Privacy Policy

1. Information We Collect

We collect personal information that you provide directly, information generated automatically when you use our Services, and information obtained from third-party tools that support our operations. The specific personal information we collect depends on how you interact with our Services, the features you use, and the choices you make.

Personal information we receive directly from you or collect automatically includes:

Identifiers

• Name
• Email address
• Phone number

Account and Transaction Data

• Account or profile information

Technical and Device Data

• Device identifiers
• Browser type and operating system
• Technical logs and system data

Usage Data

• Pages visited
• Actions taken
• Features used
• Navigation patterns

Analytics and Tracking Data

• Cookie data
• Analytics events
• Usage logs

Preferences and Localization Data

• Language settings
• Time zone
• City-level location (if available)

Some features of our Services require specific personal information to function.

All personal information you provide must be accurate, complete, and up to date. You are responsible for notifying us if any of your information changes so we can maintain accurate records.

2. How We Collect Information

We collect personal information through a combination of information you provide directly, information gathered automatically when you use our Services, and information supplied by third-party providers that support our operations.

Information You Provide Directly

We collect personal information that you choose to provide when you interact with our Services. This includes information submitted when you:

• create an account or update profile details
• complete forms, make purchases, or engage with customer support
• respond to surveys, request information, or communicate with us

This information typically includes identifiers (such as name, email, phone number), account details, and any other information you voluntarily provide as part of your use of the Services.

Information From Your Interactions With the Services

We collect information related to your actions within the Services, including:

• features you use
• content you view
• settings or preferences you configure
• interactions with user interfaces or in-app tools

This data helps us personalize the experience and understand how users engage with our platform.

3. How We Use Your Information

We only process personal information when we have a valid legal basis under applicable data protection laws. This means we process data when it is necessary to provide our Services, fulfill our contractual obligations, comply with legal requirements, protect important interests, or pursue legitimate business purposes that do not override your rights.

Legal Bases We Rely On

We may rely on the following legal bases to process personal information:

• Contract— when processing is necessary to provide the Services or take steps at your request.
• Consent— when you voluntarily provide information for a specific purpose; you may withdraw consent at any time.
• Legitimate interests— when processing is necessary for our business operations and does not override your rights.
• Legal obligation— when we must process data to comply with applicable laws.
• Vital interests— when necessary to protect the safety or vital interests of an individual.

Purposes for Which We Process Personal Information

• We use personal information to create, maintain, and manage user accounts or profiles.

  Legal basis: with your consent

• We analyze usage data to understand how our Services are used and to improve functionality, performance, and user experience.

  Legal basis: with your consent

4. How We Process Your Information

We process personal information in ways that are appropriate to the nature of the data and the purposes for which it is collected. This includes storing, organizing, using, transmitting, and deleting information when it is no longer required. We apply principles of data minimization, purpose limitation, and accuracy to ensure that personal information is processed only when necessary and for clearly defined purposes.

Access to personal information is limited to authorized personnel who require it to perform their job duties and who are bound by confidentiality obligations. We implement technical and organizational measures designed to protect personal information against unauthorized access, disclosure, alteration, or misuse. These measures may include access controls, authentication procedures, logging, encryption in transit and at rest (where appropriate), monitoring, and routine security assessments.

We may combine information collected from different sources when this is necessary to operate the Services or when required to meet a lawful purpose, such as preventing fraud or maintaining the security of our platform.

We retain personal information only for as long as needed for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. For more details, see the “How Long We Retain Information” section.

Where required by applicable laws, we provide users with the ability to access, update, delete, restrict, or withdraw consent to the processing of their personal information. Additional rights may apply depending on your location; see the “Your Rights” section for more information.

5. Automated Decision-Making and Profiling

We do not use automated decision-making or profiling in a way that produces legal or similarly significant effects. If this changes in the future, we will update this Policy and provide any required notices or options.

6. Cookies & Tracking Technologies

We use cookies and similar tracking technologies (such as web beacons, tags, and pixels) to operate our website, understand how it is used, improve performance, and enhance your experience. These technologies help us maintain platform security, remember your preferences, prevent errors, and support essential site features.

