Privacy Policy

This Privacy Policy applies to the use of Gaio ProcessOS, a platform operated by GAIO INNOTECH LTDA, CNPJ 28.575.989/0001-80, headquartered at Rua Jose Elias, 71, Sala 201, Bairro Jardim Karaiba, ZIP Code 38.411-201, Uberlandia - MG, Brazil.

This document describes how personal data may be collected, used, stored, and protected while browsing the website and using the platform, in accordance with Brazilian Laws 12.965/2014 and 13.709/2018.

When customers use Gaio ProcessOS to operate their own processes and databases, GAIO generally acts as a processor, providing the technology and executing instructions related to the contracted service.

In these cases, the customer is the controller of the data entered into the solution and remains responsible for defining purpose, legal basis, retention period, data subject responses, and other applicable legal obligations.

In activities related to the commercial relationship itself, such as registration, billing, marketing, support, and contract management, GAIO may act as the controller of the personal data necessary to provide its services.

We may process registration and relationship data such as full name, email, username, password, contractual information, payment data, and records of interactions through support channels.

We may also collect access logs, IP address, approximate location, traffic source, browser type, visit duration, and pages accessed, including through cookies and similar technologies.

Data may be used for user identification and authentication, access enablement, contract performance, payment processing, support delivery, operational communications, fraud prevention, and platform security improvement.

When permitted by applicable law, certain information may also be used for institutional communications, news updates, sales activities, and marketing related to GAIO solutions.

GAIO may share data with vendors essential to service operation, such as hosting providers, cloud infrastructure providers, and payment processors, always within the limits necessary to run the platform.

Based on the company's public notice, infrastructure and hosting services may involve providers such as Azure, and payments may be processed by independent platforms such as Stripe, whenever applicable to the contracted product.

Data may also be shared to comply with legal obligations, court orders, the regular exercise of rights, or based on valid consent from the data subject when required.

Part of the infrastructure used to provide Gaio ProcessOS may be located outside Brazil, including in the United States, with technical and organizational measures adopted to protect confidentiality, integrity, and availability of information.

Despite security efforts and the adoption of good practices, no internet-connected environment is completely immune to incidents. In plans deployed within the customer's own infrastructure, local security measures become the customer's responsibility.

Personal data will be retained for as long as necessary to fulfill the informed purposes, meet legal and regulatory obligations, preserve required records, and safeguard the regular exercise of rights.

Access logs may be kept confidentially in a controlled environment for the minimum legal period. When applicable and upon a valid request, data may be deleted, anonymized, or blocked, except where legal retention is required.

When the customer acts as the controller of the data processed within Gaio ProcessOS, it is the customer's responsibility to perform the necessary deletions in its operation and respond to data subject requests.

Under the LGPD, data subjects may request confirmation of processing, access, correction, anonymization, blocking, deletion, portability, information on sharing, information on consent, and revocation where applicable.

When GAIO acts only as a processor, requests related to content processed on behalf of the customer must be directed to the respective controller.

The website and platform may use cookies and similar technologies for technical operation, security, preference storage, browsing analysis, and user experience improvement.

By continuing to use the environment and interacting with the consent banner, the user acknowledges this use within the limits described in this policy and in the settings made available on the site.

This policy may be updated at any time. The current version becomes effective upon its publication on the Gaio ProcessOS website.

For privacy matters and the exercise of rights, GAIO provides the email address lgpd@gaiodataos.com. For general communications, the company's official service channels remain available.