Privacy Policy

1. General Information

Datametodo Gestão Contábil SS Ltda, registered under Tax ID No. 64.017.502/0001-08, headquartered at Av. Jurubatuba, 318, Brooklin, São Paulo - SP, ZIP 04583-100, is committed to protecting the personal data of its clients and website visitors, in compliance with the Brazilian General Data Protection Law (LGPD - Law No. 13.709/2018).

This Privacy Policy describes how we collect, use, store, and protect your personal and financial information in the context of accounting and financial management services.

2. Data Collected

We may collect the following information:

• Identification data: Full name, Tax ID (CPF), Company Tax ID (CNPJ), date of birth, nationality
• Contact data: Email, phone number, commercial address, residential address
• Financial data: Bank account information, financial statements, transaction records
• Tax data: Tax returns, deductions, fiscal information, tax identification numbers
• Business data: Company information, corporate structure, business activities, revenue data
• Employment data: Payroll information, employee records (when applicable)
• Legal documentation: Contracts, articles of incorporation, business licenses
• Payment data: Information necessary for service billing and payment processing
• Browsing data: IP address, browser type, pages visited

3. Purpose of Data Processing

The collected data is used to:

• Provide accounting and bookkeeping services
• Prepare and file tax returns and compliance documents
• Conduct financial analysis and reporting
• Provide business advisory and consulting services
• Process payroll and employment documentation
• Perform financial audits and reviews
• Ensure regulatory compliance and reporting
• Communicate with tax authorities on client's behalf
• Process service payments and issue invoices
• Provide customer service and support
• Comply with legal, fiscal, and professional obligations
• Maintain professional liability insurance requirements

4. Legal Basis for Processing

Data processing is performed based on:

• Consent: When you expressly authorize the use of your data
• Contract execution: To fulfill accounting service contracts
• Legal obligation: To comply with tax laws, accounting standards, and regulatory requirements
• Legitimate interest: For professional service delivery and client relationship management
• Protection of credit: For credit analysis when applicable

5. Data Sharing

Datametodo does not sell or commercialize personal or financial data. We may share data only with:

• Tax authorities: Federal Revenue Service, State and Municipal tax agencies for compliance reporting
• Regulatory bodies: Accounting Regulatory Council (CRC), professional oversight entities
• Financial institutions: Banks and payment processors for transaction processing
• Government agencies: When required for business registration, licenses, and permits
• External auditors: For audit and compliance review purposes (with client consent)
• Legal counsel: For legal advice and representation
• Service providers: Cloud accounting software, secure data storage, IT infrastructure
• Insurance providers: For professional liability insurance purposes
• Legal authorities: When required by law, court order, or legal process

6. Data Security

We implement rigorous technical and organizational measures to protect your sensitive financial data:

• End-to-end encryption of all financial and tax data
• Secure cloud storage with redundant backups
• Multi-factor authentication for all systems
• Access controls limited to authorized personnel only
• Encrypted communication channels for data transmission
• Regular security audits and penetration testing
• Employee training on data protection and professional secrecy
• Confidentiality agreements with all staff and partners
• Physical security for on-premises servers and documents
• Incident response and data breach protocols
• Professional indemnity insurance coverage

7. Your Rights as Data Subject

Under LGPD, you have the following rights:

• Confirmation and access: Confirm the existence of processing and access your data
• Correction: Request correction of incomplete, inaccurate, or outdated data
• Anonymization, blocking, or deletion: Request removal of unnecessary data (subject to legal retention requirements)
• Portability: Request data portability in structured format
• Deletion: Request deletion of data processed with consent (subject to legal and professional obligations)
• Information: Obtain information about data sharing and processing
• Revocation: Revoke consent (subject to contractual and legal obligations)
• Opposition: Object to processing in specific circumstances

8. Cookies and Similar Technologies

We use cookies to improve your browsing experience and website functionality. You can configure your browser to refuse cookies.

9. Data Retention

We retain your data for the time necessary to:

• Fulfill the purposes described in this policy
• Duration of the service relationship
• Financial records: minimum 5 years as required by tax law
• Tax documents: 5 years from tax filing date
• Accounting records: as required by Brazilian Commercial Code and accounting standards
• Legal prescription periods (generally 5-10 years for accounting documentation)
• Professional regulatory requirements (CRC standards)
• Professional liability insurance requirements
• Exercise of legal rights and defense against claims

After these periods, data will be securely deleted or anonymized, except where longer retention is required by law or professional standards.

10. International Data Transfer

Your data is primarily stored and processed in Brazil. When we use cloud services with international infrastructure, we ensure adequate data protection measures and compliance with LGPD requirements for international transfers.

11. Minors

Our services are intended for legal entities and individuals over 18 years of age engaged in business activities. We do not intentionally collect data from minors.

12. Changes to This Policy

This Policy may be updated periodically to reflect changes in our practices or legal requirements. Significant changes will be communicated by email or website notice.

13. Data Protection Officer (DPO)

We have appointed a Data Protection Officer responsible for ensuring LGPD compliance and managing data protection inquiries.

14. Contact

To exercise your rights or clarify questions:

We will respond to your requests within 15 calendar days, extendable by another 15 days with justification.

15. Applicable Law and Jurisdiction

This Policy is governed by the laws of the Federative Republic of Brazil, especially Law No. 13.709/2018 (LGPD), tax legislation, accounting professional standards, and CRC regulations. The jurisdiction of São Paulo/SP is elected to resolve any disputes.

Last updated: December 2025