How Lexato protects your personal data in full compliance with the Brazilian General Data Protection Law.
Last updated: February 2026
Lexato was designed from its inception with privacy as a fundamental principle. All our data processing activities strictly follow Law No. 13,709/2018 (LGPD), ensuring transparency, security, and respect for data subjects' rights.
Unlike competitors that host data abroad, Lexato keeps all its infrastructure on servers in Brazil (AWS São Paulo), ensuring that your personal data remains under Brazilian jurisdiction.
Lexato Tecnologia Ltda.
Av. Paulista, 1000 — Suite 100, São Paulo — SP, ZIP 01310-100
AWS São Paulo (sa-east-1) — data in Brazil
The LGPD guarantees fundamental rights to every personal data subject. Click on each right to understand how to exercise it at Lexato.
All data processing at Lexato is based on one of the legal bases provided in Art. 7 of the LGPD. No data is processed without legal grounds.
Used for analytical cookies, marketing, and promotional communications. You may revoke at any time.
Non-essential cookies, newsletter, marketing notifications.
Processing necessary to provide the contracted service — evidence capture, certificate generation, and storage.
Registration data, captured evidence, payment data.
Data maintained to comply with legal and regulatory obligations, such as invoice issuance and accounting records.
CPF for NF-e, audit logs, tax records.
Processing necessary for platform security, fraud prevention, and service improvement, always respecting your rights.
Essential cookies, security logs, fraud prevention.
Simple and transparent process, with guaranteed response within 15 days.
Send an email to dpo@lexato.com.br identifying yourself and describing the right you wish to exercise. Include your full name and email registered on the platform.
For your security, we may request additional information to confirm your identity before processing the request. This prevents third parties from accessing your data.
Your request will be analyzed and responded to within 15 business days, as required by Art. 18, § 5 of the LGPD. In complex cases, the deadline may be extended with justification.
After analysis, the requested action will be executed and you will receive confirmation by email. If the request cannot be fully fulfilled, we will inform you of the legal reasons.
Main data processing operations carried out by Lexato in the context of digital evidence certification. Click to see details.
We detail where your data is processed and the applicable safeguards.
All of Lexato's main infrastructure is hosted on AWS São Paulo region (sa-east-1), ensuring that your personal data remains under Brazilian jurisdiction and in compliance with the LGPD.
Hashes registered on blockchain (Polygon, Arbitrum, and Optimism) are non-personal data — alphanumeric sequences that do not allow identification of the data subject. The decentralized nature implies global replication, but without exposure of personal data.
InfinitePay and Sentry may transfer data to servers in the USA. These transfers are supported by standard contractual clauses (SCCs) and certifications under the EU-US Data Privacy Framework, as per Art. 33 of the LGPD.
Technical and organizational measures implemented to protect your personal data, as required by Art. 46 of the LGPD.
If you believe that Lexato's processing of your personal data violates the LGPD, you have the right to file a petition with the ANPD (Art. 18, § 1). We recommend contacting us first so we can resolve your issue directly — our DPO responds within 15 days.
This page may be updated to reflect changes in our data processing practices or applicable legislation. Significant changes will be communicated by email to registered users with a minimum of 30 days advance notice.
LGPD compliance is not a project with an end date — it is a permanent commitment. Lexato conducts periodic reviews of its data processing practices and maintains ongoing training for its team on data protection.
Questions about LGPD or data protection?