Credify Privacy Policy

This Data Privacy Policy ("PPD") regulates the use, of any nature and/or form, of information that Credify captures, receives or processes, directly or indirectly, from its customers or the public internet environment. It explains, in a clear and accessible way, how your information and/or data is collected, used, shared and stored by us in our day-to-day operations. The PPD is divided into two sections, one that deals with information provided by third parties directly to Credify (through contact forms, event registrations, and other similar situations), and another that deals with information captured by Credify from the public internet environment. The terms defined in this PPD establish Credify's commitment to your privacy, as well as your rights with respect to the data processed by Credify about you. In addition to this PPD, it is important that you are familiar with other applicable rules and regulatory frameworks, such as Law No. 12,965/2014 ("Marco Civil da Internet") and Law No. 13,709/2018 ("General Data Protection Law ).We reserve the right to change, add or remove any elements of this PPD at any time, without the need for prior notice or consent from third parties. It is the obligation of interested parties to monitor this policy to verify any changes that may occur, and. contact us if you do not agree with them. Any person or company that exchanges information with Credify or that uses any products or services made available by Credify to the market is expressly agreeing to this PPD. must be interpreted in accordance with the laws of the Federative Republic of Brazil, and the Forum of the District of Rio de Janeiro, state of Rio de Janeiro, is elected as the competent one to resolve any issues that may arise from this document, with express waiver of any another, however privileged he may be.1. Data Shared with Credify


1.1. What data is shared with Credify? In the registration form on our website, or in the terms of subscription to our services, our customers are obliged to share registration information with us, such as CNPJ, company name, business name, and contact information, such as company address, telephone number and email address of the person responsible for the contract, among others. Alternatively, a user can fill out the form to receive our newsletter, in which they must provide their name and a contact email address, or We can still receive a CV from an individual for registration in our CV database, or as an application for a job vacancy. Our clients also share information with us when they make calls to our APIs. This shared information is the query keys for calls, and are fundamental to the functioning of the products. The exact set of information shared varies in each case, according to how the forms were filled out or the type of consultation being carried out, and can be broader or more restricted.1.2. What do we do with this data? It depends on the form filled out or the process in which we receive the information. For information that was filled out in the company's commercial contact form, the data is used so that our salespeople or our marketing team can get in touch to provide more information about products and services. We also carry out a data enrichment process to, based on the name of the company that is filled in the form, search for information such as the CNPJ and the company's registration address, with the aim of simplifying Credify's internal operational processes. newsletter is only used to send a communication email, every month, containing information about Credify and the market in which we operate. The information we receive regarding HR processes, such as the CV for registration in our CV database or for any vacancy for which we are hiring, are used only for internal HR processes, and accessed only by this team. Information shared through the use of our products, that is, in calls to our APIs, is used only for purposes log and system audit, and is only accessed by Credify's technical support team or by the customer who carried out the query.1.3. How is this data stored? All information shared with Credify is stored following the best Information Security practices on the market. We apply end-to-end encryption of information, from its entry into our systems to storage environments (data at rest), using market cryptographic standards. The data is also kept encrypted during any and all movements that occur within our platform. We use third-party cloud computing services to host and store the information shared with us. We are not responsible, therefore, for any possible security problem with any of these services that may cause the exposure of encrypted information, and no compensation will be due to the originator of the information if a situation of this type occurs.1.4. How does information security work?On the technical side, we work with end-to-end encryption throughout the processing of information, from the moment it is shared with us, through HTTPS communication in forms, emails and in our APIs, until the your storage, keeping encrypted data at rest. We use the best technologies available on the market for encryption and data storage. On the procedural side, internal access to data is authorized only to the Credify group that really needs access to the information. In the case of commercial information, only the commercial and marketing team; in the case of CVs, only the HR team, and so on. All Credify employees work under strict obligations of secrecy and confidentiality of information.1.5. Is this information shared? With whom? For what?None of the information shared with Credify is passed on or shared with third parties, for any reason or purpose, unless expressly requested by the originator of the information.1.6. How do I remove my information? If you filled out our contact form but did not continue with the commercial process for any reason, simply send an email to atendimento@credify.com.br asking for the removal of your data, and they will they will be deleted from our CRM and any other system where they are present. If you followed the commercial process and signed our service agreement, becoming a customer, the first thing you need to do is request the termination of your contract. Attention: Once you request cancellation, you will no longer be able to use any of Credify's services. You then need to pay any amount you owe for the services used. Finally, if there is no longer any pending issue, you can send an email to atendimento@credify.com.br requesting the removal of your data. For the specific case of log records of queries or calls made by customers to Credify's APIs, data cannot be removed due to regulatory requirements that exceed current privacy legislation.

