Privacy Policy
Last updated: June 4, 2026
This is a courtesy translation. The Portuguese version is the legally binding document.
Summary: We collect only the minimum necessary to operate the platform. We do not store the results of your searches; we keep the searched term for up to 90 days (security and abuse prevention, admin-restricted), anonymized thereafter. We do not sell your data. Analytics and marketing cookies only with your consent. You can access, correct, or delete your data at any time.
1. Controller and Data Protection Officer (DPO)
espectrosint is the controller of the personal data processed on this platform. For data protection matters, contact our Data Protection Officer (DPO) at contato@espectrosint.com. This policy describes how we collect, use, share, and protect your data when using espectrosint.com, in compliance with Law No. 13.709/2018 (LGPD).
2. Data We Collect
Account data: e-mail, name and, for social login, the provider identifier (Google/GitHub); subscribed plan and billing data (processed by Stripe — we do not store full card data); account creation date.
Usage data: credits consumed, access logs (IP address, date/time), and operational metadata, for security and abuse prevention.
Cookies and analytics: cookie and campaign identifiers (e.g., utm, gclid) and browsing data collected by analytics and marketing tools, with your consent (see section 7).
Uploaded files: images or files you upload for analysis are processed only for the requested purpose and not retained beyond what is necessary.
What we do NOT keep: we do not store the returned results of your searches. We log the searched term for at most 90 days (security and abuse prevention, admin-restricted) and anonymize it thereafter — see section 5.
3. Legal Basis for Processing
We process your data on the following LGPD legal bases:
- Performance of a contract (Art. 7, V): creating and authenticating the account, processing payments, and applying plan limits;
- Legitimate interest (Art. 7, IX): security, fraud/abuse prevention, and service improvement;
- Compliance with a legal obligation (Art. 7, II): tax obligations and responding to authorities;
- Consent (Art. 7, I): analytics and marketing cookies and promotional communications.
4. How We Use Your Data
We use your data to manage the account and authentication; process payments and subscriptions; apply usage limits; prevent abuse and ensure security; measure and improve the service; and communicate relevant updates.
5. Search Logging
Searches are processed in real time and results delivered to your browser — we do not store the results on the server. For security, abuse prevention, usage-limit enforcement, and operational metrics, we log each search's metadata (timestamp, search type, and number of results) and the searched term. The term is restricted to administration, retained for at most 90 days, and anonymized thereafter. The legal basis is our legitimate interest in keeping the service secure and reliable (Art. 7, IX, of the LGPD). As for third-party data you search, you are the controller and responsible for the legal basis of that processing (see section 10 and the Terms of Use).
6. AI Analysis
If you request the AI-narrated analysis (dossier), the results of that search are sent to our AI provider (Anthropic) solely to generate the text, and are not used to train models. This is automated processing; you may request review under Art. 20 of the LGPD.
7. Cookies and Tracking
We use essential cookies (required for login and security, always on) and, with your consent via the banner, cookies for:
- Analytics: Google Analytics and Microsoft Clarity, to understand usage and improve the platform;
- Marketing: Google Ads, to measure campaigns and conversions.
You may reject or change your preferences at any time via the cookie banner or your browser settings.
8. Data Sharing (Processors)
We do not sell or rent your data. We share only what is strictly necessary with processors that provide services to us, under confidentiality obligations:
- Stripe — payment processing;
- Neon — database;
- Akamai/Linode — server hosting;
- Cloudflare — CDN, security, and content delivery;
- Resend — transactional and newsletter e-mail delivery;
- Google (Analytics and Ads) and Microsoft Clarity — analytics and marketing (with consent);
- Anthropic — generation of the AI analysis (only when requested).
We may also share data to comply with a legal obligation or court order, or to protect the rights and security of espectrosint and its users.
9. International Data Transfer
Some of the processors above are located outside Brazil (for example, in the United States). By using the service, your data may be transferred internationally. In such cases we adopt appropriate safeguards (contractual clauses and providers committed to data protection standards), under Art. 33 of the LGPD.
10. Your Role When Searching Third Parties
For your registration data, espectrosint is the controller. For the data of third parties you search, you are the controller and espectrosint acts as a processor — it is your responsibility to have a legal basis for that processing (see the Terms of Service).
11. Data Security
We implement industry-standard security measures:
- HTTPS connections with TLS for all communications.
- Passwords stored with Argon2id hashing (never in plain text).
- Authentication tokens in HttpOnly cookies (inaccessible to JavaScript).
- Rate limiting for brute-force attack prevention.
- Database with encrypted connections (SSL).
12. Data Retention
We keep account data while the account is active. Upon a deletion request, we remove personal data within 30 days, except data the law requires us to keep (e.g., tax records). Access logs are kept for up to 90 days for security, per the Brazilian Internet Act.
13. Your Rights (LGPD)
You have the right to: confirmation and access; correction; anonymization, blocking, or deletion of unnecessary data; portability; information about whom we share data with; revocation of consent; objection to processing; and review of automated decisions. To exercise them, contact our DPO at the e-mail below. You may also file a complaint with the National Data Protection Authority (ANPD).
14. Children's Data
The service is intended for people aged 18 or over and is not directed at children or adolescents. We do not knowingly collect minors' data; if we identify any, we will delete it.
15. Changes to This Policy
We may update this policy periodically. Significant changes will be communicated via e-mail or platform notification. The last update date is shown at the top of this page.
16. Contact
For questions, requests, or complaints about privacy, contact our DPO: contato@espectrosint.com. You may also contact the ANPD (gov.br/anpd).