Legal

Terms of Use

Effective Date: 27th April of 2026
Domain: https://workolatte.com
Responsible Parties: Rodrigo Luz Baracho Santos and Diogo Carneiro Dourado

1. Acceptance of Terms

By accessing or using Workolatte ("Platform", "we", "our"), available at workolatte.com, you ("User") agree to these Terms of Use and our Privacy Policy. If you do not agree with any part of these terms, please do not use the Platform.

These Terms apply to all users worldwide, regardless of country of residence. Users in the European Economic Area (EEA) are additionally protected by the General Data Protection Regulation (GDPR — EU 2016/679). Users in Brazil are additionally protected by the Lei Geral de Proteção de Dados (LGPD — Law No. 13,709/2018).

2. Description of the Service

Workolatte is a web platform that compiles and organizes information about spaces suitable for remote work — such as coffeeshops, coworking spaces, libraries, and other public venues — across cities around the world. The service is provided free of charge in its current version.

The Platform is designed for use by digital nomads, remote workers, and travelers seeking suitable environments to work productively while away from a fixed office or home office.

3. Account Registration

3.1. Registration on the Platform requires only a valid email address, used for authentication via a passwordless magic link.

3.2. The Plataform chooses a random display name (username), which is visible to other users within the Platform. There is no mandatory link between the username and the User's real identity.

3.3. The User is responsible for maintaining the security of access to their email account and for all activity performed under their Workolatte account.

3.4. It is prohibited to create accounts for the purpose of fraud, spreading misinformation, harassment, or harming other users.

3.5. Users must be at least 13 years old (or 16 years old if residing in the European Union) to register. By creating an account, you confirm that you meet this age requirement.

4. User-Generated Content

4.1. Users may publish reviews and photos of spaces registered on the Platform.

4.2. By submitting content, the User declares that:
- They hold the necessary rights over the submitted material (especially photos);
- The content is truthful, based on personal experience, and does not violate any third-party rights;
- The content is not offensive, discriminatory, defamatory, or unlawful.

4.3. The User grants Workolatte a non-exclusive, royalty-free, worldwide, and sublicensable license to display, reproduce, and distribute the submitted content within the scope of the Platform.

4.4. Workolatte reserves the right to remove, without prior notice, any content that violates these Terms or is deemed inappropriate at the discretion of the responsible parties.

4.5. Users may request deletion of their own published content at any time by contacting the Platform via the email address listed in the Contact section.

5. Location Data

5.1. The Platform may request access to the User's device geolocation solely to display spaces near the User's current position at the time of interaction.

5.2. The location data is not stored on Workolatte's servers. It is processed locally on the User's device and used only at that moment for geographic filtering purposes.

5.3. The User may deny the location request. In that case, the "nearby spaces" feature will be unavailable, but all other features remain fully accessible.

6. Intellectual Property

6.1. All original elements of the Platform — including the brand, logo, design, source code, and institutional texts — are the exclusive property of Workolatte's responsible parties and are protected by applicable intellectual property laws.

6.2. Reproduction, modification, distribution, or commercial use of any Platform element without prior written authorization is strictly prohibited.

7. Disclaimer of Warranties

7.1. Information about spaces is provided by users and may not accurately reflect the current state of each location. Workolatte does not guarantee the accuracy, timeliness, or availability of the information displayed.

7.2. The Platform is provided "as is", without express or implied warranties of uninterrupted availability or freedom from errors.

7.3. Workolatte is not liable for damages arising from the use or inability to use the Platform, nor for any direct relationship between Users and the listed spaces.

7.4. To the extent permitted by applicable law, Workolatte's total liability to any User for any claim shall not exceed the amount paid by that User to Workolatte in the twelve (12) months preceding the claim (which, given the free nature of the current service, is zero).

8. Modifications to the Terms

These Terms may be amended at any time. Material changes will be communicated to Users via email or through a notice on the Platform at least 14 days before taking effect. Continued use of the Platform after the notification constitutes acceptance of the updated terms.

