Privacy Policy

1. Introduction

Gabriel Araujo Rudy Consultoria em Tecnologia da Informação, a Brazilian company (CNPJ: 48.868.347/0001-87), operating under the brand name Niv (“we,” “us,” or “our”) is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our collaborative note-taking platform and related services (“Service”).

This Privacy Policy applies to all users of our Service, regardless of location, and complies with applicable privacy laws including the Brazilian Lei Geral de Proteção de Dados (LGPD), the European General Data Protection Regulation (GDPR), and relevant US privacy laws.

2. Information We Collect

2.1 Information You Provide Directly

We collect information that you provide directly to us, including:

• Account Information: Name, email address, and password when you create an account
• Profile Information: Additional profile details you choose to provide
• Content: Notes, documents, files, and other content you create, upload, or share through our Service
• Communications: Messages you send to us, including customer support inquiries
• Payment Information: Billing details and payment information for subscription services

2.2 Information Collected Automatically

When you use our Service, we automatically collect certain information, including:

• Usage Data: Information about how you use our Service, including features accessed and time spent
• Device Information: Information about your device, including IP address, browser type, operating system, and device identifiers
• Log Data: Server logs that include your IP address, access times, pages viewed, and other diagnostic data
• Cookies and Tracking Technologies: We use cookies and similar technologies to collect information about your browsing activities

2.3 Information from Third Parties

We may receive information about you from third parties, such as:

• Authentication services (Google, GitHub) when you sign in through these platforms
• Analytics providers that help us understand how users interact with our Service
• Payment processors for billing and subscription management

3. How We Use Your Information

We use the information we collect for the following purposes:

• Service Provision: To provide, maintain, and improve our collaborative note-taking platform
• Account Management: To create and manage your account and provide customer support
• Communication: To send you service-related notifications, updates, and marketing communications (with your consent)
• Personalization: To customize your experience and provide relevant content and features
• Analytics: To analyze usage patterns and improve our Service functionality
• Security: To protect against fraud, abuse, and security threats
• Legal Compliance: To comply with applicable laws, regulations, and legal processes
• AI Features: To provide AI-powered assistance and content generation features

4. Legal Basis for Processing (LGPD Compliance)

Under the Brazilian LGPD, we process your personal data based on the following legal bases:

• Consent: When you provide explicit consent for specific processing activities
• Contract Performance: To fulfill our contractual obligations in providing the Service
• Legitimate Interest: For our legitimate business interests, such as improving our Service and security measures
• Legal Obligation: To comply with applicable laws and regulations
• Vital Interest Protection: To protect vital interests of data subjects or third parties

You have the right to withdraw your consent at any time where processing is based on consent, without affecting the lawfulness of processing based on consent before its withdrawal.

5. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information in the following limited circumstances:

• Service Providers: With trusted third-party service providers who assist us in operating our Service (hosting, analytics, payment processing)
• Collaboration Features: With other users as part of the collaborative features of our Service, as directed by you
• Legal Requirements: When required by law, court order, or government agency
• Business Transfers: In connection with a merger, acquisition, or sale of assets (with appropriate safeguards)
• Protection of Rights: To protect our rights, property, or safety, or that of our users or others

All third-party service providers are contractually required to maintain appropriate security measures and use your information only for the purposes we specify.

6. Data Security

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit and at rest
• Regular security assessments and penetration testing
• Access controls and authentication mechanisms
• Employee training on data protection and security practices
• Incident response procedures for security breaches

While we strive to protect your personal information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but continuously work to improve our security measures.

7. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

7.1 Rights Under Brazilian LGPD

• Access: Right to obtain confirmation about the processing of your data and access to your data
• Correction: Right to request correction of incomplete, inaccurate, or outdated data
• Anonymization or Deletion: Right to anonymization, blocking, or deletion of unnecessary or excessive data
• Portability: Right to data portability to another service provider
• Information: Right to information about public and private entities with which we share data
• Consent Withdrawal: Right to withdraw consent for data processing
• Objection: Right to object to processing based on legitimate interest

7.2 Other Privacy Rights

Users in other jurisdictions may have additional rights, including:

• Rights under GDPR for European Union residents (similar to LGPD rights)
• Rights under CCPA for California residents (access, deletion, opt-out of sale)
• Rights under other applicable state and federal privacy laws

7.3 Exercising Your Rights

To exercise any of these rights, please contact us using the information provided in the Contact section below. We will respond to your request within the timeframes required by applicable law.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws than your country.

When we transfer personal data from Brazil or the European Union to other countries, we ensure appropriate safeguards are in place, including:

• Standard contractual clauses approved by relevant authorities
• Adequacy decisions by Brazilian or European authorities
• Other appropriate transfer mechanisms as permitted by law

9. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Retention periods vary based on the type of information:

• Account Information: Retained while your account is active and for a reasonable period after account deletion
• Content Data: Retained according to your content management preferences and legal requirements
• Usage and Analytics Data: Typically retained for up to 2 years for analytics purposes
• Legal and Compliance Data: Retained as required by applicable laws and regulations

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our Service. Cookies are small data files stored on your device.

10.1 Types of Cookies

• Essential Cookies: Necessary for the Service to function properly
• Performance Cookies: Help us analyze how users interact with our Service
• Functional Cookies: Remember your preferences and settings
• Marketing Cookies: Used to deliver relevant advertisements (with your consent)

10.2 Cookie Management

You can control cookies through your browser settings. However, disabling certain cookies may affect the functionality of our Service. We provide cookie preference controls where required by applicable law.

11. Children’s Privacy

Our Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information.

For users between 13 and 18 years of age, we require parental or guardian consent before collecting their personal information, in accordance with applicable laws.

12. Third-Party Services

Our Service may contain links to third-party websites or services that are not operated by us. This Privacy Policy does not apply to third-party services. We encourage you to review the privacy policies of any third-party services you visit.

We may integrate with third-party services (such as authentication providers) that have their own privacy policies. Your use of these services is subject to their respective privacy policies.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

• Posting the updated Privacy Policy on our website with a new “Last Updated” date
• Sending you an email notification (for material changes that affect your rights)
• Providing in-app notifications where appropriate

Your continued use of our Service after any changes indicates your acceptance of the updated Privacy Policy.

14. Data Protection Officer

In compliance with LGPD requirements, we have designated a Data Protection Officer (DPO) to oversee our data protection practices and serve as a point of contact for data protection matters.

You can contact our DPO regarding any questions about this Privacy Policy or our data processing practices using the contact information provided below.

15. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us:

Regulatory Authority Contacts

If you are not satisfied with our response to your privacy concerns, you have the right to lodge a complaint with the relevant supervisory authority:

• Brazil: Autoridade Nacional de Proteção de Dados (ANPD)
• European Union: Your local Data Protection Authority
• United States: Federal Trade Commission (FTC) or relevant state attorney general