We dedicate our best efforts to ensure our platform (“Platform”) is designed to offer personalized and continuous emotional support, using advanced artificial intelligence to create an empathetic, welcoming, and safe experience.
To improve our Platform and provide our services, PsycoAI processes personal data. Recognizing the importance of your privacy, we have developed this Policy so that you, our User (and the general public), understand: (i) how we process personal data; (ii) the security measures we apply to keep your data protected and secure; (iii) your rights under the General Data Protection Law (LGPD); and (iv) the contact channel for exercising these rights.
The use of the Platform is not intended for children and adolescents. Therefore, do not register or use the Platform if you are not 18 years old.
Key Definitions:
Many of the terms used in the Privacy Policy (“Policy”) are provided for in Law No. 13.709/2018, known as the General Data Protection Law (“LGPD”). To facilitate your understanding, we present the main terms used in this glossary. When reading the terms described below, whether in uppercase or lowercase, plural or singular, with or without bold, they should be interpreted as follows:
Personal Data: Information that identifies a natural person (i.e., a physical person), directly - such as name or CPF number - or indirectly - such as address or financial data;
Sensitive Personal Data: Information about racial or ethnic origin, religious belief, political opinion, membership of a union or organization of a religious, philosophical, or political nature, data regarding health or sexual life, genetic or biometric data when linked to a natural person;
Database: A structured set of data, including personal data, established in one or multiple locations, in electronic or physical media;
Data Subject: A natural person to whom the personal data being processed refers;
Controller: A natural or legal person, public or private, responsible for decisions regarding the processing of personal data. In this case, the Controller of the Personal Data entered into the Platform will be the Licensee of the Platform;
Operator: A natural or legal person, public or private, that processes personal data on behalf of the Controller. In this case, PsycoAI acts as an Operator regarding the personal data entered by its Users on the Platform;
Processing: Any operation performed on personal data, such as collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, elimination, evaluation or control of information, modification, communication, transfer, dissemination, or extraction;
Legal Bases: The legal grounds that legitimize or allow the processing of personal data.
If you want to learn more about the General Data Protection Law, you can access it by clicking here. If you have any questions about a concept in this Policy and would like to learn more, you can contact us to clarify any questions through the contact provided in the summary table.
General Terms
General. PsycoAI (PSYCOAI TECNOLOGIA LTDA.), a legal entity registered under CNPJ/MF No. 55.078.022/0001-66, headquartered at Avenida Paulista, No. 1106, Room 1, 16th floor, Bela Vista, São Paulo/SP, ZIP Code: 01.310-914, considers the use of personal data to be a matter of utmost importance and seriousness. For this reason, this Policy was created to communicate practices related to the processing of personal data, especially regarding the collection, use, and processing of information provided by Users through the Platform.
Authorization for Processing. By using PsycoAI's Platform, the User authorizes the processing of personal data and agrees to be bound to the PsycoAI Platform. If you do not accept the practices and policies described in this particular document, you will not be able to use the Platform.
Regulation. PsycoAI operates in accordance with Brazilian law, including and especially the provisions of Law No. 12.965/2014 (“Civil Rights Framework for the Internet”), Law No. 13.709/2018, and other applicable regulations.
Contact. In case of doubts or suggestions about the Platform's Privacy Policy, the User may contact the data protection officer, Mr. Vinícius de Oliveira Reis (“DPO”), via email at dpo@psyco.ai
Information Control. This Policy describes which personal data can be processed from Users while using the Platform's services, how such information may be used, and the precautions taken to prevent unauthorized access or use of such information.
Processed Personal Data
Processing of User Personal Data. PsycoAI may process the following information and/or personal data of Users:
Platform User:
Full name;
Valid email address;
Phone number;
Date of birth; and
Gender.
Corporate Client User (Administrator):
Full name;
Valid email address;
Phone number; and
Company they work for, industry, and company size.
Other Processed Data. PsycoAI may also collect, store, and use the following information:
Database record of any files or information uploaded by Users on the Site;
Details of access to the Site and the resources accessed by the User;
Access device information, including, for example, hardware model, operating system and version, file names and versions, preferred language, unique device identifier, advertising identifiers, serial number, motion-related device information, and network information;
Server log information that may include details such as the device's IP address;
Browser click tracking, navigation data, statistical, demographic, among others; and
Interaction mapping with the Site, such as usage time, accessed environments, and chosen options.