We may use the following categories of cookies:

• Necessary / Essential Cookies: Required for the website to function properly and to provide services explicitly requested by the user.
• Functional / Preference Cookies: Enable a website to remember user preferences or settings.
• Analytics / Performance Cookies: Collect aggregated or behavioral data to help website owners understand usage and improve performance.

Some cookies are set directly by us (“first-party cookies”), while others may be placed by third-party providers that support our operations (“third-party cookies”), such as analytics, advertising, or customer support tools.

Necessary/Essential cookies are always active, while Analytics/Performance, Advertising/Marketing, and Functional/Preference cookies are used only with consent where required by law. You can manage your preferences at any time through the Cookie Banner or settings page.

Bot Protection (Cloudflare Turnstile)

We use Cloudflare Turnstile to protect our forms (such as our waitlist sign-up) from automated abuse and spam. Turnstile analyzes technical signals from your browser and device to tell humans apart from bots, and may set or read cookies or similar identifiers as part of this process. This processing is performed by Cloudflare, Inc. as a third-party provider on our behalf. For details on how Cloudflare handles information collected through Turnstile, see the Cloudflare Turnstile Privacy Addendum.

7. How We Share Your Information

We do not share personal information with third parties, except when required by law or to protect our legal rights.

8. International Transfers

We do not share personal information with third parties, except when required by law or to protect our legal rights.

9. How Long We Retain Information

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, comply with legal and regulatory requirements, resolve disputes, and enforce our agreements. We do not keep personal information longer than needed, and retention periods may vary depending on the type of data and the reason it was collected.

When we no longer have a legitimate business need to process personal information, we will delete or anonymize it. If deletion is not immediately possible (for example, due to technical constraints or backup systems), we will securely store the information and isolate it from further processing until deletion is feasible.

We retain personal information for the following periods:

• Account information: Until users delete their account.
• Profile and preferences: Until users terminate their accounts.
• Usage logs and activity data: 90 days.
• Cookies and tracking data: Session only (deleted when browser closes).
• Security logs: 90 days.
• User-generated content: Until deleted by the user or until the account is closed.

With regard to cookies and tracking data, we retain personal information according to the durations listed in the Cookie Policy. If no specific retention period applies, we delete or anonymize personal information once it is no longer necessary for the purpose collected.

10. How We Keep Your Information Safe

We implement appropriate technical and organizational measures to protect personal information from unauthorized access, disclosure, alteration, or destruction. These measures are designed to provide a level of security appropriate to the risks associated with processing personal information.

Our safeguards may include:

• Encryption of data in transit and at rest
• Access controls to limit who can view or handle information
• Monitoring and logging of system activity to detect potential issues
• Regular security assessments and updates to our systems
• Secure data storage and transmission practices
• Employee training on data protection and security

While we take reasonable steps to safeguard personal information, no system or method of transmission over the internet is completely secure. Because of this, we cannot guarantee absolute security.

If we identify a data breach that affects your personal information, we will notify you and any applicable supervisory authorities when required by law.

11. Your Rights

Individuals have certain rights regarding their personal information. These rights vary depending on where they live, but we aim to provide clear and accessible options for all users.

Rights for Users in the European Union (EU/EEA)

If you are located in the EU/EEA, you have the following rights under the GDPR:

• Right of access: Request a copy of the personal information we hold about you.
• Right to correction: Request that we correct inaccurate or incomplete information.
• Right to deletion: Request deletion of your personal information in certain circumstances.
• Right to restrict processing: Request that we limit how your data is used.
• Right to object: Object to processing based on legitimate interests or direct marketing.
• Right to data portability: Request your information in a structured, commonly used format.
• Right to withdraw consent: Withdraw consent at any time when processing is based on consent.

If you believe your personal data is being processed unlawfully, you have the right to lodge a complaint with a data protection authority. You can usually contact the authority in your country of residence, place of work, or where you believe a violation has occurred.

Rights for Users in the United Kingdom

If you are located in the United Kingdom, you have the following rights under the UK GDPR:

• Access
• Correction
• Deletion
• Restriction of processing
• Objection
• Data portability
• Withdraw consent

If you believe we are processing your personal information unlawfully, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO).

