Privacy Policy

1. Introduction

RICARDO ***** - ME, registered under CNPJ No. 16.***.***/0001-80, owner and operator of the NUDINN platform, is committed to protecting the privacy and personal data of its users.

This Privacy Policy describes how we collect, use, store, share, and protect your personal information, in compliance with the Brazilian General Data Protection Law (Lei Geral de Proteção de Dados - LGPD, Law No. 13.709/2018) and applicable international regulations.

By using our services, you agree to the practices described in this policy. We recommend carefully reading this document.

2. Data Collected

2.1. Personal Data Provided Directly

• Registration Data: Full name, email, CPF/Tax ID, phone, date of birth
• Authentication Data: Encrypted password, access tokens
• Financial Data: Banking information (banks used, estimated balances), income, expenses, bills, transactions
• Payment Data: Credit card information (processed by secure gateway - Stripe), subscription history

2.2. Automatically Collected Data

• Browsing Data: IP address, browser type, operating system, pages visited, time spent
• Device Data: Unique device identifier, model, app version
• Location Data: Approximate location based on IP (we do not collect precise location)
• Cookies and Similar Technologies: We use essential, functional, and analytical cookies (see our Cookie Policy)

2.3. Sensitive Data

We do not collect sensitive data as defined by LGPD (racial/ethnic origin, religious beliefs, political opinions, union affiliation, genetic/biometric data, health data, or sexual life).

3. Purposes of Data Processing

We use your personal data for the following purposes:

3.1. Service Provision

• Create and manage your account on the platform
• Process and analyze your financial information
• Generate preventive alerts about financial health
• Provide personalized AI-powered recommendations
• Enable bank data synchronization (with authorization)

3.2. Operational and Administrative

• Process subscription payments
• Send service communications (updates, maintenance, alerts)
• Provide technical support and customer service
• Prevent fraud and ensure platform security

3.3. Marketing and Communication (with your consent)

• Send newsletters, educational materials, and promotions
• Conduct satisfaction surveys
• Personalize offers and content

3.4. Improvements and Analytics

• Analyze usage patterns and behavior
• Develop new features and improve user experience
• Conduct A/B testing and optimizations

3.5. Compliance with Legal Obligations

• Respond to requests from competent authorities
• Fulfill tax and accounting obligations
• Exercise rights in judicial or administrative proceedings

4. Legal Basis

The processing of personal data by NUDINN is based on the following legal bases under LGPD:

• Consent (Art. 7, I): For marketing communications and non-essential cookies
• Contract Performance (Art. 7, V): For providing contracted services
• Legitimate Interest (Art. 7, IX): For fraud prevention, security, analytics, and improvements
• Legal Obligation Compliance (Art. 7, II): For judicial requests and tax obligations

5. Data Sharing

We do not sell your personal data. We only share information in the following situations:

5.1. Service Providers (Data Processors)

• Stripe: Payment processing
• Cloud Providers: Data hosting and storage (AWS, Google Cloud)
• Analytics Tools: Google Analytics, Mixpanel (anonymized data)
• Email Services: Sending notifications and communications
• CDN and Security: Cloudflare for protection and optimization

All providers are carefully selected and contractually obligated to maintain data confidentiality and security.

5.2. Legal Requirements

We may disclose personal data when required by law, court order, regulatory authority, or to protect the rights, property, or safety of the company and users.

5.3. International Transfers

Some of our service providers may be located outside Brazil. We ensure that such transfers comply with LGPD using standard contractual clauses and appropriate certifications (e.g., Privacy Shield, Standard Contractual Clauses).

6. Retention Period

We retain your personal data only as long as necessary for the described purposes:

• Active Account Data: During your subscription and service use
• Closed Account Data: Up to 5 years after cancellation for legal compliance (tax, accounting) and litigation defense
• Marketing Data: Until consent withdrawal or 2 years without interaction/engagement
• Access Logs: 6 months, per Marco Civil da Internet (Law No. 12.965/2014)
• Anonymized Data: May be retained indefinitely for statistical purposes

After retention periods, data is securely and irreversibly deleted.

7. Your Rights (Data Subject Rights)

Under LGPD, you have the following rights regarding your personal data:

• Confirmation and Access (Art. 18, I and II): Confirm whether we process your data and access your personal data
• Correction (Art. 18, III): Correct incomplete, inaccurate, or outdated data
• Anonymization, Blocking, or Deletion (Art. 18, IV): Request anonymization, blocking, or deletion of unnecessary, excessive, or non-compliant data
• Data Portability (Art. 18, V): Receive your data in a structured, interoperable format
• Data Deletion (Art. 18, VI): Request deletion of consent-based data
• Information on Sharing (Art. 18, VII): Know with whom we share your data
• Information on Non-Consent (Art. 18, VIII): Be informed about consequences of not providing consent
• Consent Revocation (Art. 18, IX): Withdraw your consent at any time
• Opposition (Art. 18, §2º): Object to processing based on legitimate interest
• Automated Decision Review (Art. 20): Request review of decisions made solely by automated processing

How to Exercise Your Rights

To exercise any of these rights, contact us through:

We will respond to your request within 15 days, extendable by another 15 days with justification.

8. Data Security

We adopt robust technical and organizational measures to protect your data against unauthorized access, loss, destruction, alteration, or improper disclosure:

• Encryption: SSL/TLS for data transmission, AES-256 encryption for data at rest
• Access Control: Multi-factor authentication, principle of least privilege
• Monitoring: Audit logs, intrusion detection, security alerts
• Backups: Regular encrypted backups
• Testing: Periodic penetration testing, security audits
• Training: Continuous team training on security and privacy

In case of a security incident that may pose relevant risk or harm to data subjects, we will notify ANPD and affected users as required by LGPD.

9. Cookies

We use cookies and similar technologies to improve your experience, analyze platform usage, and personalize content. You can manage your cookie preferences through browser settings.

For more information, see our Cookie Policy (under development).

10. Minors

Our services are not intended for individuals under 18 years of age. We do not intentionally collect data from children or adolescents without parental or guardian consent. If we become aware of inadvertent collection, we will delete such data immediately.

11. Changes to this Policy

We may update this Privacy Policy periodically to reflect changes in our practices, legislation, or services. The most recent version will always be available on this page with the "Last Updated" date.

Substantial changes will be communicated by email or prominent notice on the platform, with at least 10 days' advance notice.

12. Governing Law and Jurisdiction

This Privacy Policy is governed by the laws of the Federative Republic of Brazil. The courts of [City/State of company] have exclusive jurisdiction over any disputes arising from this policy, with express waiver of any other, however privileged.

13. Contact and Data Protection Officer (DPO)

The Data Protection Officer is the communication channel between the controller, data subjects, and the National Data Protection Authority (ANPD).