Pular para o conteúdo
Home
Compliance · LGPD

Privacy Policy

How we handle your personal data. In compliance with the LGPD (Law 13.709/2018).

Last updated: May 17, 2026

1. Principles

We take privacy seriously. We collect only what is necessary to operate the platform, we make clear what we use each piece of data for, and we make it easy to exercise your rights.

2. Data collected

  • Registration: name, email, phone (optional), CPF or CNPJ (optional, for invoice issuance).
  • Usage: access logs (IP, user-agent), pages visited, actions taken in the dashboard — for diagnostics and security auditing.
  • Payment: card data is tokenized and processed by PagBank. We do not store cards.
  • Monitored competitors: URLs and identifiers of the sources you register. The collected content is public.

3. Purpose of use

We use your data exclusively to:

  • Operate the platform (authentication, processing of analyses, report generation).
  • Issue charges and invoices.
  • Transactional communication (email verification, alerts, support).
  • Security and fraud prevention (auditable logs).

We do not sell data. We do not use your data to train public AI models.

4. Encryption and security

  • Passwords: hashed with Argon2id (state of the art; resistant to hardware attacks).
  • Secrets in the database (integration API keys, SMTP credentials): encrypted with AES-256-GCM.
  • Transport: HTTPS only (TLS 1.2/1.3, ECDHE-only ciphers). HSTS preload enabled.
  • Session: JWT in an httpOnly cookie + rotating refresh token stored hashed.

5. Sharing with third parties

We share the minimum necessary, only with:

  • PagBank: billing data (name, email, amount) — necessary to process payments.
  • Cloudflare: protection against attacks and the Turnstile captcha (verifies the browser, without advertising tracking).
  • SMTP email provider: sender of transactional emails.

We do not share with advertising platforms. There is no Facebook/Google Ads pixel in the logged-in area.

6. Retention and deletion

We retain your data for as long as your account is active. After a deletion request (My account → Delete account), we apply a 7-day grace period and then remove:

  • Profile, subscription, competitors, sources, reports, and history.

By legal obligation we retain only the minimum: billing data (5 years, art. 174 CTN) and security logs (6 months).

7. Your rights (LGPD)

At any time, you may:

  • Access and correct your personal data (in My account).
  • Request the portability of your data in a readable format.
  • Request the permanent deletion of your account.
  • Withdraw consent for marketing communications.
  • Request clarification about the use of your data.

8. Data Protection Officer and contact

For any privacy matter, contact our Data Protection Officer by email at privacidade@batedor.com.br. We respond within 15 business days, as required by the LGPD.