Privacy Policy

Last updated: October 30, 2025

📋 EXECUTIVE SUMMARY

Thank you for choosing Quero Automação! This Privacy Policy explains how we handle your personal data in a transparent and secure manner.

Key points:

  • ✅ We only collect data necessary for our services (product sales, app, and courses)
  • ✅ You have complete control over your data
  • We DO NOT sell your personal data to third parties
  • ✅ We use strict security measures
  • ✅ We comply with the Brazilian General Data Protection Law (LGPD)

📖 TABLE OF CONTENTS

  1. Definitions and Basic Concepts
  2. Data Collected
  3. Legal Bases and Purposes
  4. Retention Period
  5. Data Sharing
  6. International Transfers
  7. Data Security
  8. Your Rights
  9. Data Protection Officer
  10. Cookie Policy
  11. Data of Minors
  12. We Count on You
  13. Changes to this Policy
  14. Contact

1. DEFINITIONS AND BASIC CONCEPTS

To facilitate understanding of this Policy, we define some important terms:

Quero Automação or “We”

QUERO AUTOMAÇÃO TECNOLOGIA DA INFORMAÇÃO LTDA., registered under CNPJ No. 32.460.281/0001-51, headquartered at Rua Furnas, No. 98, Brooklin District, São Paulo/SP, ZIP Code 04562-050, Brazil.

You, User, or Data Subject

The natural person to whom the personal data relates. May be a customer, website visitor, course student, or app user.

Personal Data

Any information related to an identified or identifiable natural person. Examples: name, tax ID (CPF), email, phone, address, IP.

Sensitive Personal Data

Data about racial or ethnic origin, religious belief, political opinion, union membership, genetic data, biometric data, health or sexual life data.

Data Processing

Any operation performed with personal data: collection, storage, consultation, use, sharing, deletion, etc.

Controller

Who makes decisions about personal data processing. In most cases, Quero Automação acts as the Controller.

Processor

Who performs data processing on behalf of the Controller. Examples: hosting services, payment processors.

Our Services

  • Online Store: Sale of home automation products
  • Quero Automação App: Platform for home automation management
  • Home Automation Course: Training and certifications

LGPD

Brazilian General Data Protection Law (Law No. 13.709/2018), Brazilian legislation that regulates personal data processing.

ANPD

National Data Protection Authority, the agency responsible for overseeing and enforcing LGPD in Brazil.

Cookies

Small text files stored on your device when you visit our website, which help improve your browsing experience.

IoT Devices (Internet of Things)

Home automation equipment connected to the internet, such as smart lights, locks, cameras, sensors, etc.

2. DATA COLLECTED

2.1. When We Collect Your Data

We collect your personal data at different times and in different ways:

📱 When creating an account on Quero Automação App

Data collected:

  • Full name
  • Email
  • Phone number
  • Password (encrypted)
  • Residential address (for equipment configuration)

Legal basis: Contract execution

🛒 When purchasing products in our store

Data collected:

  • Full name
  • Tax ID (CPF)
  • Email
  • Phone
  • Delivery address
  • Payment data (processed by secure gateway)

Legal basis: Contract execution

🎓 When enrolling in the Home Automation Course

Data collected:

  • Full name
  • Tax ID (CPF)
  • Email
  • Phone
  • Address (for issuing the tax invoice)
  • Professional information (optional, for personalization)

Legal basis: Contract execution

💬 When contacting us

Data collected via:

  • Contact form: Name, email, phone, message
  • Online chat: Name, email, conversation history
  • WhatsApp: Name, number, message history
  • Email: Email address, message content

Legal basis: Legitimate interest (customer support)

🌐 When browsing our website

Data automatically collected:

  • IP address
  • Date and time of access
  • Pages visited
  • Browser type and operating system
  • Device used
  • Approximate geographic location
  • Cookies (according to your authorization)

Legal basis: Legitimate interest + Legal obligation compliance (Brazilian Internet Civil Rights Framework)

📧 When subscribing to the Newsletter

Data collected:

  • Name
  • Email
  • Areas of interest (optional)

Legal basis: Consent

🏠 When using IoT devices connected to the App

Data collected by equipment:

  • Event logs (when devices are activated)
  • Sensor data (temperature, humidity, brightness, motion)
  • Usage patterns and energy consumption
  • Operational status of equipment
  • Settings and automations created

Legal basis: Contract execution

Important: Each device manufacturer has its own privacy policy. We recommend reading the policies of connected equipment.

