Compliance is not a feature. It's the foundation.
LGPD and ECA are the floor, not the ceiling. Everything in Passe.ID flows from one principle: no minor is exposed without explicit consent.
LGPD by default
Minimal data processing. Auditable consent. Real right to erasure.
Data minimization
We collect only what is strictly needed for the scouting use case. No sensitive data beyond the legal minimum.
Consent receipts
Every consent — athlete, guardian, academy — generates a traceable receipt with timestamp, IP and scope.
Right to erasure
Any data subject can request deletion. Messages and contact records remain in legal archive per the minimum retention required by law.
Audit trail
Every gate decision, visibility change and staff invite generates an immutable log.
Explicit retention
Retention policies per data type, documented and visible to the subject. Nothing stays forever by accident.
ECA by default
Brazilian Statute of the Child and Adolescent, Articles 17, 18 and 240. Protecting minor dignity is the law — and our foundation.
Art. 17 — Right to respect
Inviolability of the physical, psychological and moral integrity of the child. No exposure happens without guardian consent.
Art. 18 — Duty of all
Protecting minor dignity is everyone's duty. Passe.ID turns that into mandatory gates, not optional ones.
Art. 240 — Exposure prohibited
Forbids producing and circulating material that unduly exposes children and adolescents. The gate system blocks unauthorized contact by design.
The sequential gate
Four stages. Fixed order. No shortcut possible.
OLHEIRO
SOLICITA CONTATO
ACADEMIA
VALIDA VÍNCULO
RESPONSÁVEL
CONCEDE ACESSO
CONVERSA
CANAL ABERTO
Conversation lifecycle
Negotiation
Initial room between scout and academy, created after the gates pass. The academy controls who joins. It can add athlete and guardian when it makes sense.
Open
Direct conversation — independent athlete path or B2B channel. No gates because there is no minor affiliated at risk.
Frozen
Athlete left the academy mid-conversation. The room becomes a read-only archive in both inboxes. The reason is data preservation for audit and right of access, not destruction.
Closed
Either party explicitly closed the conversation. Permanent archive, no new messages.
One academy, one CNPJ
The moat depends on coverage, not on revenue per academy. Verification checks for unique CNPJ. Splitting into multiple entities to dodge limits is blocked at manual review.
Who can do what
Derived from the v3 permissions model. The Admin role is internal and never shown on this site.
| Capability | Athlete | Scout | Academy | Agent | Guardian |
|---|---|---|---|---|---|
| Edit own profile | ✅ | ✅ | ✅ (own academy) | ✅ (own) | ✅ (own) |
| Edit athlete profile | ✅ (own) | — | ✅ (assigned, until claim; then with grant) | ✅ (represented, with grant) | ✅ (manager grant or ECA baseline) |
| Create athlete profile | ✅ (self) | — | ✅ (unclaimed → invite) | — | — |
| Toggle athlete visibility | — | — | ✅ | — | — |
| Approve/deny contact request | — | — | ✅ (academy gate) | — | ✅ (guardian gate) |
| Send contact request | — | ✅ | — | — | — |
| Post matches | — | — | ✅ | ✅ (represented athletes) | — |
| Post openings | — | ✅ | ✅ | ✅ (scoped) | — |
| Manage academy staff | — | — | ✅ (admin) | — | — |
Download the Compliance Whitepaper
Full document on our LGPD + ECA posture, gate model and permission matrix. Designed for legal teams.