Rights for Users in Switzerland

If you are located in Switzerland, you have the following rights under the Swiss Federal Act on Data Protection. This section supersedes any other possibly divergent or conflicting information contained in this Privacy Policy. Further details regarding the categories of data processed, the purposes of processing, the categories of recipients of the personal data, if any, the retention period and further information about personal data can be found in the relevant sections within this document.

You may exercise certain rights regarding your personal information within the limits of the Swiss Federal Act on Data Protection, including the following:

• right of access to personal data;
• right to object to the processing of your personal data (which also allows you to demand that processing of personal data be restricted, personal data be deleted or destroyed, specific disclosures of personal data to third parties be prohibited);
• right to receive your personal data and have it transferred to another controller (data portability);
• right to ask for incorrect personal data to be corrected.

How to exercise these rights

Any requests to exercise user rights can be directed to us through the contact details provided in this document. Such requests are free of charge and will be answered by us as early as possible, providing you with the information required by law.

Rights for Users in Brazil

This section integrates with and supplements the information contained in the rest of the Privacy Policy and is provided by us and, if the case may be, our parent, subsidiaries and affiliates (for the purposes of this section referred to collectively as “we”, “us”, “our”).

This section applies to all users in Brazil (Users are referred to below, simply as “you”, “your”, “yours”), according to the “Lei Geral de Proteção de Dados“ (the “LGPD“), and for such Users, it supersedes any other possibly divergent or conflicting information contained in the Privacy Policy. This part of the document uses the term “personal information“ as it is defined in the LGPD.

The grounds on which we process your personal information

We can process your personal information solely if we have a legal basis for such processing. Legal bases are as follows:

• your consent to the relevant processing activities;
• your consent to the relevant processing activities;
• compliance with a legal or regulatory obligation that lies with us;
• the carrying out of public policies provided in laws or regulations or based on contracts, agreements and similar legal instruments;
• studies conducted by research entities, preferably carried out on anonymized personal information;
• the carrying out of a contract and its preliminary procedures, in cases where you are a party to said contract;
• the exercising of our rights in judicial, administrative or arbitration procedures; protection or physical safety of yourself or a third party;
• the protection of health — in procedures carried out by health entities or professionals;
• our legitimate interests, provided that your fundamental rights and liberties do not prevail over such interests; and
• credit protection.

To find out more about the legal bases, you can contact us at any time using the contact details provided in this document.

Categories of personal information processed

To find out what categories of your personal information are processed, you can read the relevant section within this document.

Why we process your personal information

To find out why we process your personal information, you can read the relevant sections within this document.

Your Brazilian privacy rights, how to file a request and our response to your requests

Your Brazilian privacy rights

You have the right to:

• obtain confirmation of the existence of processing activities on your personal information;
• access to your personal information;
• have incomplete, inaccurate or outdated personal information rectified;
• obtain the anonymization, blocking or elimination of your unnecessary or excessive personal information, or of information that is not being processed in compliance with the LGPD;
• obtain information on the possibility to provide or deny your consent and the consequences thereof;
• obtain information about the third parties with whom we share your personal information;
• obtain, upon your express request, the portability of your personal information (except for anonymized information) to another service or product provider, provided that our commercial and industrial secrets are safeguarded;
• obtain the deletion of your personal information being processed if the processing was based upon your consent, unless one or more exceptions provided for in art. 16 of the LGPD apply;
• revoke your consent at any time;
• lodge a complaint related to your personal information with the ANPD (the National Data Protection Authority) or with consumer protection bodies;
• oppose a processing activity in cases where the processing is not carried out in compliance with the provisions of the law;
• request clear and adequate information regarding the criteria and procedures used for an automated decision;
• request the review of decisions made solely on the basis of the automated processing of your personal information, which affect your interests, including decisions defining personal, professional, consumer, and credit profiles or aspects of your personality.

You will never be discriminated against, or otherwise suffer any sort of detriment, if you exercise your rights.

