1. Regulatory scope
- GDPR for data subjects in the EU.
- LGPD for operations involving data subjects in Brazil.
2. Privacy by design
We implement privacy by default in architecture, data flows, and product decisions.
3. Governance
- Data flow mapping.
- Records of processing activities.
- Periodic risk and control reviews.
4. Data subject rights
- Handling legal requests.
- Defined timelines and traceability.
- Dedicated contact channel.
5. Security and incidents
We apply technical and organizational measures for prevention, detection, and response to incidents.
6. International transfers
Cross-border transfers are managed with contractual safeguards and risk assessments.