1. Who we are
RDOC# is a corporate notification service operated by [Applicable Corporate Name] CNPJ [to be completed]. This policy describes how we treat your personal data in accordance with the LGPD (Law 13,709/2018).
2. Data we collect
- Registration data: name, email, CNPJ, legal representative details, company address.
- Usage data: IP, user-agent, login timestamps and actions within the panel.
- Recipient data: name and email of people who will receive notifications (registered by the customer).
3. Legal bases for processing
We use the legal bases provided for in art. 7th of the LGPD, mainly: execution of contract, legitimate interest and compliance with legal obligations.
4. How we use your data
To operate the contracted service, generate an audit trail of notifications, communicate important product updates and comply with tax obligations.
5. Sharing
We do not sell your data. We only share with essential vendors (AWS for hosting, Amazon SES for email sending) under confidentiality agreements.
6. Your rights
You can request access, correction, deletion or portability of your data at any time. Send a request to our data protection officer via the contact form.
7. Retention
We keep the data for the period of the contractual relationship and for a further 5 years after termination, for audit and legal compliance purposes. Notifications with an audit trail are preserved for the same period of time.
8. Security
We host on AWS São Paulo with encryption in transit (TLS) and at rest (Oracle TDE). Internal access controlled by the principle of least privilege. Access logs reviewed periodically.
9. Updates
This policy may be updated. Relevant changes are communicated by email 30 days in advance.