2. Data Captured by Credify


2.1. What data is captured by Credify? We capture all types of information about people, companies, products, news and dozens of other types of entities from public sources, in particular from websites and pages openly available on the internet. This includes registration information (names of people and companies), contact data (addresses, telephone numbers and emails), and other types of available information.2.2. How and where is this data captured? All the information we capture has a demonstrably public origin, that is, it is information captured from the public environment of the internet: from some page that anyone can access unrestrictedly and without the need for any type of authentication or login. Along with the extracted information, we internally store the HTML code of the pages visited, which allows us to check exactly where each piece of information we have originated from. Furthermore, when we capture information on any website, we record a signature in the access log of that website that indicates who we are and what we do with the information. With this, we operate a completely transparent data capture process. Our information capture process visits more than 1.5 billion websites spread across the world every week. These sites include government sites (in Brazil and other countries), company sites, marketplaces, and any and all sites that are publicly available and accessible on the internet. If you have any doubts about the origin of any specific information, you can contact us via email contato@credify.com.br.2.3. How is this data stored? All information captured by Credify is stored following the best Information Security practices on the market. We apply end-to-end encryption of information, from its entry into our systems to storage environments (data at rest), using market cryptographic standards. The data is also kept encrypted during any and all movements that occur within our platform. We use third-party cloud computing services to host and store the captured information, and derived data that is built on top of this information. . We are not responsible, therefore, for any possible security problem with any of these services that may cause the exposure of encrypted information, and no compensation will be due to the originator of the information if a situation of this type occurs.2.4. How does information security work?On the technical side, we work with end-to-end encryption throughout the processing of information, from the moment it is shared with us, through HTTPS communication in forms, emails and in our APIs, until storage, keeping the data encrypted at rest. We use the best technologies available on the market for encryption and data storage. On the procedural side, internal access to data is only authorized by the Credify group that really needs access to the information. For the information we capture, only the company's internal technical teams have access to the data.2.5. Is this information shared? With whom? For what? Yes. We sell public information, and derived data that we build on top of this information, to our clients, within the terms of applicable laws and regulatory frameworks, in particular Law No. 13,709/2018 ("General Data Protection Law), as per o Chapter II, Section II, Article 11, Section II, paragraph g, and Chapter II, Section I, Article 7, Paragraphs 3, 4 and 7.2.7. Can I ask to correct my information? , in any identity validation or data confirmation process, that the information available about you is incorrect, you can contact us via email contato@credify.com.br and request its correction or adjustment.Attention : If you request correction or adjustment of your data, you are automatically granting us your consent to share and sell the new data provided, in an unrestricted and unlimited manner. 2.8. How do I remove my information? To request the removal of my information. your information from our systems, contact us via email contato@credify.com.br. In order for the data to be removed, it will be necessary to carry out a process to validate your identity, to ensure that someone else is not impersonating you in this request. It is also important that you contact the original sources of the information we captured, to that your data is removed from them, and not just from our system. Otherwise, within a few days we will capture your information again from these sources, and it will return to our system, regardless of your request. For regulatory reasons that exceed current privacy laws, some information cannot be removed. If you request the removal of any information in this situation, we will let you know when you contact us.

2.9. I own a website and I don't want it to be captured anymore. How do I do it?You have two ways to prevent our capture process from visiting and taking information from your website:• a. Create (or change, if you already have) a robots.txt file (http://www.robotstxt.org/), including the instruction lines to block our capture process:User-agent: credifybotDisallow: /• b . Contact us via email contato@credify.com.br requesting the removal of your website from our capture list