2.2. You As Controller

⚠️ IMPORTANT NOTICE

When you use the Quero Automação App to monitor or collect data from third parties (family members, visitors, employees, customers, etc.), YOU act as the CONTROLLER of this data, and Quero Automação acts only as a PROCESSOR.

This means that YOU are responsible for:

  • ✅ Obtaining proper consent from these individuals
  • ✅ Informing them about data collection and use
  • ✅ Ensuring the legitimacy and legality of monitoring
  • ✅ Respecting all rights of data subjects
  • ✅ Maintaining records of consents obtained

Examples:

  • If you install cameras that record visitors
  • If you monitor the presence of family members
  • If you collect data from domestic employees
  • If you access the App through your customers’ accounts

We only process your personal data when there is a legal basis that authorizes such processing, as provided by LGPD:

3.1. Contract Execution (Art. 7, V of LGPD)

We use your data to provide the services you contracted:

  • ✅ Create and manage your Quero Automação App account
  • ✅ Process and deliver online store orders
  • ✅ Provide access to contracted courses
  • ✅ Connect and manage automation devices
  • ✅ Process payments and issue tax invoices
  • ✅ Provide technical support
  • ✅ Send communications about order and service progress

3.2. Legal Obligation Compliance (Art. 7, II of LGPD)

We maintain certain data to comply with Brazilian legislation:

  • ✅ Access logs: Minimum of 6 months (Art. 15 of the Brazilian Internet Civil Rights Framework – Law 12.965/2014)
  • ✅ Tax and accounting data: Up to 5 years (National Tax Code)
  • ✅ Contractual data: Up to 5 years (Art. 205 of the Brazilian Civil Code – Law 10.406/2002)
  • ✅ Respond to court orders and requests from authorities

3.3. Legitimate Interest (Art. 7, IX of LGPD)

We may process data based on legitimate interest to:

  • ✅ Improve platform security and stability
  • ✅ Prevent fraud and abuse
  • ✅ Perform statistical analysis with anonymized data
  • ✅ Develop new features and improvements
  • ✅ Exercise rights in legal or administrative proceedings
  • ✅ Protect our rights and assets
  • ✅ Ensure service continuity

You may object to processing based on legitimate interest at any time.

3.4. Consent (Art. 7, I of LGPD)

With your specific and highlighted consent, we may:

  • ✅ Send marketing communications about new products
  • ✅ Share offers from partners related to automation
  • ✅ Use data for targeted advertising
  • ✅ Send newsletters and educational content
  • ✅ Collect sensitive data when necessary

📌 You can revoke your consent at any time through your account settings, unsubscribe link in emails, or by contacting us.

3.5. Protection of Life (Art. 7, VII of LGPD)

In emergency situations, we may process data without consent to protect life or physical integrity:

  • Medical emergencies detected by sensors
  • Risk situations identified by security cameras
  • Alarm system activation

4. DATA RETENTION PERIOD

We keep your data only for the necessary time. See the specific periods with legal basis:

Data TypeRetention PeriodLegal Basis
Registration and Account DataDuring contractual relationship + up to 5 years after terminationArt. 205 of Brazilian Civil Code
Access Logs (IP, date/time)Minimum of 6 monthsArt. 15 of Internet Civil Rights Framework
Tax Data (invoices, payments)Up to 5 years after last fiscal yearNational Tax Code
Communication History (SMS, email)Minimum of 5 yearsANATEL Resolution 738/2020
Marketing DataUntil consent revocation or maximum 2 years without interactionConsent
Technical Support DataDuring resolution + up to 1 year after closureLegitimate interest
Courses and Certificates DataDuring course + up to 5 years after completionLegal obligation (MEC)
Anonymized DataIndefinitelyLGPD rules do not apply

💡 What is Anonymization?

Anonymization is the process of making personal data unrecognizable, so that it is no longer possible to identify the person. Anonymized data is no longer considered “personal data” under LGPD and can be kept indefinitely for statistical and research purposes.