9. Account Termination

The User may request account deletion at any time by contacting us at the email address provided in the Contact section. Personal data will be handled in accordance with the Privacy Policy.

Workolatte reserves the right to suspend or terminate accounts that violate these Terms, with or without prior notice depending on the severity of the violation.

10. Governing Law and Dispute Resolution

These Terms are governed by the laws of Brazil (LGPD — Law No. 13,709/2018 and Marco Civil da Internet — Law No. 12,965/2014).

For Users in the European Economic Area, EU consumer protection laws and GDPR also apply and take precedence where applicable.

For Users in other jurisdictions, mandatory local consumer protection laws applicable in the User's country of residence are not excluded by these Terms.

Disputes will first be addressed through good-faith negotiation. If unresolved, the parties agree to submit to the courts of the responsible parties' jurisdiction, without prejudice to Users' rights under mandatory local law.

> Note on EU Infrastructure: As data is processed on infrastructure located in Germany (European Union), the GDPR (EU 2016/679) applies to Users residing in the European Economic Area. GDPR obligations are reflected in the Privacy Policy below.

Privacy Policy

Privacy Policy — workolatte

Effective Date: 3rd June of 2026
Domain: https://workolatte.com
Responsible Parties: Rodrigo Luz Baracho Santos and Diogo Carneiro Dourado

1. Who We Are (Data Controllers)

| Field | Information |
|---|---|
| Responsible Parties (Co-Controllers) | Rodrigo Luz Baracho Santos and Diogo Carneiro Dourado |
| Platform | workolatte — workolatte.com |
| Privacy Contact Email | [[email protected]] |

For Users in the European Union, the responsible parties act as Joint Controllers pursuant to Art. 26 GDPR.

2. Personal Data Collected

| Data | Purpose | Legal Basis (LGPD) | Legal Basis (GDPR) |
|---|---|---|---|
| Email address | Authentication (magic link login), transactional communications | Art. 7(V) — contract performance | Art. 6(1)(b) — contract performance |
| Username (display name) | Public identification within the Platform | Art. 7(V) | Art. 6(1)(b) |
| Published reviews | Display of space evaluations | Art. 7(V) | Art. 6(1)(b) |
| Uploaded photos | Illustration of reviewed spaces | Art. 7(V) | Art. 6(1)(b) |
| Anonymous Usage Data | Data    Basic platform monitoring, page views, and aggregated trends (processed without cookies or individual identification) | Art. 7(IX) — legitimate interest | Art. 6(1)(f) — legitimate interest |
| Identified Session Analytics | Detailed user journey analysis and feature usage linked to a specific session/account | Art. 7(I) — consent | Art. 6(1)(a) — consent |

> Data NOT collected: Device geolocation is not stored on any server. It is processed exclusively within the User's browser at the moment of interaction and discarded immediately thereafter.

3. How We Collect Data

- Directly from the User: registration with email, username selection, publication of reviews, and photo uploads.
- Automatically (Anonymous): Basic usage data and aggregated telemetry collected in a privacy-first, cookieless mode without identifying individual users.
- Automatically (With Consent): Identified session data and behavioral analytics on the Platform, collected only if the User explicitly opts in via our consent banner.

4. Subprocessors and International Transfers

We use the following third-party services that may process personal data:

| Service | Function | Server Location | Safeguards |
|---|---|---|---|
| Supabase | Database (storage of emails, usernames, reviews, photos, and space data) | European Union (AWS Frankfurt, Germany) | EU Standard Contractual Clauses (SCCs); DPA available |
| Render | Web application hosting | Europe (Frankfurt) | US-based processor — transfer covered by SCCs |
| Resend | Transactional email delivery (magic link) | USA (with EU routing option) | SCCs; email data processed solely for message delivery |
| PostHog | Product analytics (operating in either anonymous/cookieless mode or identified tracking based on user consent) | European Union (Frankfurt, Germany) | EU-hosted infrastructure; compliance via GDPR mechanisms |
| Cloudflare | Content Delivery Network (CDN), Web Application Firewall (WAF), and security (bot management) | Global (Edge network) | US-based processor — transfer covered by SCCs |

> Note on international transfers: Resend and Render have entities in the USA. Data transfers to these countries are carried out on the basis of Standard Contractual Clauses approved by the European Commission, in accordance with Art. 46 GDPR and Art. 33 LGPD.

