LGPD/GDPR Compliance

Processing scope

We process personal data from website visitors, clients, leads, partners, and users of contracted solutions.

Categories of personal data

• Registration and contact data (name, email, phone, company).
• Technical and browsing data (IP address, browser, visited pages, cookies).
• Commercial and contractual data (support history, billing, and relationship data).

Applicable legal bases

• Performance of a contract and pre-contractual steps.
• Compliance with legal or regulatory obligations.
• Legitimate interests, with balancing tests when applicable.
• Consent, where legally required.
• Exercise of rights in administrative, arbitration, or judicial proceedings.

Processing purposes

• Provision of contracted services and technical support.
• Information security, fraud prevention, and business continuity.
• Commercial communication, where legally permitted.
• Product, performance, and user experience improvement.

Sharing and processors

We may share data with vendors and processors essential to our operations (hosting, support, insights, billing), always under contractual data protection obligations.

International transfers

When international transfers occur, we adopt valid transfer mechanisms (such as standard contractual clauses and equivalent safeguards), under LGPD and GDPR.

Retention and deletion

We keep data only for the period necessary to fulfill stated purposes, legal obligations, and legal defense, followed by secure deletion.

Data subject rights

• Confirmation of processing, access, correction, and updates.
• Anonymization, blocking, or deletion of unnecessary or excessive data.
• Data portability, where technically feasible and legally applicable.
• Information about sharing and ability to withdraw consent.
• Objection and review of automated decisions, when applicable.
• Complaint before the competent supervisory authority (ANPD/applicable EU authority).

Security and governance

We apply risk-based technical and organizational controls, including access management, monitoring, incident handling, and periodic privacy process review.

Security incidents

If a relevant risk incident occurs, we will adopt containment and notification measures as required by applicable law.

Automated decisions

When automated processing significantly affects individuals, channels are available to request clarification and review as provided by law.

Children and adolescents data

Where applicable, processing follows specific legal requirements, including parental or guardian consent when required.

Notice updates

This notice may be updated to reflect legal, contractual, or operational changes. The current version is the one published on this page.