5. DATA SHARING

⛔ WE DO NOT SELL YOUR PERSONAL DATA

We may share your data only in the following specific situations:

5.1. Service Providers (Processors)

We share data with companies that help us provide our services. All are contractually obligated to protect your data:

☁️ Cloud and Hosting Providers

  • Amazon Web Services (AWS) – Server and database hosting
  • Google Cloud Platform – Infrastructure services
  • Microsoft Azure – Backup and redundancy
  • Tuya – Automation system provider
  • Shopify – International store provider
  • Digital Ocean – Server and database hosting

💳 Payment Processors

  • Mercado Pago – Credit and debit cards
  • Hotmart – Transaction processing
  • Pix – Instant transfers
  • Stripe – Credit cards and transfers
  • PayPal – Credit cards and transfers

We do not store complete credit card data.

📧 Communication Services

  • Amazon SES – Transactional email sending
  • Twilio – SMS sending
  • Zendesk – Customer support
  • Meta – WhatsApp message sending

📊 Analytics Tools

  • Google Analytics – Website usage analysis
  • Hotjar – User experience
  • Firebase – App usage analysis

🚚 Logistics and Delivery Services

  • International Mail Service
  • Partner carriers (Total Express, DHL, FedEx, UPS, Anjun, etc.)

We share only name, address, and phone for delivery.

5.2. Legal Obligations

We may share data when legally required:

  • ✅ In response to court orders
  • ✅ By request from competent authorities (Police, Public Prosecutor’s Office, Federal Revenue)
  • ✅ To fulfill regulatory obligations
  • ✅ In administrative proceedings before ANPD

5.3. Rights Protection

When necessary to:

  • ✅ Protect our legal rights
  • ✅ Prevent fraud or illegal activities
  • ✅ Protect the safety of users or the public
  • ✅ Investigate violations of Terms of Use

5.4. Corporate Operations

In case of merger, acquisition, sale of assets, or corporate reorganization:

  • Your data may be transferred as part of the assets
  • You will be notified in advance of any change of control
  • New controllers will be bound by this Policy

5.5. Business Partners (Only with Consent)

Only with your express consent, we may share data with partners for:

  • Offers of complementary automation products
  • Loyalty programs
  • Specialized events and courses

You can revoke this consent at any time.

6. INTERNATIONAL DATA TRANSFERS

Some of our service providers may be located outside Brazil.

6.1. Countries and Services

Country/RegionServicePurpose
United StatesAWS, Google Cloud, Microsoft Azure, Tuya, Amazon, Digital OceanServer and data hosting
United StatesGoogle Analytics, Firebase, TuyaUsage analysis
European UnionBackup serversBackup and redundancy

6.2. Protection Mechanisms

All international transfers are protected by:

  • ✅ Standard Contractual Clauses approved by ANPD
  • ✅ Security certifications: ISO 27001, SOC 2, Privacy Shield
  • ✅ Specific Data Protection Agreements
  • ✅ Contractual guarantees that data will receive protection equivalent to LGPD
  • ✅ Data encryption in transit and at rest
  • ✅ Compliance verification mechanisms

6.3. Your Rights in International Transfers

You have the right to:

  • ✅ Request information about the specific safeguards applied
  • ✅ Obtain copies of documents supporting the transfer
  • ✅ Object to the transfer in specific cases

7. DATA SECURITY

We take the security of your data very seriously and implement multiple layers of protection:

7.1. Security Principles

🔒 Confidentiality

Only authorized persons access your data, according to the least privilege principle.

✅ Integrity

Your data is protected against unauthorized alterations.

📊 Availability

There are mechanisms to ensure data is available when legitimate.

📝 Auditability

We evaluate and document internal controls to verify adequacy.

