Clav

Privacy Policy

Last updated: March 2, 2026

1. Introduction

Clav Tecnologia Ltda. ("Clav", "we", "us") is committed to protecting your privacy and personal data. This Privacy Policy describes how we collect, use, store, and share your information when you use the Clav platform ("Platform").

This policy is compliant with the Brazilian General Data Protection Law (Lei Geral de Proteção de Dados - LGPD, Law No. 13.709/2018) and other applicable data protection regulations.

2. Data Controller

Clav Tecnologia Ltda. is the data controller responsible for the processing of your personal data. For any inquiries regarding your data, you may contact us at:

contato@clav.tech

3. Data We Collect

We collect the following categories of personal data:

3.1 Data you provide directly

  • Account information: name, email address, company name, job title
  • Organization data: company name, CNPJ, address, contact information
  • Compliance documents and files uploaded to the Platform
  • Communications: messages, feedback, and support requests

3.2 Data collected automatically

  • Usage data: pages visited, features used, actions performed on the Platform
  • Device information: browser type, operating system, IP address
  • Cookies and similar technologies for session management and analytics

4. Legal Basis for Processing (LGPD)

We process your personal data based on the following legal grounds as defined by the LGPD:

  • Contract performance: Processing necessary to provide the Platform services you requested (Art. 7, V, LGPD)
  • Legitimate interest: Processing for product improvement, security, and fraud prevention (Art. 7, IX, LGPD)
  • Consent: For marketing communications and non-essential cookies, where required (Art. 7, I, LGPD)
  • Legal obligation: Processing required to comply with applicable laws and regulations (Art. 7, II, LGPD)

5. How We Use Your Data

We use your personal data to:

  • Provide, maintain, and improve the Platform services
  • Manage your account and authenticate your access
  • Process and store compliance documents securely
  • Send service-related communications and notifications
  • Analyze usage patterns to improve our services
  • Ensure the security and integrity of the Platform
  • Comply with legal and regulatory obligations

6. Data Sharing

We do not sell your personal data. We may share your data with:

  • Service providers: Third-party vendors who help us operate the Platform (cloud hosting, analytics, email delivery), subject to data processing agreements
  • Legal requirements: When required by law, regulation, or legal process
  • Business transfers: In connection with a merger, acquisition, or sale of assets, with appropriate data protection safeguards

7. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encryption of data in transit (TLS) and at rest (AES-256)
  • Optional zero-knowledge encryption for sensitive compliance files
  • Access controls and authentication mechanisms
  • Regular security assessments and monitoring
  • Secure cloud infrastructure with AWS (Amazon Web Services)

8. Data Retention

We retain your personal data for as long as necessary to provide the Platform services and fulfill the purposes described in this policy. Specifically:

  • Account data is retained while your account is active and for a reasonable period afterward
  • Compliance documents are retained according to the applicable regulatory retention periods
  • Usage logs are retained for up to 24 months for analytics and security purposes

Upon account termination, we will delete or anonymize your personal data within a reasonable period, except where retention is required by law.

9. Your Rights (LGPD)

Under the LGPD, you have the following rights regarding your personal data:

  • Confirmation and access: Right to confirm the existence of processing and access your data
  • Correction: Right to request correction of incomplete, inaccurate, or outdated data
  • Anonymization, blocking, or deletion: Right to request anonymization, blocking, or deletion of unnecessary or excessive data
  • Data portability: Right to request portability of your data to another service provider
  • Consent withdrawal: Right to withdraw consent at any time, without affecting the lawfulness of prior processing
  • Information: Right to information about public and private entities with which we share your data
  • Opposition: Right to object to processing that does not comply with the LGPD

To exercise any of these rights, please contact us at contato@clav.tech. We will respond to your request within 15 business days.

10. International Data Transfers

Your data may be processed in servers located outside of Brazil (e.g., AWS data centers). In such cases, we ensure that appropriate safeguards are in place, including standard contractual clauses and data processing agreements, in compliance with the LGPD.

11. Cookies

We use cookies and similar technologies for essential platform functionality, language preferences, and analytics. You can manage your cookie preferences through your browser settings.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on the Platform with a new effective date. We encourage you to review this policy periodically.

13. Contact and Data Protection Officer

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us at:

contato@clav.tech

You also have the right to file a complaint with the Brazilian National Data Protection Authority (ANPD) if you believe your data protection rights have been violated.