How to file your request

You can file your express request to exercise your rights free from any charge, at any time, by using the contact details provided in this document, or via your legal representative.

How and when we will respond to your request

We will strive to promptly respond to your requests. In any case, should it be impossible for us to do so, we’ll make sure to communicate to you the factual or legal reasons that prevent us from immediately, or otherwise ever, complying with your requests. In cases where we are not processing your personal information, we will indicate to you the physical or legal person to whom you should address your requests, if we are in the position to do so.

In the event that you file an access or personal information processing confirmation request, please make sure that you specify whether you’d like your personal information to be delivered in electronic or printed form.

You will also need to let us know whether you want us to answer your request immediately, in which case we will answer in a simplified fashion, or if you need a complete disclosure instead.

In the latter case, we’ll respond within 15 days from the time of your request, providing you with all the information on the origin of your personal information, confirmation on whether or not records exist, any criteria used for the processing and the purposes of the processing, while safeguarding our commercial and industrial secrets.

In the event that you file a rectification, deletion, anonymization or personal information blocking request, we will make sure to immediately communicate your request to other parties with whom we have shared your personal information in order to enable such third parties to also comply with your request — except in cases where such communication is proven impossible or involves disproportionate effort on our side.

Transfer of personal information outside of Brazil permitted by the law

We are allowed to transfer your personal information outside of the Brazilian territory in the following cases:

• when the transfer is necessary for international legal cooperation between public intelligence, investigation and prosecution bodies, according to the legal means provided by the international law;
• when the transfer is necessary to protect your life or physical security or those of a third party;
• when the transfer is authorized by the ANPD;
• when the transfer results from a commitment undertaken in an international cooperation agreement;
• when the transfer is necessary for the execution of a public policy or legal attribution of public service; when the transfer is necessary for compliance with a legal or regulatory obligation, the carrying out of a contract or preliminary procedures related to a contract, or the regular exercise of rights in judicial, administrative or arbitration procedures.

Rights for Users in the United States

Your privacy rights under US state laws

You may exercise certain rights regarding your personal information. In particular, to the extent permitted by applicable law, you have:

• the right to access personal information: the right to know. You have the right to request that we confirm whether or not we are processing your personal information. You also have the right to access such personal information;
• the right to correct inaccurate personal information. You have the right to request that we correct any inaccurate personal information we maintain about you;
• the right to request the deletion of your personal information. You have the right to request that we delete any of your personal information;
• the right to obtain a copy of your personal information. We will provide your personal information in a portable and usable format that allows you to transfer data easily to another entity — provided that this is technically feasible;
• the right to opt out from the sale of your personal information;
• the right to non-discrimination; We will not discriminate against you for exercising your privacy rights.

In addition to the rights listed above common to all users in the United States, as a user residing in Virginia, Colorado, Connecticut, Texas, Oregon, Nevada, Delaware, Iowa, New Hampshire, New Jersey, Nebraska, Tennessee, Minnesota, Montana, Indiana, Kentucky and Rhode Island, you have

• the right to opt out of the processing of your personal information for targeted advertising or profiling in furtherance of decisions that produce legal or similarly significant effects concerning you;
• the right to freely give, deny or withdraw your consent for the processing of your sensitive personal information. Please note that certain exceptions outlined in the law may apply, such as, but not limited to, when the collection and processing of sensitive personal information is necessary for the provision of a product or service specifically requested by you.

In Minnesota, users also have the right to obtain a list of the specific third parties to which the controller has disclosed the consumer’s personal data.

Note that in some states like Minnesota, in addition to the rights listed above common to all users in the United States, you have the following specific rights connected to profiling:

• the right to question the results of the profiling;
• the right to be informed of the reason that the profiling resulted in the decision; if feasible;
• the right to be informed of what actions you might have taken to secure a different decision and the actions that you might take to secure a different decision in the future;
• the right to review your personal data used in the profiling;
• if inaccurate, the right to have the data corrected and the profiling decision reevaluated based on the corrected data;

Additional rights for users residing in Utah and Iowa

In addition to the rights listed above common to all users in the United States, as a resident of Utah or Iowa, you have the following additional rights under the Utah Consumer Privacy Act (UCPA) or the Iowa Consumer Privacy Act (ICPA):

• the right to opt out of the processing of your personal information for targeted advertising;
• the right to opt out of the processing of your sensitive personal information. Please note that certain exceptions outlined in the law may apply, such as, but not limited to, when the collection and processing of sensitive personal information is necessary for the provision of a product or service specifically requested by you.

