Privacy Policy

Version 1.0 | In effect as of May 4, 2026.

1. Who the Controller is

This Policy describes how Linx Softwares, registered under Brazilian tax ID (CNPJ) No. 63.208.063/0001-58, headquartered at Rua Valença, 18, Novo Hamburgo/RS, Brazil, ZIP 93537-310, collects, uses, shares and protects personal data related to the My AIssistant service (omeuauxiliar.com).

For the personal data of your leads and end customers who chat with the AI assistant on WhatsApp, you (the My AIssistant Customer) are the Controller and Linx acts as the Processor, under the Brazilian LGPD (Law 13.709/2018).

For the Customer's own registration, billing, usage and support data, Linx is the Controller.

2. Data Protection Officer (DPO)

For any request related to your personal data or to data protection law, contact our Officer:

Email: [email protected]

We respond within 15 calendar days, as required by the LGPD.

3. Data we collect

• Registration (Customer): full name, email, phone, tax ID (CPF or CNPJ).
• Company (Customer): legal name, business description, address, website, social media (optional fields).
• RAG knowledge: PDFs, FAQs, spreadsheets, audio, photos and text you upload to train your assistant.
• WhatsApp messages: the content of conversations exchanged between your AI assistant and your leads/end customers, including text, received media (image, audio, document) and metadata (date, number, read status).
• Payment: card data is processed directly by Stripe; we only store the subscription identifier, the last 4 digits of the card and the card brand.
• Usage and technical: IP address, device identifier, browser type, language, pages visited, dashboard actions, error logs.
• Support communication: emails, messages and attachments you send us.

4. Sensitive personal data

My AIssistant does not actively request sensitive personal data (health, biometrics, religion, sexual orientation, political opinion, union membership, etc.). If such data appears in messages received from your contacts, it is processed exclusively to operate the support service, with the same level of security applied to all other data.

You, as the Controller of that data, are responsible for ensuring an adequate legal basis to process it under article 11 of the LGPD.

5. Why we collect data and legal bases (article 7 of the LGPD)

• Contract performance: operate your account, process payments, maintain the AI assistant, send service notices, provide support.
• Compliance with legal and regulatory obligations: issue invoices, respond to requests from authorities, keep tax and access records (Internet Framework Act, art. 15) for at least 6 months.
• Legitimate interest: fraud prevention, platform security, audit logs, aggregated and anonymized metrics to improve the product.
• Consent: sending marketing emails, use of non essential cookies, optional integrations. You may withdraw consent at any time without affecting the continuity of the service.
• Regular exercise of rights: defense in judicial, administrative or arbitration proceedings.

6. Purposes of use

• Authenticate you in the dashboard and protect your account.
• Train your assistant with the documents you upload (RAG/embeddings).
• Process messages received on WhatsApp and generate AI responses.
• Charge the subscription, issue invoices and handle non payment.
• Send notices about the service, quota alerts, updates to the Terms and Policy.
• Generate aggregated and anonymized metrics for product evolution.
• Comply with legal and regulatory obligations and court orders.

7. Where data is stored

Most data is stored on our own infrastructure in Brazil (Hetzner Brazil VPS, self hosted Postgres), with encryption in transit (TLS 1.2+) and at rest. Backups are encrypted and replicated to secure external storage.

Payment tokens, API keys and WhatsApp instance secrets are kept in an encrypted vault with restricted access.

8. Sharing and international transfer

We do not sell your data. We share it only with Processors and partners strictly necessary to deliver the service, under contract and with the safeguards provided by the LGPD (articles 33 and 35) for international transfers.