7.2. Technical Measures

  • 🔐 Data encryption in transit (TLS 1.3/SSL)
  • 🔐 Data encryption at rest (AES-256)
  • 🛡️ Firewalls and intrusion detection systems
  • 🔑 Multi-factor authentication available
  • 👁️ 24/7 continuous security monitoring
  • 📜 Valid and updated SSL certificates
  • 🌐 Network segmentation and access control
  • 🛡️ DDoS prevention systems
  • 🔒 Tokenization of sensitive payment data

7.3. Organizational Measures

  • 👥 Role-based access control (RBAC)
  • 🎓 Mandatory information security training for staff
  • 📋 Documented internal privacy and security policies
  • ✍️ Confidentiality terms with all employees
  • 💾 Periodic backups and disaster recovery plan
  • 📊 Access log auditing
  • 🚨 Incident response procedures
  • 🔍 Periodic security reviews

7.4. Incident Management

In case of a security incident that may affect your data:

⚠️ Incident Response Procedure

  1. Immediate containment: We isolate the problem to prevent spread
  2. Impact assessment: We determine which data was affected
  3. ANPD notification: Within 2 business days (if applicable)
  4. User notification: We inform affected users immediately
  5. Remediation: We implement corrections and improvements
  6. Detailed report: We provide transparency about what happened

📧 Contact for incidents: [email protected]

7.5. Cybersecurity

🔄 Anticipate

We prevent threats before they occur, learning malicious and invasive techniques (Malware, Ransomware, Phishing, etc.).

🛡️ Prevent

We ensure regulatory compliance and protect privacy with digital security.

👁️ Detect

We quickly identify security incidents through integrated monitoring.

💬 Respond

We control and respond to security incidents, minimizing risks to users.

7.6. Security Limitations

⚠️ Important: Despite all efforts to ensure your privacy and protect your data, we cannot guarantee absolute security. Quero Automação may suffer from:

  • Malicious third-party actions
  • Unauthorized account entry or use
  • Hardware or software failure
  • Other factors that may compromise security

If you identify any security issues, contact us immediately: [email protected]

8. YOUR RIGHTS AS DATA SUBJECT

According to LGPD (Art. 18), you have the following rights regarding your personal data:

📌 How to Exercise Your Rights

👤 DPO: [email protected]

⚙️ Account Panel: Some actions can be done directly in settings

⏱️ Response Times:

  • Initial response: up to 15 calendar days
  • Service completion: up to 30 calendar days
  • Extensions will be communicated with justification

8.1. Right to Confirmation and Access

Art. 18, I and II of LGPD

You can request:

  • ✅ Confirmation about the existence of processing
  • ✅ Access to your personal data that we maintain
  • ✅ Copy of data in structured format (CSV, JSON, XML)

8.2. Right to Correction

Art. 18, III of LGPD

You can request correction of:

  • ✅ Incomplete data
  • ✅ Inaccurate data
  • ✅ Outdated data

Many corrections can be made directly in your account panel.

8.3. Right to Anonymization, Blocking, or Deletion

Art. 18, IV of LGPD

You can request:

  • ✅ Anonymization of unnecessary data (data will no longer identify you)
  • ✅ Blocking of excessive data (temporary suspension of processing)
  • ✅ Deletion of data processed in non-compliance

8.4. Right to Data Portability

Art. 18, V of LGPD

You can request portability of your data:

  • ✅ To another service provider
  • ✅ In structured and interoperable format (CSV, JSON, XML)
  • ✅ Upon express request

Subject to Quero Automação’s trade secrets.

8.5. Right to Deletion

Art. 18, VI of LGPD

You can request deletion of data:

  • ✅ Processed based on consent
  • ✅ When there is no longer a need to keep the data

⚠️ Attention:

  • Deletion may result in account termination
  • We cannot delete data when there is a legal obligation to maintain it
  • Some data may be kept in anonymized format

8.6. Right to Information About Sharing

Art. 18, VII of LGPD

You have the right to information about:

  • ✅ Entities with which we share your data
  • ✅ Purposes of sharing
  • ✅ Possibility to deny consent
  • ✅ Consequences of denial

8.7. Right to Information About Not Consenting

Art. 18, VIII of LGPD

You have the right to be informed about:

  • ✅ The possibility of not providing consent
  • ✅ The consequences of denial

Your consent must always be free and informed.

8.8. Right to Revoke Consent

Art. 18, IX of LGPD

You can revoke your consent at any time:

  • ✅ For marketing communications
  • ✅ For sharing with partners
  • ✅ For non-essential data collection

How to revoke:

Revocation does not affect the legality of processing performed previously.

