Privacy Policy

This Privacy Policy describes how Brandao Engenharia de Software Ltda (CNPJ 49.783.594/0001-43, "ConnectPro", "we", or "us") collects, uses, shares, and protects personal data when you use the ConnectPro platform, the website at appconnectpro.app, and related services (collectively, the "Service").

ConnectPro is a multi-tenant business communications platform. We process personal data in two distinct roles: as a data controller for our direct customers (tenants, account holders) and as a data processor for the personal data that our customers send through the Service to their own end-recipients.

1. Data Controller and Contact

Data controller: Brandao Engenharia de Software Ltda, R. Estácio de Sá 1082, Apt. 1604, Zona 02, Maringá - PR, CEP 87.010-360, Brazil.

• Privacy questions and data subject requests: privacy@appconnectpro.app
• Data Protection Officer (DPO): dpo@appconnectpro.app
• Legal and contracts: legal@appconnectpro.app

2. What Personal Data We Collect

From account holders (our tenants). When you create or are invited to a ConnectPro account, we collect: name, email address, password (stored hashed), profile photo if provided, role within your tenant, billing details (handled by our payment processor), and authentication metadata (IP address, user agent, sign-in timestamps).

From end-recipients of WhatsApp messages. When our customers use ConnectPro to send messages to their own contacts via the WhatsApp Business Platform, we process those contacts' phone numbers, message content, delivery status, and any information the contacts include in their replies. We process this information on behalf of our customer (the tenant) under their instructions.

Technical and usage data. We log requests to our APIs (path, status code, latency), error events, feature usage, and session metadata for security, debugging, and product improvement.

Cookies and similar technologies. We use strictly necessary cookies for authentication and session management. We do not use advertising cookies. We may use privacy-respecting analytics to understand product usage in aggregate.

3. Lawful Basis for Processing

For European Economic Area (GDPR) and Brazilian (LGPD) users, we rely on the following:

• Performance of a contract (LGPD Art. 7, V; GDPR Art. 6(1)(b)) — to provide the Service you signed up for.
• Legal obligations (LGPD Art. 7, II; GDPR Art. 6(1)(c)) — to comply with tax, accounting, and regulatory requirements.
• Legitimate interests (LGPD Art. 7, IX; GDPR Art. 6(1)(f)) — to secure the Service, prevent fraud and abuse, and improve product quality. We balance these interests against your rights and freedoms.
• Consent (LGPD Art. 7, I; GDPR Art. 6(1)(a)) — for any optional processing such as marketing communications about ConnectPro itself. You may withdraw consent at any time.

For end-recipients of messages sent through ConnectPro: the lawful basis is the relationship between the recipient and our customer (the tenant). Our customers are contractually required to maintain valid opt-in for every recipient and to comply with Meta's WhatsApp Business Messaging Policy.

4. How We Use Personal Data

• To provide, maintain, and improve the Service.
• To authenticate users and protect accounts.
• To deliver messages on behalf of our customers via the WhatsApp Business Platform.
• To process payments and issue invoices.
• To respond to support requests and communicate service updates.
• To detect, investigate, and prevent abuse, fraud, or violations of our Terms.
• To comply with legal, regulatory, and tax obligations.

5. Sub-Processors

We rely on the following third-party providers to operate the Service. Each is bound by a data processing agreement, and we share only the minimum data needed for the stated purpose.

• Google Cloud Platform / Firebase (United States, with EU regional options) — application hosting, authentication, and primary database.
• Meta Platforms Ireland Ltd. — WhatsApp Business Platform (Ireland / United States) — message delivery and inbound webhook routing.
• Stripe Payments Europe Ltd. (Ireland / United States) — subscription billing and payment processing.
• Resend (United States) — transactional email delivery.
• Cloudflare R2 (United States, with European edge nodes) — encrypted object storage for tenant uploads.

We update this list when sub-processors change. Material changes are communicated to account administrators by email at least 30 days before they take effect.

6. International Data Transfers

Some sub-processors are located outside Brazil and outside the European Economic Area. We rely on the European Commission's Standard Contractual Clauses, the ANPD's equivalent safeguards, and on adequacy decisions where applicable. Where we transfer data to the United States, we rely on the EU-U.S. Data Privacy Framework where the recipient is certified.

7. Data Retention

• Account data is retained for the lifetime of the account and for up to 5 years after closure for tax, accounting, and audit purposes, after which it is permanently deleted or anonymized.
• Message content sent through ConnectPro is retained for 90 days by default; tenants may configure shorter retention.
• Opt-in evidence for WhatsApp marketing recipients is retained for as long as the tenant uses ConnectPro plus 5 years after the contact opts out, in anonymized form, to defend against complaints.
• Audit logs are retained for 1 year for security and compliance purposes.

8. Your Rights

Under LGPD (Brazil) and GDPR (European Economic Area / United Kingdom), you have the right to: access your data, correct inaccurate data, delete your data (right to erasure), restrict or object to certain processing, request portability of your data, withdraw consent where applicable, and lodge a complaint with the relevant supervisory authority (ANPD in Brazil; the EU member state authority where you reside).

To exercise any of these rights, contact privacy@appconnectpro.app. We respond within 15 days under LGPD and within one month under GDPR. We may need to verify your identity before fulfilling a request.

If you are an end-recipient of WhatsApp messages sent through ConnectPro and your request relates to those messages, please contact our customer (the tenant) directly. We will forward your request to them and assist as required by law.

9. Security

We protect personal data with industry-standard safeguards, including transport encryption (TLS), at-rest encryption for credentials and sensitive content, role-based access controls, audit logging, multi-factor authentication for administrative access, and regular security reviews. No method of transmission or storage is fully secure; we cannot guarantee absolute security.

10. Children

The Service is not directed at children under 18. We do not knowingly collect personal data from individuals under 18. If we learn we have collected such data, we will delete it promptly. If you believe a child has provided us personal data, contact privacy@appconnectpro.app.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes are notified to account administrators by email at least 30 days before they take effect. The effective date at the top of this page reflects the latest revision.

12. Contact

Questions about this Privacy Policy or our data practices: privacy@appconnectpro.app
Data Protection Officer: dpo@appconnectpro.app
Postal address: R. Estácio de Sá 1082, Apt. 1604, Zona 02, Maringá - PR, CEP 87.010-360, Brazil.