Privacy Policy.

This Policy applies to all personal data processed by Prumo ADT — including business clients who engage our document preparation, contract management or administrative support services, their employees and representatives whose data appears in the documents and contracts we manage, website visitors and anyone whose data we process in connection with our activities. Contract management services involve processing substantial quantities of client business data — we treat all of it as confidential.

A. Client businesses (contracting parties):

• Business identification and contact data: Company name, CNPJ and the name, role, phone and email of the responsible contact at the client — collected when companies engage our services.
• Billing data: CNPJ and billing address for NFS-e issuance.

B. Third-party data appearing in documents and contracts (operador role):

• Contract parties and signatories: Names, roles, CPF/CNPJ, signatures and contact details of individuals who appear as parties, signatories, witnesses or representatives in contracts and documents we prepare or manage — processed as operador on the client's instruction, for the purpose of document preparation.
• Business counterparty data: Information about companies and individuals with whom our clients contract — as it appears in the documents we manage. Treated as client confidential information.
• Process and compliance documentation data: Employee names, roles and organisational information appearing in the SOPs, process documents and compliance documentation we prepare.

C. Website visitors: IP address, browser type, pages visited and access times; name, company and message when submitting enquiries.

• Client (as deliverable): Prepared documents, managed contracts and all service deliverables are provided to the commissioning client — this is the purpose of the service.
• Contract counterparties (as required by the document): Where preparing or executing a contract requires transmitting the document to a named counterparty — only on the client's explicit instruction and in the course of performing the contracted service.
• SEFAZ-SP / Receita Federal: Tax data for NFS-e issuance and fiscal compliance.
• Prefeitura de São Paulo (ISS): For ISS obligations on administrative services activities.
• PROCON-SP: When required in a consumer dispute under the CDC.
• Legal authorities: When required by a competent judicial or administrative order.

Our document services operate from São Paulo, SP. Client documents and contract files are stored in Brazil. Any technology platforms for document management, e-signature, cloud storage or project collaboration that operate on international servers are used only under the guarantees of Art. 33 of the LGPD or recognised adequacy mechanisms, and only with client awareness where their documents are involved.

• NFS-e and fiscal records: Minimum 5 years under federal and state tax legislation (CTN, Art. 174; SEFAZ-SP).
• Client service contracts and commercial records: Duration of the client relationship plus 5 years for contractual, fiscal and dispute documentation.
• Client documents and contract files (as operador): Retained for the duration of the service engagement plus any applicable post-service dispute period. On service termination or client request, client document files are returned or deleted — we do not retain client documents beyond the service engagement without explicit written instruction. NFS-e copies are retained independently for the fiscal statutory period.
• Contact and enquiry data (no service commenced): Up to 1 year from last contact.
• Website analytics: Aggregated and anonymised after 12 months.

• Client documents and contracts accessible only to the team members directly responsible for that client's service — strict access controls per client engagement;
• No client's documents ever accessible to staff working on a different client's account — logical separation enforced throughout;
• Document management systems protected with role-based access controls and audit logging;
• E-signature platforms used comply with Brazilian ICP-Brasil standards where applicable;
• All digital communications and file transfers encrypted in transit (HTTPS/TLS);
• As a Ltda operating from Av. JK, formal internal data handling and document security protocols maintained;
• Incident response procedures and breach notification per LGPD Art. 48.

• Confirmation and Access (Art. 18, I–II): Confirm whether we hold your data and receive a copy.
• Correction (Art. 18, III): Request correction of inaccurate data.
• Anonymisation / Blocking / Deletion (Art. 18, IV): Request deletion — subject to fiscal retention obligations and any ongoing service engagement.
• Portability (Art. 18, V): Receive your data in a structured format.
• Deletion of consent-based data (Art. 18, VI): Request deletion of consent-based data.
• Information on sharing (Art. 18, VII): Find out which entities your data has been shared with.
• Withdrawal of Consent (Art. 8º, §5º): Withdraw consent at any time.
• Complaint to the ANPD (Art. 18, §1º): Lodge a complaint at www.gov.br/anpd.

For requests relating to data processed as operador in a client's service engagement, we will refer the request to the relevant client controller per LGPD Art. 39. We respond within 15 business days.

Our website may use cookies for essential functionality and aggregated performance analysis. We do not use behavioural tracking or advertising cookies. Preferences can be managed through browser settings.

Our document and contract management services are engaged by businesses — adults acting in a professional capacity. Where third-party data in documents we process as operador includes data about minors (for example, in employment contracts, family law documentation or corporate structures with minor shareholders), we handle that data under the client's LGPD framework and the heightened protections of LGPD Art. 14, and advise clients of their obligations as controllers for such data.

In our own right, we do not systematically collect sensitive personal data as defined in LGPD Art. 5º, II. In preparing and managing documents as operador, we may encounter sensitive data in client documents — for example, in employment contracts (health information), compliance documentation (criminal background data) or certain legal documents. In all such cases, we apply LGPD Art. 11 heightened handling requirements and process that data only on the client's documented instruction.

This Policy may be updated to reflect changes in our services, the LGPD, ANPD guidance or applicable São Paulo tax legislation. Material changes will be communicated to active clients by email and via our website.

All privacy requests, questions and complaints should be directed to our Data Protection Officer (Encarregado — LGPD Art. 41):