Personal data processing (LGPD/GDPR)
Last updated: December 26, 2025
Operator: Engenhacao Software Lab Ltda · CNPJ 22.724.817/0001-45
Rua do Bom Jesus, 183 – Recife – PE, 50.030-170 – Brazil
Contact: contatos@alffaia.com
This document is provided for informational purposes and may be adjusted as the product, infrastructure, and integrations evolve. Legal review is recommended before enterprise operations.
This Policy explains how Alffaia processes personal data in connection with the Service. It applies to Users and Customer representatives who access the platform and website.
The data controller is Engenhacao Software Lab Ltda (CNPJ 22.724.817/0001-45), Rua do Bom Jesus, 183 – Recife – PE – Brazil. Contact: contatos@alffaia.com.
We collect, as necessary to provide the Service:
• Name
• Corporate email
• Role/title
• Company
• IP address and access logs
We do not collect sensitive data.
We process operational data submitted by the Customer and Users, such as tasks, hours, estimates, metrics, and integration data. This data is used to operate the Service and generate reports.
We process personal data to provide the service and operate the platform, including authentication, corporate account administration, support, and communications. Legal bases may include contract performance, legal obligations, and legitimate interests (where applicable).
Alffaia uses artificial intelligence to support analyses and recommendations using anonymized data. This means we remove/transform direct identifiers to reduce re-identification risks.
We do not sell personal data. We may share data with service providers strictly necessary to operate the Service, including Divio (infrastructure), and other providers such as email/security services where applicable. Processors act under instructions and confidentiality obligations.
As we operate across Brazil and the European Union, international transfers may occur. Where applicable, we implement appropriate safeguards (e.g., contractual clauses and technical/organizational measures).
As provided by the Customer, upon account cancellation data is automatically deleted, unless retention is legally required or minimally necessary for legitimate purposes.
We implement technical and organizational measures to protect data, including encryption in transit, access controls, environment segregation, and monitoring. No security measure is absolute; Customers should also apply strong credential and access practices.
Data subjects may request access, rectification, deletion, portability, restriction/objection (where applicable), and information about processing. Requests should be sent to contatos@alffaia.com. We may request additional information to verify identity and ensure security.
The website and platform may use cookies and technical logs for functionality, security, and user experience improvements. Where applicable, cookie preferences may be provided on the website.
We may update this Policy to reflect legal or Service changes. The current version will be published on the website.