1. Introduction

Lexato Tecnologia Ltda. ("Lexato", "we", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our digital evidence certification services.

By using our services, you agree to the collection and use of information in accordance with this policy. This policy complies with the Brazilian General Data Protection Law (LGPD - Law No. 13,709/2018).

2. Data We Collect

2.1 Registration Data

Full name
Email address
CPF (for invoice issuance)
Phone number (optional)
Authentication data (encrypted password, MFA)

2.2 Evidence Data

Captured screenshots and videos
URLs of certified pages
HTML source code of pages
Browser metadata (user agent, viewport)
Domain information (WHOIS, DNS, SSL)
Cryptographic hashes (SHA-256)
Timestamps and approximate geolocation

2.3 Usage Data

Access and activity logs
IP address
Device type and browser
Pages visited and time spent
Cookie and terms acceptance records

3. How We Use Your Data

We use your data to:

Provide and maintain our certification services
Process payments and issue invoices
Send notifications about your evidence
Provide technical support
Improve our services
Comply with legal obligations
Prevent fraud and abuse

4. Data Sharing

We do not sell your personal data. We may share data with:

Service providers: AWS (hosting), InfinitePay (payments), SERPRO/BRy (ICP-Brasil timestamps)
Public blockchains: Hashes are recorded on Polygon and Arbitrum (public and immutable data)
Authorities: When required by law or court order

5. Storage and Security

Your data is stored on Amazon Web Services (AWS) servers in Brazil. We implement technical and organizational security measures, including:

Encryption in transit (TLS 1.3)
Encryption at rest (AES-256)
Multi-factor authentication (MFA)
Role-based access control
Monitoring and audit logs
Regular backups with geographic redundancy

6. Data Retention

Registration data: Retained while the account is active
Evidence files: 90 days (standard) or up to 20 years (premium)
Metadata and hashes: Stored indefinitely for perpetual verification
Blockchain records: Permanent and immutable
Audit logs: 5 years for legal purposes

7. Your Rights (LGPD)

Under the LGPD, you have the right to:

Confirm the existence of data processing
Access your personal data
Correct incomplete or outdated data
Request anonymization or blocking of unnecessary data
Request data portability
Request data deletion (with legal exceptions)
Revoke consent

To exercise your rights, contact us at contato@lexato.com.br.

8. Cookies

We use essential cookies for website functionality and analytics cookies to improve our services. You can configure your browser to refuse cookies, but this may affect website functionality.

9. Changes to This Policy

We may update this policy periodically. We will notify you of significant changes by email or notice on the website. Continued use of the services after changes constitutes acceptance of the new policy.

10. Contact

For privacy questions, contact us:

Email: contato@lexato.com.br
Data Protection Officer (DPO): dpo@lexato.com.br
Address: Av. Paulista, 1000 - Suite 100, São Paulo - SP, ZIP 01310-100

1. Introduction

2. Data We Collect

2.1 Registration Data

Full name

Email address

CPF (for invoice issuance)

Phone number (optional)

Authentication data (encrypted password, MFA)

2.2 Evidence Data

Captured screenshots and videos

URLs of certified pages

HTML source code of pages

Browser metadata (user agent, viewport)

Domain information (WHOIS, DNS, SSL)

Cryptographic hashes (SHA-256)

Timestamps and approximate geolocation

2.3 Usage Data

Access and activity logs

IP address

Device type and browser

Pages visited and time spent

Cookie and terms acceptance records

5. Storage and Security

Your data is stored on Amazon Web Services (AWS) servers in Brazil. We implement technical and organizational security measures, including:

Encryption in transit (TLS 1.3)

Encryption at rest (AES-256)

Multi-factor authentication (MFA)

Role-based access control

Monitoring and audit logs

Regular backups with geographic redundancy

7. Your Rights (LGPD)

Under the LGPD, you have the right to:

Confirm the existence of data processing

Access your personal data

Correct incomplete or outdated data

Request anonymization or blocking of unnecessary data

Request data portability

Request data deletion (with legal exceptions)

Revoke consent

To exercise your rights, contact us at contato@lexato.com.br.