← voltar à home

Privacy Policy

Última atualização: April 28, 2026

This Policy describes how Publitik collects, uses, shares and protects your personal data, in compliance with the Brazilian General Data Protection Law (LGPD — Law 13,709/2018), the Brazilian Civil Rights Framework for the Internet and other applicable legislation.

1. Who the controller is

The data controller is BMS Consultoria, Serviços e Comércio Ltda., Brazilian CNPJ 46.370.980/0001-15, based at Av. das Américas, 3,500 — Block 5, Suite 615, Barra da Tijuca, Rio de Janeiro/RJ, ZIP 22.640-102, Brazil, operator of the Publitik platform.

2. Data Protection Officer (DPO)

To exercise your LGPD rights or ask questions about data processing, contact our Data Protection Officer at help@publitik.com.

3. What data we collect

3.1 Data you provide

  • Sign-up: name, work email, role/title (optional), company (optional).
  • Payment: credit card data processed directly by Stripe — we do not store full card numbers on our servers.
  • Billing: tax ID (CPF or CNPJ), legal name, billing address — for invoice issuance.
  • Personalization: niche, preferred sources, configured alerts — used to calibrate your dashboard feed.
  • Support: content of messages exchanged with our team.

3.2 Data collected automatically

  • Access logs: IP address, date and time, pages visited, browser and operating system — required by Brazil's Civil Rights Framework for the Internet (art. 15) and retained for 6 months.
  • Cookies and similar technologies: detailed in section 8.
  • Usage metrics: applied filters, most-consulted sources, time in dashboard — used for product improvement, in aggregated and anonymized form.

4. What we use your data for

We process your personal data exclusively for the purposes below:

  • Contract performance: create and maintain your account, process payments, deliver the contracted service, send operational communications (billing, configured alerts, service changes).
  • User support: answer questions, resolve incidents, provide support.
  • Product improvement: understand usage patterns, calibrate feed relevance, identify bugs and improvement opportunities — whenever possible, in aggregated/anonymized form.
  • Security and fraud prevention: detect misuse, credential abuse, suspicious access, under the controller's legitimate interest and user protection.
  • Compliance with legal and regulatory obligations: tax invoicing, responding to competent authorities upon formal request.
  • Marketing communications: sending editorial newsletter and product updates — only with your consent, with opt-out in every email.

5. Legal bases

Processing is grounded in the following hypotheses of art. 7 of the LGPD:

  • Contract performance (art. 7, V) — to deliver the contracted service.
  • Compliance with legal/regulatory obligation (art. 7, II) — for tax invoicing and log retention.
  • Legitimate interest (art. 7, IX) — for security, fraud prevention and product improvement, always balanced against your rights.
  • Consent (art. 7, I) — for marketing communications and non-essential cookies.

6. Who we share with

We share data strictly as necessary, with operators acting under our instructions and an adequate data protection agreement:

  • Stripe Brasil Instituição de Pagamento Ltda. — payment processing and card storage. Stripe Policy.
  • Resend (Resend, Inc.) — transactional email delivery (magic link, alerts, invoices).
  • Cloud infrastructure provider — application and database hosting in datacenters located in Brazil or the United States.
  • AI provider (Anthropic, OpenAI, Google) — classification, summarization and translation processing. We do not send identifiable personal data to these providers — only public content from editorial sources.
  • Public authorities — only upon court order or formal request from a competent authority.

We never sell personal data. We never share it with third parties for marketing purposes outside the scope of Publitik.

7. International transfer

Some operators are based outside Brazil (Stripe, Resend, AI providers, infrastructure). In those cases, we ensure that international transfer follows the requirements of art. 33 of the LGPD, via standard contractual clauses and/or countries with adequate protection level.

8. Cookies

We use the following types of cookies:

  • Essential: authentication, session, security. Cannot be disabled.
  • Analytics: Plausible Analytics — aggregated metrics, no identifiable personal data collection, no cross-site tracking.

We do not use third-party cookies for behavioral advertising. You can block cookies in your browser, but this may affect dashboard functionality.

9. Retention periods

  • Active account: for the duration of the contract.
  • After cancellation: sign-up data retained for 5 years (civil statute of limitations) for defense in possible litigation. After that period, anonymized or deleted.
  • Access logs: 6 months (Civil Rights Framework for the Internet, art. 15).
  • Tax data: 5 years (tax legislation).
  • Backups: cycle of up to 90 days.

10. Your rights as data subject

Pursuant to art. 18 of the LGPD, you have the right to:

  • Confirmation that processing exists.
  • Access to the data we hold about you.
  • Correction of incomplete, inaccurate or outdated data.
  • Anonymization, blocking or deletion of unnecessary, excessive or non-compliantly processed data.
  • Portability of your data to another provider.
  • Deletion of data processed based on consent, except where there is another applicable legal basis.
  • Information about who we share your data with.
  • Information about the possibility of not consenting and the consequences.
  • Withdrawal of consent.

To exercise any right, write to help@publitik.com. We respond within 15 days.

11. Security

We adopt appropriate technical and organizational measures to protect your data, including: encryption in transit (TLS), encryption at rest for sensitive data, role-based access control, magic-link authentication (no stored passwords), audit logs, encrypted backups and security testing routines.

In case of a security incident that may pose relevant risk or damage to you, we will notify the Brazilian Data Protection Authority (ANPD) and affected subjects within a reasonable timeframe, as required by art. 48 of the LGPD.

12. Children and adolescents

Publitik is not intended for users under 18. We do not knowingly collect data from minors. If you identify a minor's sign-up, please write to help@publitik.com so we can take action.

13. Updates to this Policy

We may update this Policy periodically. Material changes will be communicated by email at least 15 days in advance. The current version is always available at publitik.com.br/en/privacidade with the last update date.

14. Contact

Data Protection Officer (DPO): help@publitik.com
Complaints may also be addressed to the Brazilian Data Protection Authority (ANPD) at gov.br/anpd.