Privacy Policy & Data Protection

1. Data Controller and Data Protection Officer

Data Controller: StackBox Tecnologia Ltda., CNPJ No. 63.865.078/0001-99, headquartered in Porto Alegre/RS, Brazil — responsible for decisions regarding the processing of personal data.
Data Protection Officer (DPO): To exercise your rights or clarify questions, contact: dpo@stackbox.com.br.

2. Personal Data Collected

We collect only the data strictly necessary for providing our services and operating the website:

2.1. Data provided directly by the user

• Identification data: full name, email, phone/WhatsApp.
• Professional data: company, position, industry.
• Communications: messages sent through the contact form.

2.2. Automatically collected data

• Browsing data: IP address, browser type, operating system, pages visited, time spent, traffic source.
• Cookies and similar technologies: session identifiers, language preferences, analytics data.
• Device data: device type, screen resolution, timezone.

3. Purposes and Legal Bases for Processing

We process your personal data based on the following legal bases (Art. 7 of LGPD and Art. 6 of GDPR):

4. Cookies and Tracking Technologies

We use cookies and similar technologies to improve your experience:

4.1. Types of cookies used

• Essential cookies: necessary for basic website functionality (session, language preferences).
• Performance/analytical cookies: collect information about how you use the website (Google Analytics, Hotjar).
• Marketing cookies: used to measure campaign effectiveness and personalize ads.

4.2. Cookie management

You can manage your cookie preferences through your browser settings. Disabling essential cookies may affect website functionality. For more information, consult your browser's instructions.

5. Data Sharing

We may share your personal data with:

• Service providers: companies that assist us in operations (hosting, email marketing, analytics, CRM), always under data protection agreements.
• Business partners: when necessary for providing contracted services, with your knowledge.
• Competent authorities: when required by law, court order or for rights protection.

We do not sell, rent or commercialize your personal data.

6. International Data Transfer

Some of our service providers are located outside Brazil (e.g., cloud services, analytics). In such cases, we ensure that transfers occur:

• To countries with adequate protection levels recognized by ANPD;
• Through approved standard contractual clauses;
• Based on privacy certifications and frameworks (Privacy Shield successor, BCRs);
• In compliance with GDPR Chapter V for transfers involving EU residents' data.

7. Data Retention

We keep your data for the time necessary to:

• Fulfill the purposes for which they were collected;
• Meet legal, tax and regulatory obligations (minimum 5 years for tax documents);
• Exercise rights in judicial, administrative or arbitration proceedings;
• Browsing data: up to 6 months after last interaction;
• Commercial contact data: up to 2 years after last contact or while the relationship lasts.

After this period, data is securely deleted or anonymized.

8. Your Rights as Data Subject

In accordance with LGPD, GDPR and other applicable legislation, you have the right to:

• Confirmation and access: know if we process your data and obtain a copy.
• Correction: request rectification of incomplete or incorrect data.
• Anonymization, blocking or deletion: of unnecessary data or data processed in non-compliance.
• Portability: receive your data in structured format.
• Deletion: request deletion of data processed based on consent.
• Information: know with whom we share your data.
• Consent withdrawal: revoke consent at any time.
• Opposition: object to processing based on legitimate interest.
• Review of automated decisions: request human review of decisions made solely by algorithms.

To exercise your rights, send a request to: dpo@stackbox.com.br. We will respond within 15 business days.

9. Information Security

We adopt technical and organizational measures to protect your data:

• Data encryption in transit (HTTPS/TLS) and at rest;
• Role-based access control (RBAC);
• Monitoring and intrusion detection;
• Regular backups and geographic redundancy;
• Employee training on data protection;
• Periodic security and vulnerability testing.

In case of a security incident that may cause risk or damage, we will notify ANPD and affected data subjects as required by law.

10. Minors

Our services are not intended for persons under 18 years of age. We do not intentionally collect data from children or adolescents. If we identify such collection, we will proceed to immediately delete the data.

11. Jurisdiction-Specific Rights

11.1. European Union Residents (GDPR)

In addition to the listed rights, you may file a complaint with your country's supervisory authority. StackBox acts as a data controller for GDPR purposes.

11.2. California Residents (CCPA)

You have the right to know what personal information we collect, request deletion and opt out of having your data sold (we do not sell data). We do not discriminate against users who exercise these rights.

12. Updates to This Policy

This policy may be updated periodically to reflect changes in our practices or legal requirements. We recommend periodic review. Significant changes will be communicated by email or prominent notice on the website.

13. Contact and Complaint Channel

Data Protection Officer (DPO):
Email: dpo@stackbox.com.br
Address: Tecnopuc - PUCRS Science and Technology Park, Porto Alegre, RS, Brazil

For complaints to the Brazilian data protection authority:
ANPD - National Data Protection Authority
www.gov.br/anpd