Compliance with the LGPD.

We process personal data based on the LGPD principles: purpose, adequacy, necessity, free access, data quality, transparency, security, prevention, non-discrimination and accountability.

Processing only takes place under one of the hypotheses provided in art. 7 of the LGPD: consent, compliance with legal obligation, contract execution, regular exercise of rights, or legitimate interest, as applicable.

In projects where we process third-party data (the client's clients, for example), we act as the Operator. The Controller is the contracting client, who defines the processing purposes.

We apply appropriate technical measures: encryption, role-based access, audit logging, retention policy and secure data disposal.

• Restricted access by user profile and hierarchical level
• Audit logging of every relevant action
• Data encryption in transit (TLS) and at rest
• Retention policy configurable per data type
• Export and deletion mechanisms upon data subject request
• Explicit opt-in for marketing communications
• Data flow documentation (Data Mapping)

The data subject can exercise their rights under art. 18 of the LGPD by contacting suporte@jcrave.tech. We respond within 15 business days.

For data protection matters, the official channel is suporte@jcrave.tech.

In case of an incident involving personal data, we notify the Brazilian National Data Protection Authority (ANPD) and affected data subjects within a reasonable timeframe, as required by the LGPD. The channel for responsible vulnerability disclosure is suporte@jcrave.tech.

See also the Privacy Policy and the Terms of Use.