Privacy Policy

Last updated: January 1, 2026

Your privacy is fundamental to us. This policy explains how we collect, use and protect your data.

1. Information We Collect

Registration Information: Name, email, password (encrypted), organization name.

Usage Data: Pages visited, features used, session duration.

CRM Data: Contacts, deals, pipelines and other information you enter into the system.

Payment Information: Processed exclusively by Mercado Pago. We do not store credit card data.

2. How We Use Your Data

  • Provide the Service: Manage your account, process payments, send notifications.
  • Improve the Product: Analyze aggregate usage to identify improvements and bugs.
  • Communication: Send transactional emails (account confirmation, invoices) and marketing (with opt-out).
  • Security: Detect and prevent fraud, abuse and attacks.

We never sell your data to third parties.

3. Data Isolation (Multi-Tenant)

Each organization's data is completely isolated. Users of Organization A can never view or access data from Organization B.

All database queries include a filter by organizationId to ensure absolute isolation.

4. Security Measures

  • Encryption: Passwords with bcrypt, data in transit via HTTPS/TLS.
  • Authentication: JWT tokens with expiration, HttpOnly and SameSite cookies.
  • Database: PostgreSQL hosted on secure servers with daily backups.
  • Monitoring: Access logs and error monitoring via Sentry.

5. Cookies and Tracking

Essential Cookies: Required for authentication and system operation.

Google Analytics: We use GA4 for aggregated usage analysis (anonymized).

You can disable non-essential cookies in your browser settings.

6. Data Sharing

We share data only with:

  • Mercado Pago: For payment processing (PCI-DSS compliant).
  • Resend: For transactional and marketing emails.
  • Vercel: Application hosting (SOC 2 Type II certified).
  • Sentry: Error monitoring (anonymized data).

All partners sign DPAs (Data Processing Agreements) in compliance with LGPD.

7. Your Rights (LGPD)

Under the General Data Protection Law (LGPD), you have the right to:

  • Access: Request a copy of all your data.
  • Correction: Update incorrect data.
  • Deletion: Delete your account and all associated data.
  • Portability: Export your data in a readable format.
  • Revocation: Withdraw consent for marketing at any time.

To exercise your rights, send an email to: privacidade@roilabs.com.br

8. Data Retention

Active Account: We retain your data while your account is active.

After Cancellation: Data is retained for 90 days for recovery, then permanently deleted.

Access Logs: Retained for 1 year for security purposes.

9. Changes to This Policy

We may update this policy periodically. Significant changes will be communicated by email with 30 days' notice.

We recommend reviewing this page regularly.

10. Contact

For privacy questions, contact us:

Questions about privacy?

Our team is available to clarify any questions about how we handle your data.

Contact DPOView Terms of Use