Privacy Policy

Naipe Sync Solutions LTDA, headquartered in São Paulo/SP, Brazil. Contact: eddie.dias@nsync.com.br.

When we process personal data on behalf of clients (delivered projects), we act as a processor — the client remains the controller. This policy only covers the processing we do as controller, on our own channels.

Data you voluntarily submit through the contact form: name, email, company (optional), estimated budget (optional), services of interest and the free-text message you write.

Technical data collected automatically when you visit the site: IP address, session identifier, user agent (browser/OS version), browser language, referrer URL and access timestamp.

Cookies and similar technologies: detailed in section 7. By default, only essential cookies are stored; analytics and marketing cookies require your explicit consent in the banner.

To respond to your quote request or commercial inquiry — legal basis: pre-contractual steps (LGPD Art. 7, V).

To operate and secure the site (technical logs, abuse prevention, rate-limiting) — legal basis: legitimate interest (LGPD Art. 7, IX), balanced against your rights.

When you consent, to measure audience (analytics) and optimize campaigns (marketing) — legal basis: consent (LGPD Art. 7, I), revocable at any time.

To comply with legal, regulatory or authority requests — legal basis: legal obligation (LGPD Art. 7, II).

Infrastructure providers operating the site under our instructions (Vercel / Hostinger, Cloudflare, transactional email provider). These processors are contractually bound to confidentiality.

Analytics and marketing tools only if you consent — Google (Consent Mode v2), Meta, LinkedIn, RD Station or similar, depending on the integrations active at the time.

Occasionally, public authorities in response to a legally grounded court order or regulatory request.

We do not sell, rent or trade personal data with third parties for their own commercial purposes.

Form content (lead): up to 24 months after the last contact, unless there is an active commercial relationship or a longer legal retention obligation.

Technical logs (IP, user agent, requests): up to 6 months, except when needed for a security incident investigation.

Consent records (LGPD Art. 8 §1): for the duration of the processing plus 5 years for evidentiary purposes.

LGPD Art. 18 grants you the rights to confirm processing exists, access your data, correct incomplete information, anonymize or delete unnecessary data, port to another provider, revoke consent and be informed about sharing.

To exercise any of these rights, write to eddie.dias@nsync.com.br with the subject "LGPD — data subject rights". We respond within 15 days.

You can also petition Brazil's data protection authority (ANPD) directly at gov.br/anpd.

We use three categories: essential (always on, required for the site to work), analytics (aggregate usage, opt-in) and marketing (campaign attribution, opt-in).

You can review and adjust your choice at any time via the "Customize" link in the footer or in the banner. Before any choice, all Google Consent Mode v2 signals default to denied.

Traffic always over HTTPS with HSTS. Baseline security headers (X-Frame-Options, Referrer-Policy, Permissions-Policy). Per-IP rate limit on the contact endpoint. Anti-bot honeypot. PII-redacted logs in fallback mode.

No system is fully immune; in case of a security incident that may cause relevant risk or harm, we will notify affected data subjects and the ANPD within the deadlines of LGPD Art. 48.

Some processors supporting the site are based outside Brazil (e.g. CDN, analytics, email providers). When there is an international transfer, we require contractual safeguards and a protection level compatible with LGPD (Art. 33).

Any relevant change will be published at this same URL with a new date at the top. Material changes will be signalled in the cookie banner, forcing a fresh consent review.