"Garimpo" Privacy Policy

This policy describes how we handle personal data. It is not legal advice. If you run Garimpo as a business, please have this text reviewed by your legal counsel.

1. Controller and contact

The data controller is XPTO IT Services and Solutions. To contact us about privacy, please open a ticket through Garimpo’s support channel.

2. Scope

This policy applies to Garimpo’s website, web app, and related services.

For common questions, see the FAQ.

For usage rules, see the Usage Policy.

3. Personal data we process

• Account data: email address, display name, language, and preferences.
• Authentication and security: password hashes, session tokens, security logs.
• Usage data: feature usage, page views, and event telemetry (aggregated where possible).
• Support and billing: support tickets, communications, and billing records where applicable.
• AI-assisted features: content you submit when AI-assisted features are used (available by default, but run only when you trigger them).

4. Purposes and legal bases

• Provide the service (contract): create accounts, authenticate users, and deliver features.
• Security and abuse prevention (legitimate interests): protect users and infrastructure.
• Customer support (contract/legitimate interests): respond to requests and troubleshoot issues.
• Billing and compliance (legal obligations): keep records required by law.
• Analytics (consent where required): understand usage to improve the product.

5. AI-assisted features

• AI features are available by default but run only when you use them; no background processing.
• We do not send direct identifiers (such as your email) to AI providers and minimize data where possible.
• We do not use your data for unrelated advertising. AI outputs are informational and not financial advice.

6. Cookies and analytics

• We use analytics cookies to understand usage and improve Garimpo.
• Analytics runs only after your consent when required. You can accept or reject via the consent banner.
• You can withdraw consent at any time by revoking in the banner or clearing your local storage.
• We respect Do Not Track (DNT) where supported by the browser.

7. Sharing and processors

• We do not sell personal data.
• We share data with categories of service providers that help us operate the service (hosting, email delivery, analytics, payments).
• We limit sharing to what is necessary for those purposes. We do not publicly list providers, but we can disclose categories and purposes upon request.
• We may share data with authorities when required by law.

8. International transfers

Data is stored and processed in the EU. If a provider processes data in another country, we use appropriate safeguards (such as standard contractual clauses or equivalent mechanisms).

9. Retention

• Account profile: deleted after you delete your account or after inactive/pending account cleanup.
• Security logs: retained for limited periods to protect the service.
• Support and billing: retained as necessary to resolve requests and meet legal obligations.

10. Your rights

• You may have rights to access, correct, delete, restrict, object, or obtain portability of your data.
• You may withdraw consent for analytics at any time.
• To exercise your rights, open a ticket through Garimpo’s support channel. We may verify your identity.

11. Children

Garimpo is not directed to children. If you are below the age of digital consent in your country, you should use the service only with the consent of a parent or guardian.

12. Changes

We may update this policy from time to time. We will publish the latest version on this page.

13. Contact

For privacy requests, please open a ticket through Garimpo’s support channel.