How PsycoAI Uses Processed Data
Use. By agreeing to this Policy, Users consent that PsycoAI may process the data collected by the Platform for the purpose of:
Identifying and registering Users on the Platform and providing services to Users;
Ensuring that Platform content is presented in the most efficient manner to tailor the User experience, offering more relevant and effective support;
Ensuring that user accounts are secure and that data access is restricted to the respective User;
Helping to make general improvements to the Platform;
Processing collected data to identify patterns, improve AI algorithms, and enhance service quality;
Ensuring that the Platform complies with all applicable data protection regulations and standards;
Contacting and notifying Users about changes to the Platform or its policies and terms of use when necessary;
Sending newsletters and informational emails.
Purpose of Data Processing. Personal data processed by PsycoAI is categorized into the following purposes and legal bases:
PROCESSED DATA
PURPOSE
LEGAL BASIS
Full name;
Valid email address;
Phone number;
Date of birth; and
Gender.
Authentication, identification, and personalization of the User experience on the Platform. This personal data is used to verify identity, generate profile preferences, and finalize the contract.
Contract execution
(Art. 7, V, LGPD)
Email
Communication and marketing actions.
This personal data is used for contact and enabling the contracted service.
Consent for marketing actions and contract execution for communication
(Art. 7, I, V, LGPD)
Phone
Communication and additional authentication.
Consent or Contract Execution
(Art. 7, I and V, LGPD)
Date of Birth
Personalized service and user segmentation.
Consent or Contract Execution
(Art. 7, I and V, LGPD)
Gender
Personalized service and data analysis.
Consent or Contract Execution
(Art. 7, I and V, LGPD)
Company, industry, and company size
Identification and personalization of services for Corporate Users (Administrators), as well as market analysis promotion.
Contract Execution
(Art. 7, V, LGPD)
Data Operator. Regarding personal data of Users entered by them into the Platform under the designation of the Corporate Client User (Administrator), it is important to highlight that PsycoAI acts as a data operator. This means PsycoAI does not determine the purposes or goals of processing this data. Responsibility for this decision lies entirely with the Corporate Client, who is the Controller of the Users' personal data on the Platform.
Limitation of Responsibility. As a data operator, PsycoAI is committed to protecting the security and privacy of the personal data it processes. Technical and organizational measures are implemented to prevent unauthorized access, disclosure, alteration, or destruction of personal data. However, it is crucial for the Data Controller to assume responsibility for defining the purposes and legal bases for processing this data in compliance with applicable laws.
Data Statistics. PsycoAI may use information collected from Users to generate statistics aimed at continuously improving the services offered, ensuring functionalities and offerings effectively meet Users' needs.
AI Interaction Data. Data collected from interactions with AI agents will be used to analyze behavior patterns, enhance the overall User experience on the Platform, and allow for personalized action plans and emotional support tailored to Users' profiles and needs. Lastly, the statistics will ensure the efficiency and effectiveness of AI agents, improving their responsiveness and interaction capabilities.
Data Anonymization. All information collected for the formulation of statistics, analyses, or studies will undergo an anonymization process. This means any identifiable personal data will be removed or altered so Users cannot be directly or indirectly identified. PsycoAI is committed to using technologies and practices that ensure the irreversibility of the anonymization process, guaranteeing that anonymized data cannot be reverted to reveal Users' identities.
Sharing of Processed Personal Data
Data Sharing. PsycoAI does not disclose to third parties any personal data provided by Users through the PsycoAI Platform, except:
Cases where PsycoAI is required to disclose or share processed personal data to comply with a court order or for fraud prevention or other crimes, as well as in response to information requests presented by competent authorities, if it is deemed that the disclosure complies with or is required by applicable laws, regulations, or legal procedures;
To protect the rights, property, or safety of PsycoAI and the Platform;
With law enforcement and/or government authorities, if actions are deemed inconsistent with our terms of use or to protect the rights, property, or safety of PsycoAI, its Users, or others;
By the User's own action;
In cases of partial or total sale of the business or its assets, or as part of any business reorganization, merger, spinoff, or incorporation, PsycoAI may share Users' information with third parties involved in the respective businesses, taking necessary measures to ensure privacy rights continue to be protected under this Policy.
