Transparency in handling your personal data

BrasilSync — System and Software, registered under CNPJ No. 18.203.655/0001-00, headquartered at Av. Antônio Labeca, 262 — Distrito Industrial, Paraguaçu/MG, ZIP 37120-970, Brazil, is the controller of personal data processed through this website, contact forms, systems and associated platforms (collectively "Services").

This Privacy Policy explains how we collect, store, use, share, and protect your personal data in compliance with the Brazilian General Data Protection Law (Law No. 13,709/2018 — LGPD). While the LGPD is our primary regulatory framework, the practices described herein are aligned with international data protection principles, including the European General Data Protection Regulation (GDPR — EU Regulation 2016/679) and similar legislation adopted across Latin America.

By using our Services, you acknowledge the terms described herein. If you do not agree, we recommend discontinuing use and contacting us through the channels provided at the end of this document.

We collect and process only data strictly necessary to deliver our services, always respecting the principles of purpose, adequacy, and necessity set forth in article 6 of the LGPD. Data may be provided directly by you, collected automatically, or obtained from legitimate sources.

• Identification and contact data: full name, email, phone number, company, role, and industry segment — provided voluntarily when filling in forms, requesting demos, or getting in touch.
• Browsing and device data: IP address, browser type, operating system, ISP, pages visited, session duration, and interactions performed on the website.
• Cookies and similar technologies: small files stored on your device to remember preferences, measure site performance, and personalize the browsing experience. See our Cookie Policy for details.
• System usage data: access logs, activity records, and usage statistics from the AgroSync Coffee platforms, collected for technical support, security, and continuous improvement purposes.
• Communication data: content of emails, messages, and interactions with our support and customer service teams.

All processing purposes are clearly communicated at the point of collection. We use personal data exclusively for:

• Delivering and operating contracted Services, including technical support and customer assistance throughout the entire journey.
• Sending service-related communications, such as system updates, operational notifications, and scheduled maintenance information.
• Personalizing the platform experience, optimizing navigation, and recommending features relevant to your profile.
• Performing aggregate analytics and statistics to improve our products, fix issues, and develop new solutions for the coffee industry.
• Complying with legal, regulatory and contractual obligations, including maintaining mandatory records for legally prescribed periods.
• Sending marketing communications about new products, events and relevant content — always with prior consent and an opt-out option.

We process personal data based on the legal grounds set out in articles 7 and 11 of the LGPD, according to the nature and specific purpose of each operation:

• Consent (art. 7, I): for marketing communications, non-essential cookies, and other purposes requiring express authorization from the data subject.
• Contractual performance (art. 7, V): to enable the contracting, implementation, and operation of AgroSync systems, including support and maintenance.
• Legitimate interest (art. 7, IX): to improve the Services, analyse usage trends, ensure platform security, and prevent fraud.
• Legal obligation (art. 7, II): to meet tax, accounting, employment, and other legal requirements from competent authorities.
• Where processing is based on consent, you may withdraw it at any time, free of charge and in a facilitated manner, without affecting the lawfulness of prior processing.

We do not sell, rent, or trade personal data. Sharing occurs only in the circumstances below, always in compliance with the LGPD and under contractual confidentiality clauses:

• Service providers and operational partners: cloud infrastructure, communication tools, data analytics platforms, and customer support systems — access data strictly to the extent necessary to perform contracted services.
• Authorities and regulatory bodies: when required by law, court order, or request from competent administrative authorities.
• Rights protection: to investigate, prevent, or take measures regarding illegal activities, suspected fraud, or violations of our Terms of Use.
• Corporate transactions: in the event of a merger, acquisition, restructuring, or asset sale, data may be transferred as part of the business, with guaranteed continuity of protection.

Data is stored for the time necessary to fulfil the purposes described in this Policy, respecting statutory retention periods for tax, accounting, and employment documents, as well as limitation periods for legal or administrative defence.

We adopt technical and organisational measures consistent with the state of the art to protect data from unauthorised access, loss, destruction, alteration, or improper disclosure, including encryption, role-based access control, log auditing, and continuous monitoring.

In the event of a security incident that may pose risk or relevant harm to data subjects, we will notify the Brazilian National Data Protection Authority (ANPD) and the affected data subjects, as required by article 48 of the LGPD.

We guarantee the exercise of all rights set out in article 18 of the LGPD. At any time and free of charge, you may request:

• Confirmation and access: confirm the existence of processing and access your data in a clear and complete manner.
• Correction: request correction of incomplete, inaccurate, or outdated data.
• Anonymisation, blocking or deletion: request anonymisation, blocking, or deletion of unnecessary or excessive data, or data processed in non-compliance with the LGPD.
• Portability: request transfer of your data to another service or product provider, in accordance with ANPD regulations.
• Information on sharing: obtain information about the public or private entities with which we share your data.
• Withdrawal of consent: revoke previously granted consent, simply and free of charge.
• Review of automated decisions: request review of decisions taken solely based on automated processing of personal data.

We use cookies and similar technologies to ensure site functionality, understand how visitors interact with our content, and offer a personalised experience.

When first accessing the site, a consent banner allows you to choose which cookie categories you wish to accept. Choices are stored locally and can be changed at any time in your browser settings.

We use the following cookie categories:

• Essential cookies: necessary for basic site operation, such as session management and consent preferences. They cannot be disabled.
• Performance and analytics cookies: collect anonymous data on how visitors use the site (most visited pages, session duration, traffic source). We use this information to improve navigation and content. These cookies depend on your consent.
• Functionality cookies: allow us to remember your preferences, such as your selected language, to provide a smoother experience on future visits.

BrasilSync is headquartered in Brazil, and as a rule, your data is stored within the national territory. However, some infrastructure, data analytics, and communication providers we use may process information on servers located in other countries.

In such cases, we ensure international transfers take place only to countries that provide an adequate level of protection, in accordance with articles 33 to 36 of the LGPD, or through standard contractual clauses, binding corporate rules, or other accepted legal safeguards.

This Privacy Policy is reviewed periodically to reflect legislative changes, new Service features, or developments in internal data governance processes.

When significant changes occur, we will notify data subjects through official channels (registered email and/or notice on the website), indicating the new revision date and a summary of the main changes.