POLICIES

PRIVACY

1. OBJECTIVE

This Privacy Policy aims to demonstrate the commitment of LOPTI TECNOLOGIA LTDA, a private legal entity, registered under CNPJ No. 57.345.692/0001-27, with headquarters at Rua dos Pinheiros, No. 603, room 81, Pinheiros, São Paulo/SP, CEP 05.422-011 (“LOPTI”), to the protection of the personal data of its users. It covers both data that directly identifies the individual and other information provided to Lopti. This document establishes guidelines, controls, and responsibilities regarding the use and sharing of confidential information within the scope of Lopti's activities, whether professional, contractual, or arising from any other legal transactions entered into, or to be entered into, in accordance with applicable laws, especially Law No. 13.709/2018 and its subsequent amendments (“General Data Protection Law” or “LGPD”).

2. REFERENCES

General Data Protection Law (LGPD – Law No. 13.709/2018).
Brazilian Internet Bill of Rights (Law No. 12.965/2014).

3. DEFINITIONS

a) Confidential Information: Any and all information, data, documents, projects, reports, contracts, contract drafts, correspondence, technical specifications, or materials, regardless of format — written, oral, electronic, visual, digital, or any other means — that is not publicly available and that has been disclosed, transmitted, accessed, or otherwise made available to Lopti or by it to authorized third parties. This definition includes, but is not limited to, information of a financial, accounting, legal, strategic, technical, operational, commercial, economic, marketing, engineering, programming, product development, systems architecture, process flows, business models, expansion plans, ongoing negotiations, customer, supplier, and partner data, as well as any other knowledge, methods, procedures, formulas, source codes, algorithms, databases, and know-how, whether of a technical or non-technical nature.
b) Personal Data: Information relating to an identified or identifiable natural person, as defined in the General Data Protection Law (LGPD).
c) Sensitive Data: Information relating to racial or ethnic origin, religious beliefs, political opinions, genetic data, biometric data, health, or sexual orientation.
d) Anonymization: Use of reasonable and available technical means at the time of processing, through which data loses the possibility of direct or indirect association with an individual, such as expansion plans, ongoing negotiations, customer, supplier, and partner data, as well as any other knowledge, methods, procedures, formulas, source codes, algorithms, databases, and know-how, whether of a technical or non-technical nature.
e) Purpose: The reason why the data subject's personal data is processed.
f) User: The person to whom the personal data being processed refers;

4. SPECIFIC GUIDELINES

4.1 Data to be processed

In order for LOPTI to process personal data, it is essential that certain information be provided directly by the USER. Such information may include, but is not limited to, registration data such as name, CNPJ (Brazilian tax ID), address, and telephone number; professional data such as job title, function, and affiliated company; and information collected through cookies, such as usage history and interaction with the services.

Within the scope of the LOPTI system, the data provided by the USER will be processed and stored for the period strictly necessary to fulfill the purposes for which it was collected, or for the time required to comply with legal and regulatory obligations, contractual obligations assumed, as well as to ensure the exercise of LOPTI's rights in administrative, arbitration, or judicial proceedings, or in any other cases provided for in the General Data Protection Law (Law No. 13.709/2018). After the storage period has expired or the purposes that justified the processing have been exhausted, LOPTI will proceed with the definitive and secure deletion of personal data, observing the applicable technical standards.

Credit or debit card numbers eventually provided by the USER are used exclusively for carrying out financial transactions related to the contracted services and are not, under any circumstances, stored in LOPTI's databases.

4.2 Purpose of the Data

The personal data and other information collected may be used by LOPTI to enable access, proper use, and secure navigation of the services offered, including processing registrations, authenticating the USER, and managing accounts, ensuring that only duly authorized individuals can use the available functionalities. In addition, such data may be used for internal performance analysis, quality assessment, and continuous improvement of services, as well as for the development, training, and improvement of artificial intelligence models, always with the goal of providing a more efficient, personalized experience tailored to the needs of each USER.

