Acquafy Corporation ("Acquafy", "we" or "our") is committed to protecting your privacy. This Privacy Policy describes how we process the personal data you provide to us or that we collect when you use our website, platform, application and other services ("Services").
This policy complies with the Brazilian General Data Protection Law (LGPD — Law No. 13.709/2018), the European Union General Data Protection Regulation (GDPR) and other applicable privacy and data protection laws.
1. Data Controller
The controller responsible for processing your personal data is:
2. Personal Data We Collect
2.1 Data you provide
- Full name and email address when creating an account or filling in contact forms
- Address and delivery information for order processing
- Payment data (securely processed by PCI-DSS certified providers)
- Messages, questions and requests sent through our support channels
- Preferences and settings of your account on the Acquafy Platform
2.2 Automatically collected data
- IP address, browser type and operating system
- Pages visited, time on page and clicks (browsing data)
- Device identifiers and approximate geolocation data
- Acquafy app usage information and purifier telemetry data (IoT)
- Cookies and similar technologies (detailed in Section 6)
2.3 Data received from third parties
- Social network information when you choose to authenticate via social login
- Data from distribution partners to support resellers and integrators
- Identity verification information from authorised service providers
3. Processing Purposes
We use your personal data for the following purposes:
- Service provision: account creation and management, order processing and product delivery
- Customer support: responding to queries, maintenance requests and after-sales service
- Service improvement: analysis of platform, app and IoT device usage to improve features
- Marketing communications: sending newsletters, offers and news, with prior consent
- Legal and regulatory obligations: compliance with applicable legal, tax and regulatory requirements
- Security and fraud prevention: detection of suspicious activity and protection of service integrity
- Personalisation: offering content, recommendations and experiences tailored to your profile
4. Legal Bases for Processing
We process your data on the following legal bases under the LGPD and GDPR:
5. Data Sharing
We do not sell your personal data to third parties. We may share it only in the following situations:
5.1 Service providers
We share data with suppliers that help us operate the Services (payment processing, cloud hosting, email delivery, data analytics), always under a data processing agreement with confidentiality and security obligations.
5.2 Distribution partners
Authorised resellers and integrators in the Acquafy network may receive data necessary for order fulfilment, technical support and device installation in your region.
5.3 Legal obligation
We may disclose data when required by law, court order or competent authority, or when necessary to protect the rights and security of Acquafy, our users or third parties.
5.4 Corporate transfers
In the event of a merger, acquisition or sale of assets, data may be transferred to the new controller, who will be bound by the obligations of this policy.
7. Data Retention
We retain your personal data for as long as necessary to fulfil the purposes described in this policy, unless the law requires or permits a longer period. The criteria used to determine retention periods include:
- Period during which you maintain an active account with our Services
- Legal and regulatory retention obligations (e.g. tax data for 5 years)
- Applicable statute of limitations for potential disputes or claims
- Need to maintain records for security and fraud prevention
After the contractual relationship ends and the applicable retention period expires, data is securely deleted or anonymised.
8. Data Security
We adopt appropriate technical and organisational measures to protect your data against unauthorised access, loss, destruction or improper disclosure, including:
- Encryption in transit (TLS/HTTPS) and at rest for sensitive data
- Role-based access controls (RBAC) and multi-factor authentication for internal systems
- Continuous security monitoring and vulnerability management
- Regular privacy training and awareness programmes for employees
- Security incident response procedures with notification to authorities and data subjects when required by law
No data transmission or storage system is 100% secure. In the event of an incident that puts your data at risk, we will notify the competent authorities and affected data subjects within the legal timeframes.
9. Your Rights as a Data Subject
Under the LGPD and other applicable laws, you have the following rights regarding your personal data:
To exercise any of these rights, contact us by email at info@acquafy.com. We will respond within 15 business days, as required by the LGPD.
10. International Data Transfers
Acquafy operates globally and may transfer your personal data to countries outside Brazil or the European Economic Area. In such cases, we ensure the transfer is carried out with appropriate safeguards:
- Standard contractual clauses approved by the European Commission and the ANPD
- Transfer to countries offering an adequate level of protection recognised by the competent authority
- Internationally recognised certifications and codes of conduct
- Explicit consent of the data subject where applicable
11. Minors
Our Services are not directed at persons under 18 years of age. We do not intentionally collect personal data from children or adolescents. If we become aware that we have collected data from a minor without verifiable parental consent, we will delete that data immediately.
If you are the guardian of a child and believe they have provided us with personal data, please contact us by email at info@acquafy.com.
12. Changes to This Policy
We may update this Privacy Policy periodically to reflect changes in our Services, applicable laws or our privacy practices. When we make material changes, we will notify you through:
- A prominent notice on our website for a reasonable period
- Email notification to account holders when changes are significant
- Updating the "Last updated" date at the top of this policy
We recommend that you review this policy regularly. Continued use of the Services after changes take effect constitutes acceptance of those changes.
13. Contact and Data Protection Officer (DPO)
For any questions, requests or complaints relating to this Privacy Policy or the processing of your personal data, please contact our Data Protection Officer:
You also have the right to lodge a complaint with the Brazilian National Data Protection Authority (ANPD) or the supervisory authority in your country of residence.