Service Providers. PsycoAI also shares personal data with third-party business partners to enable Platform functionalities, as well as to store and back up information (e.g., data stored in the cloud on utilized servers).
These providers, under LGPD, act as operators or sub-operators of personal data and are required to process personal data in accordance with the purposes outlined in this Policy. In other words, partners are not allowed to use personal data in any manner other than those stated here.
When establishing partnerships, PsycoAI carefully evaluates business partners to ensure they adhere to security standards deemed appropriate for processing information. Additionally, wherever possible, PsycoAI establishes specific contractual clauses to protect the confidentiality of your personal data.
Cookies
5.1 What Cookies Are. A cookie is a piece of information stored locally on your computer or device, containing information about your activities on the Internet.
5.2 Cookies Used. PsycoAI uses cookies to enhance the User's experience on its Platform, enabling device recognition and ensuring proper functionality. Below, we detail the types of cookies used and their purposes:
Performance Cookies: This type of cookie collects anonymous information about how Users interact with the Platform to optimize it. The information collected by these cookies never includes personal details from which you can be identified.
Functional Cookies: These cookies are intended to keep the User's session active during navigation, ensuring they remain logged in and their interactions are continuous.
Preference Cookies: These allow the Platform to remember User preferences such as language settings and regional preferences.
Statistical Cookies: These collect information about how Users interact with the Platform, helping improve services and site usability. These cookies help differentiate Users and gather statistical data about site usage.
Necessary/Security Cookies: These are essential for the proper functioning of the site. They ensure basic functionalities and site security features anonymously.
5.3 Access to Cookies. Access to cookies ends as soon as you close your browser. Users are given the option to accept or decline cookies.
5.4 Consent for Cookie Use. Your acceptance is required before starting the session for cookies to be utilized.
5.5 Option Without Cookies. The user may choose to decline cookie usage. If the User opts not to accept them, access to most of the Platform's information will not be compromised. However, the User may not be able to fully utilize the services offered.
Access and Rights
Access and Rectification of Personal Data. The User has the right to access their personal data processed by PsycoAI, as determined by LGPD, by contacting the DPO via email at dpo@psyco.ai. The request will be responded to during business hours, Monday to Friday, from 8 AM to 8 PM, within 15 (fifteen) days, and may be sent via email or letter, as provided for in Article 9 of LGPD, to ensure the following rights:
Access to Data: The data subject has the right to obtain from the controller, upon request, access to the data being processed.
Anonymization, Blocking, or Deletion: The data subject has the right to have their personal data anonymized, blocked, or deleted when unnecessary, excessive, or processed in noncompliance.
Confirmation of Processing: The data subject has the right to obtain confirmation from the controller regarding the processing of their personal data at any time, upon request.
Correction: The data subject has the right to obtain corrections to incomplete, inaccurate, or outdated data from the controller, upon request.
Information on Sharing: The data subject has the right to be informed about which public or private entities the controller has shared their data with.
Objection: The data subject may object to the processing carried out in cases of noncompliance with LGPD.
Petition Against the Controller, ANPD, or Consumer Protection Agency: The data subject has the right to petition (administratively request) their data against the controller to the national authority.
Portability: The data subject has the right to the portability of their personal data to another service or product provider, according to the national authority's regulations (ANPD), while respecting business confidentiality.
Review of Automated Decisions: The data subject has the right to request a review of decisions made solely based on automated processing that affects their interests as the data subject.
Revocation of Consent: The data subject has the right to revoke their consent at any time through express manifestation, via a free and facilitated procedure.
Exception to Deletion Requests. The User has the right to request the deletion of their personal data stored on the Platform at any time, except in cases where there is a legal obligation or court order to retain the data, according to Articles 18, VI and 16, I, of LGPD.
Incorrect Information. It is the User's responsibility to keep their information updated. In the case of inaccuracies, PsycoAI may update or delete such information, except in cases where maintenance is necessary for legitimate commercial or legal purposes.
Necessary Protection Measures. PsycoAI takes the necessary security measures to protect Users' personal data against loss, misuse, unauthorized access, disclosure, alteration, or destruction.
Password Protection. Users are equally responsible for taking appropriate measures to protect their passwords, usernames, and other special access features to their personal account on the Platform.