8.9. Right to Opposition

Art. 18, § 2º of LGPD

You can object to processing:

  • ✅ When performed based on legitimate interest
  • ✅ When there is non-compliance with LGPD

8.10. Right to Review Automated Decisions

Art. 20 of LGPD

If we use automated decisions that affect your interests:

  • ✅ You can request review by a natural person
  • ✅ We will provide explanations about the criteria used
  • ✅ We will inform about the existence of automated processing

8.11. Right to Petition ANPD

Art. 18, § 1º of LGPD

You can also:

  • ✅ File a complaint with ANPD (National Data Protection Authority)
  • ✅ Website: www.gov.br/anpd
  • ✅ It is not necessary to exhaust administrative channels with us first

8.12. Free of Charge

✅ Exercising rights is FREE

Exceptions:

  • Manifestly unfounded or excessive requests
  • Repetitive requests in a short period

In these cases, we may charge a reasonable fee or refuse the request.

9. DATA PROTECTION OFFICER (DPO)

We have appointed a Data Protection Officer (DPO) as required by LGPD:

👤 Our DPO

Name: Juliana Lúcia da Silva

Email: [email protected]

Address: Rua Furnas, No. 98, Brooklin District, São Paulo/SP, ZIP Code 04562-050

9.1. DPO Responsibilities

Our Officer is responsible for:

  • ✅ Accepting complaints and communications from data subjects
  • ✅ Providing clarifications about data processing
  • ✅ Receiving communications from ANPD
  • ✅ Guiding employees and contractors on data protection practices
  • ✅ Acting as a communication channel between the company, data subjects, and ANPD
  • ✅ Coordinating LGPD compliance actions

9.2. When to Contact the DPO

You can contact our DPO to:

  • 📧 Exercise your rights as a data subject
  • ❓ Clarify doubts about this Policy
  • ⚠️ Report privacy concerns
  • 📝 File complaints
  • 🔍 Obtain information about data processing

10. COOKIE POLICY

10.1. What are Cookies

Cookies are small text files stored on your device when you access our website. They help us:

  • ✅ Remember your preferences
  • ✅ Improve your browsing experience
  • ✅ Understand how you use our services
  • ✅ Provide personalized features

10.2. Types of Cookies We Use

🔧 Essential Cookies (Always Active)

Purpose: Necessary for basic website functionality

Examples:

  • Authentication and session security
  • Language preferences
  • Shopping cart items

⚠️ Cannot be disabled as they are essential for website operation.

📊 Performance Cookies

Purpose: Collect information about how you use the website

Examples:

  • Google Analytics – traffic analysis
  • Hotjar – heat maps and recordings
  • Most visited pages
  • Time spent

Data: Aggregated and anonymous

⚙️ Functionality Cookies

Purpose: Remember your choices and preferences

Examples:

  • Dashboard settings
  • Display preferences
  • Saved cities

📢 Marketing Cookies (Require Consent)

Purpose: Track browsing for targeted advertising

Examples:

  • Google Ads – remarketing
  • Facebook Pixel – personalized ads
  • Conversion tracking

⚠️ You can refuse these cookies

10.3. Third-Party Cookies

We use cookies from trusted partners:

  • Google Analytics: Website usage analysis
  • Google Ads: Advertising
  • Facebook Pixel: Advertising and remarketing
  • Hotjar: Behavior analysis
  • Mercado Pago/PagSeguro: Payment processing

10.4. How to Manage Cookies

You can control cookies in several ways:

🌐 Consent Banner

On your first visit to the site, you can accept or refuse non-essential cookies.

⚙️ Account Settings

Manage cookie preferences in the settings panel.

💻 Browser Settings

You can configure your browser to block or alert you about cookies:

  • Google Chrome: Instructions
  • Mozilla Firefox: Instructions
  • Microsoft Edge: Instructions
  • Safari: Instructions

⚠️ Attention: Disabling some cookies may affect platform functionality, such as:

  • Keeping you logged in
  • Remembering cart items
  • Saving preferences

10.5. Cookie Expiration Period

  • Session cookies: Expire when closing the browser
  • Persistent cookies: Vary from 30 days to 2 years
  • You can clear cookies at any time in browser settings

11. DATA OF MINORS

11.1. General Policy

⚠️ IMPORTANT: Our platform is not directed at minors under 18 years of age. We do not intentionally collect data from children or adolescents without consent from parents or legal guardians.