4.3 Sharing

Service provision: The personal data collected may be shared with third parties exclusively to enable the provision of the services offered by LOPTI. This includes suppliers, service providers, and partners acting internally on behalf of LOPTI, allowing proper operation, maintenance, and continuous improvement of the services. Sharing occurs only to the extent necessary for such third parties to perform essential activities, ensuring confidentiality and protection of the processed information.
Compliance with legal obligations and protection of rights: LOPTI may share personal data when necessary to comply with legal, regulatory, or judicial obligations, including compliance with applicable laws or regulations, participation in judicial, arbitration, or administrative proceedings, as well as to protect, exercise, or defend the rights, security, property, and interests of LOPTI, its users, or third parties. Such sharing may occur with public authorities or competent entities, always in accordance with current legislation.
Corporate transactions: Data may be shared in situations involving corporate transactions, such as mergers, acquisitions, reorganizations, total or partial sales of assets, or any commercial transactions involving LOPTI. In such cases, personal information may be transferred to the successor company, potential successor company, or its employees, exclusively to the extent necessary to complete the transaction, ensuring the continued secure and appropriate processing of the data.
User Consent: Personal data may be shared with the express consent of the USER, observing the limits and purposes previously informed. Consent will allow certain information to be made available to specific third parties for determined purposes, ensuring transparency and USER control over the processing of their data.
Integration services: LOPTI may use access analysis and monitoring tools to collect metrics on LOPTI usage, USER behavior, and service performance.

4.4 Rights of the Data Subject

The USER may request access to their personal data, allowing them to know what information is being processed by LOPTI, as well as to obtain a copy of such data, when applicable. The right to request the updating or correction of incomplete, inaccurate, or outdated personal data is also guaranteed, ensuring that the information processed accurately reflects the reality of the data subject.

The data subject has the right to request the anonymization, blocking, or deletion of unnecessary, excessive, or unlawfully processed personal data. Likewise, they may request the deletion of their personal data when the processing is based solely on consent, and may revoke such consent at any time, without prejudice to the lawfulness of the processing carried out prior to revocation.

The USER also has the right to object, at any time, to the processing of their personal data when it is based on legal grounds other than consent, including, among other situations, LOPTI’s legitimate interest or compliance with a legal or regulatory obligation, except where processing is necessary to comply with such obligations.

In addition, the data subject has the right to data portability and may request that their personal information be transferred to another service provider or controller, when technically feasible, in accordance with applicable legislation. The data subject is also guaranteed the right to lodge a complaint with the competent data protection authority in the event of doubts or dissatisfaction regarding the processing of their personal data.

All the aforementioned rights may be exercised by the USER through direct contact with LOPTI via the available communication channels. LOPTI undertakes to provide a response within a reasonable timeframe and in accordance with the terms of applicable legislation, ensuring transparency, security, and respect for the privacy of its Users' personal data.

4.5 Data Storage

The personal data collected by LOPTI is stored in secure environments, controlled and protected by appropriate technical, administrative, and organizational measures, in order to prevent unauthorized access, loss, alteration, improper disclosure, or any form of inappropriate processing. Storage is carried out in accordance with applicable personal data protection legislation, ensuring that information is treated with confidentiality, integrity, and security.

Data will be retained for the time necessary to fulfill the purposes for which it was collected, as well as to meet legal, regulatory, or contractual obligations. When the data is no longer necessary for such purposes, or upon request by the data subject, it may be deleted, anonymized, or rendered inaccessible in a secure manner, in compliance with internal procedures and applicable legislation.

LOPTI is committed to periodically reviewing its storage and security processes, adopting best data protection practices, and ensuring that information processing remains compatible with the stated purposes, guaranteeing transparency and trust to the USER regarding the use of their personal data.

5. GENERAL PROVISIONS

This Privacy Policy constitutes the most current and effective version of the rules applicable to the processing of personal data carried out by LOPTI. At any time, LOPTI may amend, supplement, or revise the content of this Policy, in accordance with institutional purposes, operational needs, or to ensure compliance with applicable legislation. It is the USER’s responsibility to regularly consult the most up-to-date version available on the LOPTI website in order to remain informed of any changes.

In case of doubts, questions, or requests related to this Privacy Policy or the processing of personal data, the USER may contact LOPTI directly through the available service channels, including the email address dpo@lopti.ai.

This Privacy Policy, as well as any relationships or actions arising from its content, shall be governed by Brazilian law. To resolve any disputes or controversies related to this Policy, the Court of the District of São Paulo, State of São Paulo, is hereby elected as the exclusive forum, with express waiver of any other, however privileged it may be.