en
en

PRIVACY POLICY

Last Updated: May 2025

57,063,811 Fernanda Cristina Costa Fonseca, developer of the Duohabit system, in compliance with current legislation, in particular the General Law on the Protection of Personal Data, Law No. 13,709/2018, describes the terms below with the aim of guaranteeing the privacy of users of its products and services.

We have adopted this Privacy Policy, which sets out how we are processing information collected through the website and application and also explains why we need to collect personal data about you. Therefore, you should read this Privacy Policy before using our website and application.

We take care of your personal data and assume responsibility for ensuring the confidentiality and security of your personal information.

  1. Definitions

For the purposes of this document, the following definitions and descriptions should be considered for better understanding:

  • COOKIES: small computer files or data packets sent by a website to the user's browser when the USER visits the website.

  • USER: Any natural person who accesses and/or uses the website/platforms’ features and/or services.

  • DATA SUBJECT: Natural person to whom the personal data being processed refer.

  • PERSONAL DATA: Information related to any identified or identifiable natural person.

  1. Data we collect:

When you use the Website and App, we automatically collect certain information about your device, including information about your browser, IP address, time zone, and cookies.

You can configure your browser to notify you about cookies that are used and even to refuse them. You can even disable some cookies on our website, but we would like to point out that some cookies are essential for certain features. Cookies are used to combine information to provide an increasingly better service to our visitors, compile and analyze statistics and trends.

Additionally, when you browse the Site, we collect information about the individual web pages or products that you view, what websites or search terms referred you to our Site, and how you interact with our Site. We refer to this automatically collected information as “Device Information.”

Additionally, we may collect personal data that you provide, such as:

  • Full name;

  • E-mail;

  • Telephone;

  • Company and

  • Free message for the Holder to contact.

3. Purpose of data collection

The collection of information has the sole and exclusive purpose of maintaining and improving the services provided to offer a better experience for you. Therefore, as necessary, the information collected will be used for the following purposes:

  • Allow you to access our platform by providing access to certain areas and features;

  • Respond to any questions you may have, requests for information and contact us;

  • Personalize and customize your experience;

  • Pass on to government authorities when requested to do so by subpoena, court order, or other legal process to establish or exercise our legal rights or protect our property; to defend against legal claims; or as otherwise required by law;

  • Send you promotional messages, marketing, prospecting, content materials, market research, opinion polls about our services, when you authorize us to do so;

  • Investigate, prevent or take action related to illegal activities, suspected fraud or situations involving potential threats to the physical and technological security of any person, partner companies, within the limits permitted by applicable legislation.

  1. Sharing of personal data

When necessary, the company may share your personal data with the third parties listed below in order to correctly provide the services offered, securely store your personal data and provide a better experience. Data sharing will be carried out within the limits and purposes of our business, in accordance with the purpose of processing personal data and in accordance with what is authorized by applicable legislation. Therefore, your data may be shared with:

  • Third-party software platforms and tools for the purpose of managing the provision of services offered by the company;

  • Computer service providers, information technology and service companies focused on ensuring information security;

  • Marketing and advertising companies;

  • Tax authorities and government, police, public and judicial bodies for the purpose of responding to complaints, investigations, legal measures and legal proceedings; as well as complying with legal, regulatory and tax obligations.

5. Data storage

  1. Where do we store?

We use data storage providers that provide greater security for user data, which is necessary for hosting the system, automation platform and relationship system with our customers, generating a more personalized experience.

All data is hosted in the largest and most secure Data Center in the world, Amazon Web Service – AWS.

  1. How long do we store your data?

Personal data collected by the website and application are stored and used for a period of time that corresponds to that necessary to achieve the purposes listed in this document and that consider the rights of their owners, the rights of the website controller and the applicable regulatory legal provisions.

Once the personal data storage periods have expired, they are removed from our database or anonymized, except in cases where there is the possibility or need for storage due to legal or regulatory provisions.

