top of page

Privacy Policy

Last revised on May 19, 2025

1. INTRODUCTION
AIDA is a technology company specialized in the development and application of artificial intelligence to improve customer experience.
We are committed to the privacy and protection of personal data provided by our clients, employees, and external providers.

2. PURPOSE
To describe how we collect, use, store, share, and protect personal information, in compliance with Law No. 13.709 – LGPD.

3. DEFINITIONS

  • Controller: Person or entity responsible for processing personal data.

  • Personal Data: Information that identifies a natural person.

  • Sensitive Personal Data: Information that may cause discrimination or harm to privacy.

  • Processor: Person or entity that processes personal data on behalf of the controller.

  • Privacy: The right to the reservation of personal information.

  • Data Subject: Natural person to whom the personal data refers.

  • Processing: Operations carried out with personal data.

4. SCOPE
Applies to AIDA’s managers, employees, and external providers regarding personal data.

5. DATA COLLECTED
AIDA collects and processes personal data provided by its clients (controllers) for the provision of our services. The information collected includes:

  • Recordings and service chat data: Interactions of customers and franchisees with the controller’s services, which may include parts of names or identification data disclosed by the customer during service.

6. PURPOSES OF PROCESSING
Personal data is processed for the following purposes:

  • Service provision: Analyzing customer interactions to extract qualitative information.

  • Continuous improvement: Using insights to enhance services and processes.

  • Legal compliance: Meeting legal and regulatory obligations.

7. DATA STORAGE AND SECURITY
Personal data is stored as required for the provision of services, using security measures such as encryption and monitoring. The storage infrastructure used is the Google Cloud Platform, located in the South America-East1 (São Paulo) region, which holds ISO/IEC 27001 certification.

8. DATA SHARING
AIDA does not share personal data with third parties. Data is processed exclusively by the platform and in accordance with contracts established with our clients.

9. DATA SUBJECT RIGHTS
AIDA does not require identification data to perform its activities. AIDA’s main goal is to obtain qualitative information that helps improve overall service processes. Our solution does not track individual behavior. However, identification data may occasionally be received as part of recordings.
To exercise their rights of access, correction, anonymization, blocking, deletion, portability, and revocation of consent regarding personal data, data subjects must contact the controllers directly.

10. INTERNATIONAL DATA TRANSFER
Data is predominantly processed and stored in Brazil. However, some specific processes use services that operate internationally. These data may only be processed in countries that follow LGPD (General Data Protection Law) and/or GDPR (General Data Protection Regulation) guidelines, ensuring an adequate level of data protection. Specific processes include:

  • GPU Cloud: We use GPU cloud services that may operate outside Brazil.

  • OpenAI: We integrate OpenAI services, whose operations may involve data processing outside Brazil.

11. INCIDENT RESPONSE
Any incident, suspected breach of law, or violation of personal data security must be reported via email: compliance@aidacx.com.br.

12. COMMUNICATION CHANNEL AND DATA SUBJECT RIGHTS
As a Small-Scale Processing Agent (ATPP), pursuant to Resolution CD/ANPD No. 2 of January 27, 2022, AIDA is not required to formally appoint a Data Protection Officer (DPO). However, to reinforce its commitment to privacy and data protection, AIDA has appointed a DPO, Márcio Ferreira Vasconcelos Júnior, who acts as the point of contact between data subjects, the organization, and the National Data Protection Authority (ANPD).
Requests related to data subject rights must be sent via email: compliance@aidacx.com.br.

13. TRAINING AND AWARENESS POLICY
All employees and external providers undergo regular training in best practices for data protection and information security, ensuring they remain updated and aware of their responsibilities.

14. POLICY REVIEW AND UPDATES
This policy will be periodically reviewed to ensure compliance with applicable laws and regulations, as well as to reflect changes in AIDA’s data processing practices.

15. FINAL PROVISIONS
This document must be read and interpreted under Brazilian law, in Portuguese, together with other applicable standards and procedures.
Any improper, unlawful, unauthorized actions or those contrary to this Policy or to other AIDA information security rules and procedures shall be considered violations in themselves and will be subject to the penalties provided in the General Regulations, service contracts, employment contracts, and other institutional rules.
In case of questions regarding this Policy or other AIDA information security procedures, the interested party may request clarification via email: compliance@aidacx.com.br.

bottom of page