11.2. Specific Cases

When minors are monitored through the platform (e.g., presence sensors):

  • ✅ The user (parent/guardian) acts as the Controller
  • ✅ Specific consent is required according to Art. 14 of LGPD
  • ✅ Consent must be given by at least one parent or legal guardian
  • ✅ For collecting data from children (under 12 years old), consent must be highlighted

11.3. Special Rights

Parents or guardians may:

  • ✅ Access minor’s data
  • ✅ Request data correction
  • ✅ Request data deletion
  • ✅ Revoke consent at any time

11.4. If We Discover Improper Collection

If we become aware that we collected data from minors without proper consent:

  • ✅ We will delete the data immediately
  • ✅ We will notify guardians
  • ✅ We will take measures to prevent future occurrences

12. WE COUNT ON YOU – SHARED RESPONSIBILITY

The security of your data is a shared responsibility. You also play an important role in protecting your information:

🔐 Security Best Practices

💻 Use Secure Devices

  • ✅ Use a trustworthy computer
  • ✅ Make backups regularly
  • ✅ Keep antivirus programs updated
  • ✅ Install operating system updates

🔑 Create Strong Passwords

  • ✅ Use passwords with more than 8 characters
  • ✅ Combine uppercase and lowercase letters
  • ✅ Include numbers and special characters
  • ✅ Use two-factor authentication whenever possible
  • ✅ Change your passwords regularly, especially if you suspect compromise

🔒 Keep Credentials Secure

  • ✅ Your login and password are personal and non-transferable
  • ✅ Never share your credentials
  • ✅ You are responsible for keeping them secure
  • ✅ Use a trusted password manager

🌐 Browse Safely

  • ✅ Do not access your account on unprotected public networks
  • ✅ Always log out when using shared computers
  • ✅ Verify that the website starts with https://
  • ✅ Beware of suspicious emails and messages

⚠️ Report Suspicious Activities

  • ✅ If you notice anything strange in your account, contact us immediately
  • ✅ If you suspect your password has been compromised, change it immediately
  • ✅ Report phishing or fraud attempts

📧 In case of suspected compromise: [email protected]

13. CHANGES TO THIS POLICY

13.1. Right to Modify

We may modify this Privacy Policy at any time to:

  • ✅ Reflect changes in our practices
  • ✅ Meet new legal requirements
  • ✅ Improve our services
  • ✅ Incorporate new features

13.2. Change Notification

When there are relevant changes:

  • ✅ You may be notified by email
  • ✅ A notice may be displayed on the platform
  • ✅ You will have access to the full text of the new version

13.3. Significant Changes

For substantial changes requiring new consent:

  • ✅ We will request your explicit consent
  • ✅ You may choose not to accept
  • ✅ If you do not accept, you may close your account

13.4. Your Right to Cancellation

If you do not agree with the changes:

  • ✅ You can cancel your account at any time
  • ✅ Send an email to: [email protected]
  • ✅ Your data will be handled according to the previous policy until deletion

13.5. Version History

We maintain a history of previous versions of this Policy available upon request.

14. CONTACT

For privacy and data protection questions:

👤 DATA PROTECTION OFFICER (DPO)

Name: Juliana Lucia da Silva

Email: [email protected]

💬 GENERAL SUPPORT

Email: [email protected]

WhatsApp: (11) 99973-9640

Hours: Monday to Friday, 9am to 5pm

🏢 ADDRESS

QUERO AUTOMAÇÃO TECNOLOGIA DA INFORMAÇÃO LTDA.

Rua Furnas, No. 98

Brooklin District

São Paulo/SP – ZIP Code 04562-050

Tax ID (CNPJ): 32.460.281/0001-51

🌐 DIGITAL CHANNELS

Website: queroautomacao.com.br

Brazil Store: store.queroautomacao.com.br

International Store: queroautomacao.com

🏛️ NATIONAL DATA PROTECTION AUTHORITY (ANPD)

You can also contact ANPD to exercise your rights or file complaints:

Website: www.gov.br/anpd

Email: [email protected]

COMMITMENT STATEMENT

Quero Automação is committed to handling your personal data with transparency, security, and in compliance with applicable legislation. We are available to clarify any questions about our privacy practices.

Thank you for trusting our services.

Quero Automação Team

Last updated: October 30, 2025
Version: 3.0

Contact to Listing Owner

Captcha Code