Privacy Policy

Effective date: May 14, 2026. Clear information for transparency and alignment with Brazil’s LGPD (Law 13,709/2018). This document does not replace formal legal advice for your business.

Back to login•View Terms of Use

Summary

  • We explain what data we process, why, and on which legal bases.
  • Essential cookies for the service and optional measurement with consent.
  • You can exercise access, correction, erasure, portability, and other LGPD rights.
  • Security, proportionate retention, and clear channels for requests.

Quick navigation

1. Scope, effective date, and applicable law2. Controller and data protection contact3. Personal data we process4. Purposes and legal bases (LGPD)5. Cookies, local storage, and audience measurement6. Sharing and subprocessors7. International data transfers8. Retention periods9. Information security10. Data subject rights (LGPD Art. 18)11. How to exercise your rights12. Children, teenagers, and automated decisions13. Updates to this Policy

1. Scope, effective date, and applicable law

  • This Policy applies to the website, web applications, and other digital services of the AgiFlux platform.
  • Personal data processing follows Law No. 13,709/2018 (LGPD) and other applicable rules.
  • This version is effective from May 14, 2026. Previous versions may be requested through the channels indicated below.

2. Controller and data protection contact

  • The controller is the legal entity operating the AgiFlux platform. Full legal name, tax ID (CNPJ), and address appear on contracts, invoices, and official commercial communications, and can be confirmed through authenticated support.
  • For privacy matters, data protection, and exercising data subject rights, use the official contact channel indicated at the end of this page.
  • If a Data Protection Officer (DPO) is formally appointed, their name and professional contact will be published in this section or provided in response to your request.

3. Personal data we process

  • Registration and account: name, email, phone, identification documents when required, company data (for example CNPJ and legal name), and usage preferences.
  • Authentication and security: session identifiers, access logs, IP address, device information, and security events.
  • Product operations: content you submit or generate on the platform (orders, messages, files, storefront settings, integrations), technical metadata, and logs.
  • Payments: data required to operate with payment providers (for example transaction status and billing identifiers), according to the contracted flow.
  • Support and communications: ticket history, recordings or transcripts when applicable and with specific consent, and records of consent and preferences.

4. Purposes and legal bases (LGPD)

  • Service delivery and account management — basis: performance of a contract and preliminary procedures (Art. 7(V)).
  • Compliance with legal and regulatory obligations (tax, accounting, responses to authorities) — basis: legal obligation (Art. 7(II)).
  • Information security, fraud prevention, and data subject protection — bases: legitimate interest (Art. 7(IX)) and contract performance, with balancing and minimization measures.
  • Product improvements, aggregated metrics, and performance diagnostics — bases: legitimate interest (Art. 7(IX)) and, when required, consent (Art. 7(I)).
  • Service communications (technical notices, material changes) — basis: contract performance or legal obligation; marketing communications, if any, with opt-out and an appropriate legal basis (consent or legitimate interest, as applicable).
  • If sensitive data is ever required, processing will follow LGPD-specific grounds, prominent notice, and reinforced safeguards according to the nature of the data.

5. Cookies, local storage, and audience measurement

  • We use cookies and similar technologies that are strictly necessary for authentication, security, language preference, load balancing, and essential platform operation. Where they are indispensable to the requested service, they may not require consent, but we still inform you in this Policy.
  • For audience measurement (for example Google Analytics / GA4), when enabled, we only use it after specific consent via a clear banner. You can accept measurement or keep essential-only cookies, and change your choice anytime via cookie preferences.
  • Blocking necessary cookies may prevent login or core features. Details about measurement providers are available in each provider’s documentation.

6. Sharing and subprocessors

  • We share data with vendors that help us operate the service (hosting, infrastructure, transactional email, payments, antifraud, technical monitoring, support), contractually bound and only as needed.
  • Public authorities: when there is a legal requirement, court order, or legitimate request from a competent authority.
  • We do not sell personal data. Any use for third-party advertising not covered by this Policy will be communicated with reasonable advance notice and an appropriate legal basis.

7. International data transfers

  • Some vendors may process data outside Brazil. When that happens, we adopt contractual clauses, risk assessments, and security measures aligned with the LGPD and ANPD guidance.
  • Upon request, we may provide a summary of destinations and applicable safeguards, within what is reasonable and without harming legitimate trade secrets.

8. Retention periods

  • We keep data for as long as needed to fulfill the purposes described, protect rights in disputes, and meet legal obligations (tax, consumer, and other applicable deadlines).
  • After account closure or when no longer needed, data may be deleted, anonymized, or isolated solely to comply with legal obligations.

9. Information security

  • We apply technical and organizational controls proportionate to risk: encryption in transit where applicable, access control, environment segregation, incident logging, and periodic review.
  • In the event of a relevant incident that may pose a risk to data subjects, we will communicate as required by the LGPD and ANPD guidance, in addition to containment and mitigation measures taken.

10. Data subject rights (LGPD Art. 18)

  • Confirmation of whether personal data is processed.
  • Access to data.
  • Correction of incomplete, inaccurate, or outdated data.
  • Anonymization, blocking, or deletion of unnecessary, excessive, or unlawfully processed data.
  • Portability to another service or product provider, subject to commercial/industrial secrecy and ANPD regulation.
  • Deletion of personal data processed on the basis of consent, when applicable.
  • Information about public and private entities with which we share data.
  • Information about the possibility of not providing consent and the consequences of refusal.
  • Withdrawal of consent, when consent is the legal basis.
  • Objection to processing based on legitimate interest, under the terms of the law.
  • Review of automated decisions, when applicable, under LGPD Art. 20.

11. How to exercise your rights

  • Send a request through the official channel below, including your full name, account email (if any), and a description of the request. We may ask for additional information to verify identity and protect third parties.
  • We will respond within the legal timeframe, generally up to 15 (fifteen) days, extendable by another 15 (fifteen) with justification, under the LGPD.
  • If you are not satisfied, you may petition the National Data Protection Authority (ANPD) or pursue other legal mechanisms.

12. Children, teenagers, and automated decisions

  • The platform is not directed to children under 16 without applicable consent/guardian involvement. If we learn of improper registration, we will take steps to delete or anonymize the data.
  • Artificial intelligence or automation features may suggest responses or flows; you remain responsible for business decisions and published content. Information about meaningful logic and consequences may be requested through support, within reasonable technical and commercial limits.

13. Updates to this Policy

  • We may update this Policy to reflect legal, product, or security changes. We will publish the new version at this URL with an effective date.
  • Material changes that require new consent or a prominent notice will be communicated through appropriate means (for example email or an in-platform notice).

Privacy and data subject contact

Supervisory authority in Brazil: National Data Protection Authority (ANPD).

For privacy requests, incidents, or exercising your rights, use AgiFlux’s official WhatsApp channel: https://wa.me/554499844380 Include the subject line "LGPD / Privacy" in your message for faster routing.

Cookie preferences on this device: use the button below to reopen the banner and choose again.