  1. Legal bases for the processing of personal data

A legal basis for the processing of personal data is nothing more than a legal basis, provided for by law, that justifies it. Therefore, each personal data processing operation must have a legal basis and a corresponding basis.

6.1 Personal data collected

We process non-sensitive personal data of our users in the following cases:

  • With the consent of the holder of the personal data;

  • Through the legitimate interest of the holder of the personal data.

6.2 Consent

Certain personal data processing operations carried out on our website and application will depend on the user's prior consent, which must be expressed freely, in an informed and unequivocal manner.

The user may revoke their consent at any time, and if there is no legal hypothesis that allows or requires the storage of data, the data provided through consent will be deleted.

Furthermore, if desired, the user may not agree to any personal data processing operation based on consent. In these cases, however, it is possible that the user will not be able to use some functionality of the website and application that depends on that operation. The consequences of the lack of consent for a specified activity are informed prior to the processing.

6.3 Legitimate Interest

If the holder wishes to contact our Data Controller/DPO, they must fill out a form validating some data, which will be based on their legitimate interest.

Once the form has been completed, we will contact you to respond to the request made by the holder.

  1. User rights

The website user has the following rights, granted by the Personal Data Protection Law:

  • Confirmation of the existence of treatment;

  • Access to data;

  • Correction of incomplete, inaccurate or outdated data;

  • Anonymization, blocking or deletion of unnecessary, excessive data or data processed in non-compliance with the provisions of the law;

  • Portability of data to another service or product provider, upon express request, in accordance with the regulations of the national authority, observing commercial and industrial secrets;

  • Deletion of personal data processed with the consent of the holder, except in cases provided for by law;

  • Information on public and private entities with which the controller shared data;

  • Information about the possibility of not providing consent and the consequences of refusal;

  • Revocation of consent.

It is important to highlight that, under the LGPD, there is no right to delete data processed based on legal grounds other than consent and legitimate interest, unless the data is unnecessary, excessive or processed in a manner that does not comply with the provisions of the law.

7.1 How the holder can exercise his/her rights

To ensure that the user who intends to exercise his/her rights is, in fact, the holder of the personal data subject to the request, we may request documents or other information that may assist in his/her correct identification, in order to protect our rights and the rights of third parties. This will only be done if absolutely necessary.

  1. Security measures in the processing of personal data

We employ technical and organizational measures capable of protecting personal data from unauthorized access and from situations of destruction, loss, misplacement or alteration of such data.

The measures we use take into account the nature of the data, the context and purpose of the processing, the risks that a possible violation would generate for the user's rights and freedoms, and the standards currently used in the market by companies similar to ours.

Among the security measures adopted by us, we highlight the following:

  • Our users' data is stored in a secure environment;

  • We limit access to our users' data so that unauthorized third parties cannot access it;

  • We keep records of everyone who has, in any way, contact with our data.

Even if we take all possible steps to prevent security incidents, it is possible that a problem may occur caused exclusively by a third party – such as in the case of hacker or cracker attacks, or even in cases of exclusive fault of the user, which occurs, for example, when the user transfers his/her data to a third party. Therefore, although we are generally responsible for the personal data we process, we are exempt from liability in the event of an exceptional situation such as these, over which we have no control.

In any case, if any type of security incident occurs that may generate risk or relevant damage to any of our users, we will notify those affected and the National Data Protection Authority about the incident, in accordance with the provisions of the General Data Protection Law.

  1. Changes to this policy

This version of this Privacy Policy was last updated in May 2025.

The company reserves the right to change this privacy policy from time to time whenever it deems it necessary to fulfill the intended purposes. The date of the last update will always be stated at the beginning of the document. If there is any substantial change in the way we use your information, we will notify you with a prominent announcement on our website.

  1. How to contact us

If you are concerned about your privacy, have a complaint, question or request regarding this matter, or wish to exercise any of the rights provided for by law, please contact our Data Officer via email: privacidade@duohabit.com .

Duohabit

CONTACT:

contato@duohabit.com

© 2025. All rights reserved.

Transform your habits in a practical and productive way.

Privacy Policy

Terms and conditions