5. Data Retention Periods

| Data | Retention Period |
|---|---|
| Email and username | While the account is active; deleted within 30 days of a deletion request |
| Published reviews and photos | Until removed by the User or the Platform |
| Analytics data | Aggregated and anonymized — no individual deletion timeline |
| Transactional email logs (Resend) | Per Resend's policy (typically 30 days) |

6. Cookies

6.1 Strictly Necessary Cookies
These are essential for the operation of Workolatte. They include authentication tokens (such as your secure session) and security challenge tokens. The Platform cannot function properly without these, and they do not require prior consent.

6.2 Analytics and Performance Cookies
We use PostHog to understand how Users interact with the Platform. By default, PostHog operates in a strictly anonymous, cookieless mode to monitor general platform stability and aggregate trends without tracking individual devices.

If you grant permission through our consent banner, we activate identified tracking. This places a cookie on your device and links your session to a unique identifier, allowing us to understand your specific journey and feature usage across the Platform. You may revoke this consent at any time by updating your preferences in the Platform settings.

7. Users' Rights

All Users have the following rights over their personal data, exercisable at any time by contacting us at the privacy email address:

Under the LGPD (Law No. 13,709/2018) — applicable to Brazilian Users:
- Confirmation of the existence of data processing
- Access to data
- Correction of incomplete, inaccurate, or outdated data
- Anonymization, blocking, or deletion of unnecessary data
- Data portability
- Deletion of data processed on the basis of consent
- Information about third-party sharing
- Revocation of consent

Under the GDPR — applicable to Users in the EU/EEA:
- Right of access (Art. 15)
- Right to rectification (Art. 16)
- Right to erasure / "Right to be Forgotten" (Art. 17)
- Right to restriction of processing (Art. 18)
- Right to data portability (Art. 20)
- Right to object to processing based on legitimate interest (Art. 21)
- Right to lodge a complaint with the competent Data Protection Authority (in Brazil: ANPD; in the EU: the authority in the User's country of residence)

For all other Users (global):
We are committed to honoring equivalent privacy rights for all Users worldwide, regardless of jurisdiction, to the extent technically feasible and consistent with applicable law.

To exercise any of these rights, contact us at: [email protected]. We will respond within 15 business days (LGPD) or 30 calendar days (GDPR).

8. Data Security

We implement technical and organizational measures to protect personal data against unauthorized access, loss, or destruction, including:
- Encrypted communication via HTTPS/TLS on all connections
- Passwordless authentication (magic link) — eliminates risks associated with weak or reused passwords
- Restricted database access controls (Supabase RLS — Row Level Security)
- Photo storage in a controlled-access bucket

While we take these measures seriously, no system is entirely immune to security incidents. In the event of a personal data breach likely to result in a risk to Users' rights and freedoms, we will notify affected Users and relevant authorities as required by applicable law.

9. Minors

The Platform is not directed to individuals under the age of 13 (Brazil) or 16 (European Union). We do not knowingly collect data from minors. If we become aware that a minor has provided personal data without appropriate authorization, the data will be deleted promptly.

Parents or guardians who believe their child has provided data to workolatte may contact us at the privacy email to request deletion.

10. Changes to this Policy

This Policy may be updated periodically. The effective date at the top of the document will indicate the most recent version. Material changes will be communicated via email to registered Users.

11. Contact and Complaints

For questions, rights requests, or complaints related to the processing of personal data:

Email: [email protected]
Responsible Parties:** Rodrigo Luz Baracho Santos and Diogo Carneiro Dourado

Users in the European Union also have the right to lodge a complaint with the Data Protection Authority in their country of residence. A list of national authorities is available at: https://edpb.europa.eu/about-edpb/about-edpb/members_en