Notification of Privacy Policy Changes
Changes to the Privacy Policy. PsycoAI may modify this Policy periodically. The use of processed information is subject to the Privacy Policy in effect. If PsycoAI makes changes in how it processes personal data, it will notify Users by sending an email.
Tacit Acceptance. Minor adjustments to this Policy may occur without significantly affecting how PsycoAI processes personal data, so such changes may not require notification.
Communication
Sending Communications. By registering, Users agree that PsycoAI may send notifications, advertisements, updates about services, and important information about Platform usage requiring their attention.
Opt-Out Option. When receiving an email on behalf of PsycoAI, Users will have the option to stop receiving them by using the opt-out option or requesting it via email.
Anti-Spam Policy. The Platform takes necessary precautions to prevent unsolicited emails.
Confidentiality. The highest level of confidentiality is ensured in handling data such as email lists during PsycoAI's regular administration tasks.
Data Retention and Storage
Retention and Storage. LGPD does not specify a retention period for personal data. However, it mandates that storage be conducted within a reasonable timeframe. PsycoAI will store Users' data for as long as their account remains active.
Retention Period. Personal data storage is conducted for an adequate period based on applicable Brazilian legislation, as follows:
6 (six) months for Platform activity records, as provided for in Article 15 of the Civil Rights Framework for the Internet;
5 (five) years for information related to personal data processing, as this is the period within which PsycoAI may be audited or legally challenged.
In cases where retention is required, the data subject will be informed of the inability to delete their data if requested, and such data will not be used for purposes other than those specified in this topic.
Preserved Data. Retention includes personal registration and usage data, as well as records of interactions and related information, which we retain for 6 (six) years starting from (i) the cancellation of the User's account; or (ii) the provision of personal data by the data subject (when not a Platform User) in contact forms or similar.
Important Reminder. In cases of administrative or legal proceedings, regulatory activities, or ongoing audits, PsycoAI may extend the retention period until the applicable termination.
Security in Personal Data Processing
Storage. Users' personal data and all Platform information are securely stored and transmitted. Only PsycoAI-authorized employees may access personal information, and they are strictly subject to confidentiality duties and full respect for privacy under the terms of this Policy.
Information Security. Personal data is transmitted and stored on Microsoft Azure – Brazil servers, while anonymized data may be stored in Microsoft Azure – United States data centers. All interactions carried out on the Platform, including those related to information sharing with public bodies, are encrypted, subject to data backups, monitoring tools, security policies, and access controls for employees, utilizing updated security software.
International Processing. Since your data must be stored in locations compliant with Brazilian legislation (see Article 33 of LGPD), PsycoAI informs and guarantees that the international server used meets the requirements set out in the aforementioned legal provision.
Notification. If PsycoAI becomes aware of any security breaches involving its own infrastructure or the hosting companies it uses, including intrusions, data leaks, or any other information security incidents, it will notify competent authorities and affected Users about the breach and provide maximum details regarding the nature, extent of the violation, and compromised data within a reasonable time frame, as outlined in Article 48, § 1º, of LGPD.
Our Official Support Channels
Doubts or Suggestions. In case of questions or suggestions about the Privacy Policy or any other information related to the document, Users may request support via email at dpo@psyco.ai.
Support Hours. Support is available Monday to Friday, from 9:00 AM to 6:00 PM (GMT-3). Our goal is not only to resolve potential problems quickly and efficiently but also to seek amicable solutions.
General Provisions
User Responsibility. Users are responsible for indemnifying PsycoAI for all costs and damages it may incur as a result of the User's violation of this Privacy Policy.
Cooperation with Authorities. PsycoAI fully cooperates with any authorities or courts requesting the disclosure of identity or location of any individual who inserted any material into the Platform that violates the provisions outlined in this Policy.
Applicable Law and Jurisdiction. This Privacy Policy is governed by Brazilian law, with the jurisdiction of the Rio de Janeiro district court defined as competent for resolving any disputes arising from it, without prejudice to any other, however privileged it may be. Priority will always be given to attempts at resolution through conciliation or mediation.
Limitation of Liability. This Privacy Policy addresses only the processing of personal data provided to the Platform. If the User discloses their information to third-party websites, different rules may apply to the use of such information.