Privacy & Security LGPD Transparency

Privacy and Security Policy

This policy explains how InfluenciMax collects, uses, shares, and protects personal data, as well as the security measures adopted to keep information safe.

Last updated: January 2026

Overview

InfluenciMax is an automation platform for conversations and interactions in digital channels. By using our services, we may process personal data needed to create your account, operate features, provide support, meet legal obligations, and improve the experience.

This Policy follows the principles and rules of the General Data Protection Law (LGPD — Law No. 13.709/2018), including transparency, purpose, adequacy, necessity, security, and accountability.

Definitions

  • Personal data: information that identifies or can identify a person (e.g., name, email, phone).
  • Sensitive personal data: data about racial/ethnic origin, religious belief, health, etc. (as a rule, not necessary for our service).
  • Data subject: the person to whom the data refers.
  • Controller and Processor: roles defined in the LGPD about who decides and who processes data.
  • Processing: any use of data (collection, storage, access, deletion, etc.).

What data we collect

Registration data

Name, email, phone (when provided), password (stored securely), plan/subscription, and preferences.

Platform usage data

Access records, events, and operational logs (e.g., pages visited, actions taken, dates/times).

Payments

Billing information and transaction status. Card data is usually processed by payment providers (we do not store the full card number).

Support

Data you send when contacting us (e.g., messages, attachments, support history, contact email).

Important: we collect only what is necessary to operate the service. If data is not necessary, we avoid requesting it.

Purposes and legal bases

We may process personal data to:

  • Perform the contract and deliver service features.
  • Handle requests for support, questions, and fraud prevention.
  • Comply with legal/regulatory obligations (e.g., tax, accounting, log retention when applicable).
  • Improve the product, performance, and user experience (with metrics and analytics).
  • Communications operational (e.g., security notices, important changes, service status).
Legal bases vary by context, including contract performance, compliance with legal obligation, regular exercise of rights, and, when applicable, consent.

Cookies and technologies

We use cookies and similar technologies to keep your session, remember preferences, measure performance, and improve the platform. You can manage cookies in your browser. In some cases, disabling cookies may affect functionality.

  • Essential: necessary for login, security, and site operation.
  • Performance/Analytics: help understand usage and improve experience.
  • Preferences: store choices such as language and settings.

Data sharing

We may share personal data only when necessary, for example:

  • Infrastructure providers (hosting, storage, transactional email) to operate the platform.
  • Payment providers and anti-fraud (when applicable) to process charges.
  • Support and service (helpdesk tools) to respond to you.
  • Legal obligation or orders from competent authorities, when required.
When we use vendors, we seek to adopt clauses and measures for data protection and restricted access.

International transfer

Some providers may operate servers outside Brazil. When there is international transfer, we adopt reasonable measures to ensure adequate protection, in line with the LGPD and market best practices.

Retention and deletion

We keep data for as long as necessary to fulfill the purposes described in this policy, including legal obligations, fraud prevention, security, and exercise of rights. After that, we delete or anonymize when possible.

  • Account data: while your account is active or as needed for support/legal obligations.
  • Logs: for periods compatible with security, audit, and applicable legal requirements.
  • Support: for a reasonable time for history and service improvement.

Data subject rights

Under the LGPD, you may request, as applicable: confirmation of processing, access, correction, anonymization/blocking/deletion, portability, information about sharing, and consent revocation.

Access and correction

You may request access to your data and correction of incomplete, inaccurate, or outdated information.

Deletion

You may request deletion/anonymization, subject to legal obligations and permitted retention scenarios.

Portability

When applicable, you may request portability, subject to regulation and trade/industrial secrets.

Information

You may request information about sharing and consequences of not providing consent when relevant.

Information security

Security is a priority. We adopt reasonable technical and administrative measures to protect data against unauthorized access, loss, alteration, or destruction. Examples of practices adopted:

  • Access control by roles and least-privilege principle.
  • Monitoring and logs for auditing and anomaly detection.
  • Encryption/credential protection and storage best practices.
  • Backups and recovery routines.
  • Security updates and patches in system components.
No system is 100% immune. Therefore, we also invest in processes, monitoring, and continuous improvement.

Incidents and communication

In the event of a security incident with relevant risk, we will take containment and investigation measures, and may notify data subjects and/or competent authorities when applicable, in accordance with the LGPD and ANPD guidance.

Children and adolescents

Our services are not directed to children. If we identify improper processing of children's/adolescents' data, we will take corrective measures, including deletion when appropriate.

Changes to this policy

We may update this Policy periodically to reflect service improvements, legal or operational changes. When there are relevant changes, we may notify via the site or communication to your registered email.

Contact / Data Protection Officer (DPO)

For questions, requests, or to exercise data subject rights, contact us:

DPO:
InfluenciMax Privacy Team
We respond to requests within a reasonable time, according to complexity and validation/security requirements.