This Privacy Policy (“Policy”) describes how Tribufu and its subsidiaries and affiliates (collectively, “Tribufu,” “we,” “us,” or “our”) collect, use, store, process, share, and protect personal data in connection with your access to and use of our websites, applications, software, platforms, infrastructure, APIs, digital content, and other products and services (collectively, the “Services”).

This Policy is incorporated into and forms part of our Terms of Service. By accessing, using, registering for, or otherwise interacting with the Services, you acknowledge that you have read and understood this Policy.

1. Scope of This Policy

This Policy applies to all personal data processed by Tribufu in connection with:

• Websites and subdomains operated by Tribufu;
• Web applications and hosted platforms;
• Mobile applications;
• Downloadable software and APIs;
• Cloud-based infrastructure and subscription services;
• Customer support and communications;
• Any other products or services made available by Tribufu.

Tribufu may act either as a data controller or as a data processor, depending on the context in which personal data is processed.

2. Definitions

For purposes of applicable data protection laws, including the Brazilian General Data Protection Law (Lei nº 13.709/2018 – LGPD):

• Personal Data: Information relating to an identified or identifiable natural person.
• Sensitive Personal Data: Personal data concerning racial or ethnic origin, religious belief, political opinion, union membership, health data, sexual life, biometric or genetic data.
• Data Subject: The natural person to whom the personal data refers.
• Controller: The entity responsible for decisions regarding the processing of personal data.
• Processor (Operator): The entity that processes personal data on behalf of the Controller.

3. Categories of Data We Collect

We may collect and process the following categories of information:

3.1 Information You Provide Directly

• Full name;
• Email address;
• Telephone number;
• Billing and shipping address;
• Company or organization information;
• Account credentials;
• Communications and support inquiries;
• Feedback, comments, or submissions;
• Any other information voluntarily provided through the Services.

3.2 Usage and Technical Data

When you access or use the Services, we may automatically collect certain technical information, including:

• Internet Protocol (IP) address;
• Device identifiers;
• Browser type and version;
• Operating system;
• Access timestamps and logs;
• Interaction and navigation data;
• Cookies and similar tracking technologies.

3.3 Payment Information

If you purchase paid Services, payment data may be collected. Payment processing is handled by authorized third-party payment providers. Tribufu does not store full credit card numbers or sensitive payment credentials.

3.4 Support and Diagnostic Data

When submitting support requests, we may collect information related to your account, devices, systems, logs, and other diagnostic data necessary to resolve technical issues.

4. Legal Bases for Processing

Under the LGPD and other applicable data protection laws, we process personal data based on one or more of the following legal bases:

• Performance of a contract or preliminary procedures related to a contract;
• Compliance with legal or regulatory obligations;
• Legitimate interests of Tribufu, provided such interests do not override fundamental rights and freedoms;
• Consent of the data subject, when required;
• Regular exercise of rights in judicial, administrative, or arbitration proceedings;
• Protection of credit, where applicable.

Where consent is required, you may revoke it at any time, subject to legal and contractual limitations.

5. How We Use Personal Data

We use personal data for legitimate business purposes, including:

• Providing, operating, maintaining, and improving the Services;
• Creating and managing user accounts;
• Processing transactions and subscriptions;
• Providing customer and technical support;
• Communicating service updates, security alerts, and administrative messages;
• Sending marketing communications (with opt-out options);
• Preventing fraud, abuse, and security threats;
• Enforcing our Terms of Service and other agreements;
• Complying with legal obligations;
• Conducting analytics and research to improve performance and user experience.

6. Sharing and Disclosure of Data

We may share personal data in the following circumstances:

6.1 Service Providers

We may share data with third-party vendors, contractors, and service providers that perform services on our behalf, such as hosting, analytics, payment processing, customer support, and security monitoring. These parties are contractually obligated to protect personal data and process it only according to our instructions.

6.2 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, personal data may be transferred as part of the transaction, subject to applicable data protection laws.

6.3 Legal Requirements

We may disclose personal data if required by law, court order, or governmental authority, or when necessary to protect our legal rights, property, or safety, or that of our users.

7. International Data Transfers

Your personal data may be transferred to and processed in countries other than your country of residence. When international transfers occur, Tribufu adopts appropriate safeguards, including contractual clauses and security measures consistent with applicable data protection laws, including the LGPD.

8. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance functionality, analyze usage, and improve user experience. Cookies may include:

• Essential cookies necessary for authentication and security;
• Performance cookies used for analytics;
• Functional cookies that remember preferences;
• Marketing cookies, where applicable.

You may configure your browser to refuse cookies; however, certain features of the Services may not function properly without them.

9. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes described in this Policy, comply with legal obligations, resolve disputes, enforce agreements, and protect our legitimate interests. After the retention period, data may be securely deleted, anonymized, or archived.

10. Data Security

We implement commercially reasonable technical and organizational measures designed to protect personal data against unauthorized access, loss, misuse, alteration, or destruction. These measures may include encryption, access controls, monitoring systems, and internal security policies.

However, no system is completely secure. Users are responsible for maintaining the confidentiality of their account credentials.

11. Your Rights

Under Brazilian law, you have the right to request:

• Confirmation of the existence of processing;
• Access to personal data;
• Correction of incomplete, inaccurate, or outdated data;
• Anonymization, blocking, or deletion of unnecessary or excessive data;
• Data portability, where applicable;
• Information about data sharing with third parties;
• Revocation of consent;
• Review of automated decisions, when applicable.

Requests may be submitted through our official communication channels. We may require identity verification before responding.

12. Children’s Privacy

The Services are not intended for children, defined under Brazilian law as individuals under twelve (12) years of age, except where expressly permitted and in full compliance with applicable data protection legislation.

In accordance with the Brazilian General Data Protection Law (Lei nº 13.709/2018 – LGPD), the processing of personal data of children shall be carried out in their best interest and only with specific and highlighted consent provided by at least one parent or legal guardian, when required.

If we become aware that personal data of a child has been collected without the necessary legal authorization or without appropriate parental consent, we will take reasonable steps to verify the situation and, where applicable, delete such data in accordance with applicable law.

For individuals between twelve (12) and eighteen (18) years of age, personal data will be processed in compliance with applicable legal requirements and with appropriate safeguards to protect their fundamental rights and freedoms.

13. Marketing Communications

You may opt out of marketing communications at any time by following the unsubscribe instructions included in such communications. Transactional or service-related messages may still be sent.

14. Changes to This Policy

We may update this Privacy Policy from time to time. The updated version will be indicated by a revised “Last Updated” date. Continued use of the Services after changes become effective constitutes acceptance of the revised Policy.

15. Contact Information

If you have questions, requests, or concerns regarding this Privacy Policy or the processing of your personal data, you may contact Tribufu through the official communication channels provided on our website.