Privacy Policy
Last updated: 04/03/2026
1. Introduction
Synto Inteligencia Artificial Ltda ("Synto", "we", "us", or "our") is committed to protecting the privacy and personal data of its users. This Privacy Policy describes how we collect, use, store, share, and protect your personal data when you use the Synto AI platform (accessible at synto.ia.br), our mobile applications, and all related services. This policy has been prepared in accordance with the Brazilian General Data Protection Law (Lei Geral de Protecao de Dados Pessoais - LGPD, Law No. 13,709/2018) and other applicable legislation. By using our services, you acknowledge that you have read and understood this Privacy Policy.
2. Data We Collect
We collect the following categories of personal data: (a) Registration data: full name, email address, password (encrypted), profile picture (optional), and preferred language; (b) Usage data: conversation history with AI assistants, prompts submitted, responses generated, features used, access frequency, session duration, and interaction patterns; (c) Technical data: IP address, device type, operating system, browser type and version, screen resolution, unique device identifiers, and crash logs; (d) Payment data: when you subscribe to a paid plan, we collect billing information through our payment processor, including name on card and billing address - we do not store complete credit card numbers on our servers; (e) Communication data: messages sent to our support team, feedback, and survey responses; (f) Data collected automatically: through cookies and similar technologies, as described in Section 11 of this policy.
3. Legal Basis for Processing (LGPD Art. 7)
We process your personal data based on the following legal grounds provided by Article 7 of the LGPD: (a) Consent (Art. 7, I): for sending marketing communications, using non-essential cookies, and processing optional profile data; (b) Performance of a contract (Art. 7, V): to provide and maintain our AI services, manage your account, and process subscription payments; (c) Legitimate interests (Art. 7, IX): for improving our services, ensuring platform security, preventing fraud, and conducting internal analytics; (d) Legal obligation (Art. 7, II): to comply with tax, accounting, and regulatory requirements under Brazilian law; (e) Regular exercise of rights (Art. 7, VI): for establishing, exercising, or defending legal claims. You may withdraw your consent at any time for processing activities based on consent, without affecting the lawfulness of processing carried out prior to the withdrawal.
4. How We Use Your Data
We use your personal data for the following purposes: (a) Providing services: to operate the Synto AI platform, process your requests to AI assistants, and deliver personalized responses; (b) Account management: to create and maintain your account, authenticate access, and manage subscriptions; (c) Service improvement: to analyze usage patterns, improve AI model performance, develop new features, and optimize user experience; (d) Communication: to send service-related notifications, security alerts, updates about changes to our terms or policies, and, with your consent, marketing communications; (e) Security: to detect, prevent, and address fraud, abuse, security incidents, and technical issues; (f) Legal compliance: to comply with applicable laws, regulations, and legal proceedings; (g) AI training: anonymized and aggregated data may be used to improve the performance and accuracy of our AI models, always respecting data minimization principles.
5. Data Sharing
We do not sell your personal data. We may share your data with the following categories of recipients, always under strict confidentiality and data protection agreements: (a) AI model providers: we use multiple third-party AI models to power our platform - conversation data is sent to these providers for processing, subject to their respective data processing agreements; (b) Cloud infrastructure providers: for hosting, storage, and computing services; (c) Payment processors: to process subscription payments securely; (d) Analytics providers: for aggregated and anonymized platform analytics; (e) Legal and regulatory authorities: when required by law, court order, or to protect our legal rights; (f) Business transfers: in the event of a merger, acquisition, or sale of assets, your data may be transferred to the successor entity, subject to this Privacy Policy. All third-party service providers are contractually obligated to protect your data and may only process it for the purposes specified by us.
6. Artificial Intelligence Provisions
As an AI platform, we wish to be transparent about how your data interacts with artificial intelligence systems: (a) Conversation processing: your prompts and conversations are sent to AI model providers to generate responses - this processing is essential to delivering the service; (b) No automated decision-making with legal effects: we do not use AI to make automated decisions that produce legal effects or similarly significant impacts on you without human oversight; (c) AI-generated content: responses generated by AI assistants may not always be accurate, complete, or up-to-date - users should verify critical information independently; (d) Model training: we may use anonymized and aggregated interaction data to improve our services, but we will never use your identifiable personal conversations for third-party model training without your explicit consent; (e) Multiple models: our platform integrates various AI models, each with its own capabilities and limitations, and different models may be used for different types of requests.
