFs and delivery emails
When you unlock a full read, we generate a branded PDF of the analysis, store it in a private storage bucket, and email you a link together with a copy of the headline result. A short internal notification is also sent to the site owner (filipe@bolodecoco.com) so that a human can follow up if you request a call. Email delivery uses Resend (see mirrored policy §6).
6. Retention specific to filipemg.com
- read_leads (name, email, optional company/role, overall score, session reference): up to 24 months after your last meaningful interaction, or until you request earlier deletion.
- read_sessions (the analysis payload behind your share link): up to 24 months, then deleted along with the associated PDF. Requesting deletion of your lead also invalidates the share link.
- read_rate_limits (salted IP hash + counter): less than 24 hours — rolling windows are discarded after they expire.
- Generated PDFs in the private read-pdfs bucket: same lifetime as the underlying session.
7. Exercising your rights on filipemg.com
To access, rectify, export, or delete data related to a Read you ran on this site, email filipe@bolodecoco.com and, if possible, include the share link or the email address you used, so we can locate the record. We will action verified requests within one month, as required by Article 12(3) GDPR.
8. Cookies actually set by filipemg.com
filipemg.com does not currently load analytics or marketing cookies, and there is no site-wide cookie banner because no non-essential cookies are set from our own origin. The only cookies you may encounter are the short-lived, strictly-necessary Cloudflare Turnstile challenge cookies described in §3, set only when you use The Read. If we later introduce analytics or other non-essential cookies, we will add a consent banner and update this section before enabling them.
9. Automated processing — clarification
The Read produces an automated, AI-generated evaluation of a job description you choose to submit. It does not profile you as a person, does not make decisions about you, and does not produce legal or similarly significant effects on you within the meaning of Article 22 GDPR. Any follow-up (such as a call) is arranged by a human.