• Stripe Payments Brasil Ltda. and Stripe, Inc. (USA): payment processing, antifraud. Data handled under standard contractual clauses and the PCI DSS standard. Stripe Policy.
• Resend, Inc. (USA): sending transactional emails (welcome, password recovery, alerts, invoices). Resend Policy.
• Cloudflare, Inc. (USA): bot protection (Turnstile) on sign up. Data handled ephemerally, without cross session tracking. Cloudflare Policy.
• Google LLC (USA), via Google AI / Gemini API: processing of messages by the AI model. Data sent via the Gemini API is not used to train Google's public models. Gemini API Terms.
• Evolution API and WhatsApp providers: routing of WhatsApp messages. WhatsApp is a service of Meta Platforms, Inc. (USA), with its own applicable policy.
• PostHog Inc. (USA) (optional): aggregated dashboard usage analytics. You can disable it from the dashboard.
• Public authorities: when required by law, court order or valid administrative request.

International transfers occur to the countries where the above providers operate (especially the United States), always supported by contractual clauses that ensure a level of protection compatible with the LGPD.

9. Retention

• Active account: data kept for as long as the contractual relationship lasts.
• Cancelled account: 30 days in a suspended state, then permanent deletion (hard delete), except for legal retention.
• WhatsApp messages: stored while the account is active, to allow context, history and auditing. You may request early deletion of the history through support.
• Access logs: 6 months, under article 15 of the Brazilian Internet Framework Act.
• Tax and accounting data: 5 years, under tax law.
• Backups: typical 30 day rotation; data deleted in production disappears from backups within that cycle.

10. Your rights as a data subject (article 18 of the LGPD)

You may, at any time, exercise the following rights:

• Confirm the existence of personal data processing.
• Access your data.
• Correct incomplete, inaccurate or outdated data.
• Anonymize, block or delete unnecessary or excessive data, or data processed in breach of the LGPD.
• Request data portability in a structured format (JSON).
• Delete personal data processed based on your consent, subject to legal retention.
• Obtain information about the public and private entities with which Linx shared the data.
• Be informed about the possibility of not providing consent and its consequences.
• Withdraw consent at any time.
• Object to processing based on one of the exemptions from consent, in case of breach of the LGPD.
• Request a review of automated decisions that affect your interests.

To exercise any right, use the "Export data" and "Delete my account" buttons in the dashboard or email [email protected]. We respond within 15 calendar days.

You may also file a complaint with the Brazilian Data Protection Authority (ANPD): gov.br/anpd.

11. Information security

We adopt reasonable technical and administrative measures to protect data, including encryption in transit and at rest, role based access control (RBAC), Row Level Security in the database, audit logging, continuous monitoring, encrypted backups, server hardening, network isolation, fail2ban, captcha on public forms and periodic security audits.

In the event of a security incident that may pose a relevant risk or harm, we will notify the ANPD and the affected data subjects within a reasonable timeframe, as required by the LGPD (article 48).

12. Cookies and similar technologies

We use cookies and similar technologies for different purposes:

• Essential: keep you logged in and protect against fraud. Cannot be disabled.
• Functional: remember dashboard preferences.
• Analytics (optional): PostHog to understand aggregated dashboard usage. You can disable it from the dashboard or your browser.

We do not use cookies for behavioral advertising or cross site third party tracking.

13. Children and adolescents

My AIssistant is not intended for people under 18. We do not knowingly collect data from children or adolescents. If you identify improper processing, contact the DPO for immediate removal.

14. Automated decisions and AI

The AI assistant generates responses automatically based on the knowledge you upload and the conversation history. These responses are informational and do not replace human decisions on sensitive matters (legal, medical, financial). You may, at any time, take over the conversation manually and, where applicable, request a review of the automated decision under article 20 of the LGPD.

15. Changes to this Policy

This Policy may be updated to reflect legal, regulatory or operational changes. Material changes will be communicated at least 15 days in advance by email and by notice in the dashboard. The current version is always available at omeuauxiliar.com/privacidade.

16. Contact

Officer (DPO): [email protected]
General support: [email protected]
Address: Rua Valença, 18, Novo Hamburgo/RS, Brazil, ZIP 93537-310
CNPJ: 63.208.063/0001-58

Version 1.0 | Last updated: May 4, 2026.