7. International Data Transfers
Your personal data may be transferred to and processed in countries outside of Brazil, including the United States and European Union countries, where our AI model providers, cloud infrastructure, and other service providers operate. When transferring data internationally, we ensure adequate levels of protection through: (a) Contractual clauses that guarantee the same level of data protection required by the LGPD; (b) Verification that recipient countries provide an adequate level of data protection; (c) Use of providers that adhere to internationally recognized data protection frameworks. In all cases, we take reasonable measures to ensure your data is treated securely and in accordance with this Privacy Policy.
8. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected: (a) Account data: retained for as long as your account is active, plus 6 months following account deletion to allow recovery; (b) Conversation history: retained for as long as your account is active, unless you choose to delete specific conversations; (c) Payment records: retained for 5 years after the transaction, as required by Brazilian tax legislation; (d) Technical logs: retained for up to 12 months for security and troubleshooting purposes; (e) Anonymized data: may be retained indefinitely as it no longer constitutes personal data. After the retention period, data is securely deleted or anonymized using industry-standard methods.
9. Your Rights Under the LGPD
In accordance with Articles 17-22 of the LGPD, you have the following rights regarding your personal data: (a) Confirmation of processing: you may request confirmation of whether we process your personal data; (b) Access: you may request access to your personal data held by us; (c) Correction: you may request correction of incomplete, inaccurate, or outdated data; (d) Anonymization, blocking, or deletion: you may request anonymization, blocking, or deletion of unnecessary or excessive data, or data processed in non-compliance with the LGPD; (e) Portability: you may request the portability of your data to another service provider; (f) Deletion: you may request deletion of personal data processed with your consent; (g) Information about sharing: you may request information about public and private entities with which we have shared your data; (h) Revocation of consent: you may revoke your consent at any time; (i) Opposition: you may oppose processing activities that do not require consent if they violate the LGPD. To exercise any of these rights, contact us at suporte@synto.ai with the subject line "LGPD - Data Subject Request". We will respond within 15 business days.
10. Data Security
We implement robust technical and organizational security measures to protect your personal data, including: (a) Encryption of data in transit using TLS/SSL protocols; (b) Encryption of sensitive data at rest; (c) Access controls and authentication mechanisms restricting data access to authorized personnel; (d) Regular security audits and vulnerability assessments; (e) Incident response procedures for detecting and responding to data breaches; (f) Employee training on data protection and information security practices; (g) Secure development practices integrated into our software development lifecycle. Despite our best efforts, no method of data transmission or storage is 100% secure. In the event of a security incident involving personal data, we will notify affected users and the National Data Protection Authority (ANPD) in accordance with the LGPD.
11. Cookies and Tracking Technologies
We use cookies and similar tracking technologies to enhance your experience on our platform: (a) Essential cookies: necessary for the operation of the platform, including session management and authentication - these cannot be disabled; (b) Functional cookies: remember your preferences, such as language and theme settings; (c) Analytics cookies: help us understand how users interact with our platform, allowing us to improve our services - these are used with your consent; (d) Performance cookies: monitor platform performance and help us identify and fix issues. You can manage your cookie preferences through your browser settings or through our cookie consent banner displayed when you first visit our platform. Disabling certain cookies may affect the functionality of our services.
12. Children's Data
The Synto AI platform is not intended for children under 18 years of age. We do not knowingly collect personal data from children under 18. If you are under 18, you may only use our services with the consent and supervision of a parent or legal guardian, as required by Article 14 of the LGPD. If we become aware that we have collected personal data from a child under 18 without appropriate parental consent, we will take steps to delete that information promptly. Parents or guardians who believe their child has provided personal data to us without their consent should contact us at suporte@synto.ai.
13. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will: (a) Post the updated policy on our platform with a new "Last updated" date; (b) Notify you through the platform or via email before the changes take effect; (c) Request renewed consent where required by law. We encourage you to review this Privacy Policy periodically. Your continued use of our services after any changes constitutes acceptance of the updated policy.
14. Contact and Data Protection Officer
If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us: Email: suporte@synto.ai (include "LGPD" in the subject line for data protection inquiries). Our Data Protection Officer (DPO), as required by Article 41 of the LGPD, can be reached at the same contact address. The DPO is responsible for: (a) Receiving complaints and communications from data subjects and the ANPD; (b) Providing guidance to our employees on data protection practices; (c) Carrying out other duties determined by the data controller or established in complementary rules. You also have the right to file a complaint with the Brazilian National Data Protection Authority (ANPD) at www.gov.br/anpd if you believe your data protection rights have been violated.