PRIVACY POLICY

Effective: December 22, 2025

[Your Company Name] ("we", "us", "our") operates [Your App Name] ("Service"), a SaaS platform for AI-powered file analysis. This Privacy Policy explains how we collect, use, store, and protect your information when you use our Service. We comply with Brazil's LGPD, EU GDPR, California CCPA/CPRA, and other applicable data protection laws.

1. INFORMATION WE COLLECT

1.1 Account Information
When you create an account: name, email address, billing information (processed by Stripe; we don't store card details), company name (B2B).

1.2 File-Related Information
- Files you upload for analysis
- Prompts/queries submitted with files
- Technical metadata: file size, file type, storage duration, token count/effort/time for LLM processing

1.3 Usage Statistics (Anonymized)
- App usage patterns (features used, session duration)
- System performance metrics (response times, error rates)
- Aggregated analytics via Sentry/Datadog (no file content)

1.4 Device & Network Information
- IP address, browser type, device type, operating system
- Approximate location (city level from IP)

1.5 Cookies & Tracking
See our Cookie Policy below for details.

We collect NO personal data from files unless you explicitly provide it (e.g., names in documents).

1. HOW WE USE YOUR INFORMATION

We use your data SOLELY to:
- Provide file analysis service (process files with AI models)
- Store files temporarily for service delivery
- Generate usage statistics for service improvement
- Detect/prevent fraud, abuse, security issues
- Process payments (via Stripe)
- Communicate service updates, billing
- Comply with legal obligations

WE DO NOT:
- Use your files or data to train AI models
- Sell, rent, or share your data with third parties for marketing
- Profile individuals or make automated decisions

1. LEGAL BASIS FOR PROCESSING (GDPR/LGPD/CCPA)

2. Contract: Necessary to deliver file analysis service

3. Consent: File uploads (you initiate processing)
4. Legitimate Interests: Security, fraud prevention, service analytics (balanced via DPIA)

5. Legal Obligation: Billing records, audit logs

6. DATA SHARING & SUB-PROCESSORS

We share data only with trusted processors bound by Data Processing Agreements:

No data shared with other third parties.

1. DATA RETENTION

1. INTERNATIONAL DATA TRANSFERS

Files may be processed in US/EU data centers. We protect transfers via:
- EU Standard Contractual Clauses (SCCs)
- Brazil LGPD adequacy measures
- Encryption in transit (TLS 1.3) and at rest (AES-256)

1. YOUR RIGHTS (LGPD/GDPR/CCPA)

You can exercise these rights anytime:

No discrimination for exercising rights.

1. SECURITY MEASURES

2. Files encrypted in transit (TLS 1.3) and at rest (AES-256)

3. Access controls: role-based, multi-factor authentication
4. Regular security audits and penetration testing

5. Breach notification within 48 hours (LGPD/GDPR)

6. CHILDREN'S PRIVACY

Service not directed to children under 13 (LGPD) or 16 (COPPA). We do not knowingly collect children's data.

1. CHANGES TO THIS POLICY

We may update this policy. Material changes notified via email or app notification.

1. CONTACT

Data Protection Officer: privacy@albedo.cloud
Brazil LGPD inquiries: dpo@albedo.cloud

Regional Addendum: BR

Brazil/LGPD Addendum

Last Updated: [Date]

This addendum supplements our Privacy Policy and applies to users in Brazil under the Lei Geral de Proteção de Dados (LGPD).

LGPD-Specific Rights

Under LGPD, you have the right to:

• Access your personal data
• Correct incomplete or inaccurate data
• Delete your personal data
• Data portability
• Revoke consent

Data Processing

We process your personal data in accordance with LGPD requirements and only for specified, explicit, and legitimate purposes.

Contact Information

For LGPD-related inquiries, please contact our data protection officer.