Privacy Policy
1. Data Controller
Your personal data is processed by:
CNPJ: 58,699,635/0001-09
Privacy contact: contato@regulabio.com.br
This Policy describes how we collect, use, store and protect your personal data when you use the RegulaBio platform, including the institutional website, the logged-in area and the AI diagnostic assistant.
2. Data We Collect
We collect the following data, depending on how you use the platform:
| Data | When collected | Purpose |
|---|---|---|
| Name | Sign-up or diagnostic chat | Identification and personalized service |
| Sign-up or chat | Communication, sending diagnostic, account access | |
| Phone | Diagnostic chat (optional) | Commercial follow-up |
| Company name and details | Diagnostic chat | Generation of regulatory diagnostic |
| Company regulatory information | Diagnostic chat (sector, size, biodiversity activities) | Risk analysis and diagnostic generation |
| Uploaded documents | Logged-in area (voluntary upload) | Secure storage for user access |
| Access and browsing data | Automatically, when using the platform | Security, service improvement |
We do not collect sensitive data as defined in Art. 5, II of the LGPD (racial origin, religious belief, health, biometrics, etc.), nor data of minors under 18.
3. Legal Bases for Processing
All data processing performed by RegulaBio has a legal basis under Art. 7 of the LGPD:
- Consent (Art. 7, I): data collected in the diagnostic chat, upon express acceptance of the Terms of Use and this Policy before the conversation begins.
- Contract performance (Art. 7, V): data needed to operate the account and deliver services contracted in the logged-in area.
- Legitimate interest (Art. 7, IX): browsing data for security and continuous platform improvement, provided it does not override data subject rights.
4. How We Use the Data
- Generate and deliver the personalized regulatory diagnostic;
- Create and maintain your platform account;
- Send communications about your diagnostic and the platform (you may opt out at any time);
- Improve service quality and accuracy, based on aggregated and anonymized analysis;
- Comply with legal and regulatory obligations;
- Prevent fraud and ensure platform security.
We do not sell your data to third parties and we do not use your information for third-party advertising purposes.
5. Data Sharing
We may share your data only in the following cases:
- Service providers: companies that help us operate the platform (cloud infrastructure, authentication, data storage). These partners are contractually required to handle data with the same level of protection demanded by this Policy. The current list of operators may be requested at any time at contato@regulabio.com.br.
- Legal obligation: when required by law, court order or competent authority.
- With your consent: in any other situation not listed above, only after your explicit consent.
6. Data Retention
We keep your data for the time necessary to fulfill the purposes described in this Policy:
- Account data: while the account is active or as required by law;
- Diagnostic chat data: for up to 2 years after the last interaction, for service improvement;
- Uploaded documents: until deletion by the user or account termination;
- Browsing data and logs: for up to 12 months.
After the retention period, data is irreversibly deleted or anonymized.
7. Your Rights as a Data Subject
The LGPD (Art. 18) grants you the following rights, which can be exercised at any time at contato@regulabio.com.br:
We will respond to requests within 15 business days. If necessary, this period may be extended with justification.
8. Data Security
We adopt appropriate technical and organizational measures to protect your data against unauthorized access, loss, alteration or improper disclosure:
- Data transmission via HTTPS (TLS encryption);
- Secure authentication with session tokens;
- Profile-based access control (each user only accesses their own data);
- Cloud infrastructure with internationally recognized security standards.
In case of a security incident that may pose risks to data subjects, we will notify the Brazilian National Data Protection Authority (ANPD) and affected users within the time frames set by the LGPD.
9. Cookies and Local Storage
We use the browser's localStorage to store the chat session and consent record. We do not use third-party tracking cookies or behavioral advertising tools.
You may clear local storage at any time through your browser settings.
10. International Data Transfers
For the operation of the AI assistant and other platform components, some information may be processed by servers located outside Brazil. Such transfers are made under contractual clauses that guarantee a level of protection equivalent to that required by the LGPD, in accordance with Art. 33 of the law. Information about destination countries may be requested at contato@regulabio.com.br.
11. Children and Adolescents
The platform is not intended for minors under 18. We do not knowingly collect data from children or adolescents. If we identify improper collection, we will delete the data immediately.
12. Changes to this Policy
This Policy may be updated periodically. Material changes will be communicated by email or notice on the platform with at least 15 days' prior notice. The date of the last update is always shown at the top of this document.
13. Contact and Privacy Channel
To exercise your rights or clarify questions about this Policy, contact our data privacy team:
Email: contato@regulabio.com.br
Suggested subject: "Data Privacy — [your request]"
You may also file complaints with the Brazilian National Data Protection Authority (ANPD): www.gov.br/anpd