Additional Rights for California Residents

If you are a resident of California, in addition to the rights listed above common to all users in the United States, you have the following rights under the CCPA/CPRA:

• Right to know the categories of personal information we collect and how it is used.
• Right to access specific pieces of information we hold.
• Right to deletion of your personal information, with certain exceptions.
• Right to correct inaccurate information.
• Right to opt out of the sale or sharing of personal information.
• Right to limit the use and disclosure of sensitive personal information.
• Right to non-discrimination for exercising your rights.

We do not use sensitive personal information for inferring characteristics or for purposes other than those that are reasonably necessary to provide the requested services. Sensitive personal information is not sold or shared for cross-context behavioral advertising.

In addition, California residents may exercise their rights through the following clearly-labeled links provided on this website:

• “Do Not Sell or Share My Personal Information” “Limit the Use of My Sensitive Personal Information”

These links allow users to opt out of cross-context behavioral advertising, targeted advertising, or the use of sensitive personal information.

How to exercise your privacy rights under US state laws

To exercise the rights described above, you need to submit your request according to the details in the “How To Contact Us” section of this document.

For us to respond to your request, we must know who you are. We will not respond to any request if we are unable to verify your identity and therefore confirm the personal information in our possession relates to you. You are not required to create an account with us to submit your request. We will use any personal information collected from you in connection with the verification of your request solely for verification and shall not further disclose the personal information, retain it longer than necessary for purposes of verification, or use it for unrelated purposes.

If you are an adult, you can make a request on behalf of a child under your parental authority.

How to exercise your rights to opt out

In addition to what is stated above, to exercise your right to opt-out of sale or sharing and targeted advertising you can also use the cookie banner, consent management options or privacy choices link provided on this website.

If you want to submit requests to opt out of sale or sharing and targeted advertising activities via a user-enabled global privacy control, such as for example the Global Privacy Control (“GPC”), you are free to do so and we will abide by such request in a technically frictionless manner.

How and when we are expected to handle your request

We will respond to your request without undue delay, but in all cases within the timeframe required by applicable law. Should we need more time, we will explain to you the reasons why, and how much more time we need.

Should we deny your request, we will explain to you the reasons behind our denial. Afterwards, you may at your option then contact the relevant regulatory authority to submit a complaint.

We will not charge a fee to process or respond to your request unless such request is manifestly unfounded or unduly excessive and in all other cases where it is permitted by the applicable law. In such cases, at our discretion, we may charge a reasonable fee or refuse to act on the request. In either case, we will communicate our choices to you and explain the reasons behind them.

You can submit a request to exercise your rights by contacting us using the details provided in the “How To Contact Us” section. Users in jurisdictions requiring consent for cookies and tracking (e.g., EU/EEA) may withdraw consent at any time via the cookie banner, privacy settings page, or by contacting us. Withdrawal does not affect the lawfulness of processing performed before withdrawal. We may need to verify your identity before processing your request.

12. Children’s Privacy

Our Services are not intended for children under 16, and we do not knowingly collect personal information from individuals under this age. If we become aware that we have collected personal information from a child under 16, we will delete it as soon as reasonably possible.

If you believe that a child has provided personal information to us, please contact us using the details in the “How To Contact Us” section.

13. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, operational needs, or applicable laws. When we make changes, we will update the “Last Updated” date at the top of this Policy.

We use the following method(s) to notify users of significant changes to this Privacy Policy:

• No notification will be provided

We encourage you to review this Privacy Policy periodically to stay informed about how we collect, use, and protect your personal information.

14. How to Contact Us

If you have questions, concerns, or requests related to this Privacy Policy or our handling of personal information, you may contact us using the details below: