Legal

Privacy Policy

PulseFlow Tecnologia

Responsible company: PULSEFLOW TECNOLOGIA LTDA
CNPJ: 62.683.137/0001-45
Last updated: July 2026

This Privacy Policy describes how PulseFlow Tecnologia, maintained by PULSEFLOW TECNOLOGIA LTDA, registered under CNPJ No. 62.683.137/0001-45, collects, uses, stores, shares, and protects personal data in the context of this institutional website (pulseflow.technology), its forms, newsletter, communications, and technology consulting services.

For the purposes of this Policy, the terms "PulseFlow Tecnologia", "we", "us", "our", or "website" refer to this institutional website and the digital channels currently operated by PULSEFLOW TECNOLOGIA LTDA.

This Policy should be read together with the Terms of Use and the Cookie Policy of PulseFlow Tecnologia.

This Policy has been prepared in accordance with Brazilian Law No. 13,709/2018, the Brazilian General Data Protection Law, known as the LGPD, and other applicable personal data protection regulations.

1. Scope of this Policy

This Policy applies to personal data processed by PulseFlow Tecnologia in situations such as:

  • browsing this website;
  • filling out the contact form;
  • subscribing to the newsletter;
  • participating in commercial or technical meetings arising from a contact initiated through this website;
  • interacting with institutional, commercial, or support communications;
  • carrying out contracted consulting projects, with respect to personal data that may be present in artifacts, documents, or communications shared during the project.

This Policy does not apply to products developed by PulseFlow Tecnologia, such as DevAgents OS and PulseFlow One, which have their own Privacy Policies, nor to third-party websites, tools, or services with their own policies, even if accessible through links available on this website.

2. Who is the controller of personal data

For personal data collected directly through this website, forms, newsletter, and institutional relationships, the controller of personal data is PULSEFLOW TECNOLOGIA LTDA, registered under CNPJ No. 62.683.137/0001-45.

In contracted consulting projects where PulseFlow Tecnologia processes personal data on behalf of a client - for example, data present in documents, tickets, code, or technical artifacts shared for the performance of the service - PulseFlow Tecnologia may act as a processor of personal data under the LGPD, according to the client's instructions and the applicable agreement.

The specific definition of roles, responsibilities, purposes, legal bases, security measures, retention periods, and confidentiality obligations for a specific project will be detailed in a service agreement, commercial proposal, confidentiality agreement, data processing agreement, or equivalent document.

3. Personal data we may collect

3.1. Data provided through the contact form

When filling out this website's contact form, we collect:

  • name;
  • email;
  • company (optional);
  • role (optional);
  • message.

Contact requests originating from links shared through specific channels may carry a source identifier (UTM), used internally to attribute the contact to the correct channel, not for advertising purposes or sale to third parties.

3.2. Data provided when subscribing to the newsletter

When subscribing to the newsletter, we collect the email address provided and a record of consent (double opt-in). The subscription status - pending, confirmed, or cancelled - is kept to demonstrate the data subject's expression of will, including after cancellation.

3.3. Website browsing and usage data

When accessing this website, we may collect technical data such as IP address, browser type, device type, operating system, pages accessed, traffic source, and selected language, for security, website operation, and, with consent, usage analysis purposes. Details about cookies and similar technologies used for this purpose are described in the Cookie Policy.

3.4. Data processed in contracted consulting projects

During the execution of a contracted consulting project, PulseFlow Tecnologia may access documents, technical artifacts, code repositories, tickets, diagrams, metrics, or other information provided by the client, which may occasionally contain personal data of the client's own employees, customers, or third parties.

The processing of this data is governed by the applicable service agreement, commercial proposal, or confidentiality agreement for the project, and not solely by this Policy. We recommend that clients remove, mask, anonymize, or minimize unnecessary personal data before sharing artifacts for analysis.

4. Sensitive personal data

PulseFlow Tecnologia does not aim to collect sensitive personal data, such as information about racial or ethnic origin, religious belief, political opinion, trade union membership, health data, biometric data, genetic data, sex life, or sexual orientation.

If sensitive data is incidentally submitted through the contact form or through artifacts shared during a consulting project, PulseFlow Tecnologia may process it only when strictly necessary for the performance of the service, compliance with a legal obligation, the exercise of legal rights, or another basis permitted by applicable law.

5. Data of children and adolescents

PulseFlow Tecnologia's services are intended for companies and professionals, and are not directed at children or adolescents.

We do not intentionally collect personal data from children or adolescents. If accidental processing of this type of data is identified, we will adopt reasonable measures for deletion, anonymization, or adjustment of the processing, as applicable.

6. Purposes of data processing

6.1. Relationship and service

  • responding to requests submitted through the contact form;
  • scheduling meetings and presentations;
  • sending information about requested services or products;
  • maintaining a relationship history with leads and clients.

6.2. Newsletter and institutional communications

  • sending editorial content to newsletter subscribers;
  • processing subscription confirmations and cancellations;
  • communicating relevant updates about services, terms, or policies, as applicable.

6.3. Performance of contracted consulting services

  • providing the consulting services described in the applicable proposal or agreement;
  • preparing reports, recommendations, analyses, and technical deliverables;
  • supporting decisions related to architecture, modernization, AI, data, DevOps, and delivery governance.

6.4. Security, auditing, and risk prevention

  • protecting this website and its forms against misuse, abuse, or unauthorized access;
  • recording technical events for auditing and traceability;
  • diagnosing failures and anomalous behavior.

6.5. Website and service improvement

  • analyzing, in an aggregated manner and with consent, how visitors use the website;
  • improving content, forms, and features;
  • generating aggregated usage statistics.

6.6. Compliance with legal and regulatory obligations

  • complying with tax, accounting, labor, contractual, or regulatory obligations;
  • responding to requests from competent authorities;
  • exercising rights in administrative, judicial, or arbitration proceedings;
  • preserving records required by law.

7. Legal bases for processing

PulseFlow Tecnologia may process personal data based on the following legal bases provided under the LGPD:

  • performance of a contract or preliminary procedures related to a contract, when processing is necessary to respond to a contact, prepare a proposal, or provide a contracted consulting service;
  • legitimate interest, when necessary for commercial relationships, website improvement, security, fraud prevention, and relevant communications, always observing the fundamental rights and freedoms of data subjects;
  • consent, when required by law or when the data subject authorizes a specific purpose, such as subscribing to the newsletter or the use of non-essential cookies;
  • compliance with a legal or regulatory obligation, when necessary to meet legal, tax, accounting requirements, or orders from competent authorities;
  • regular exercise of rights, including in contracts and judicial, administrative, or arbitration proceedings.

8. Use of artificial intelligence

This institutional website does not use artificial intelligence to automatically process personal data submitted through contact forms or the newsletter.

When a contracted consulting project involves the use of artificial intelligence tools - for example, to support technical analysis, architecture, or automation - such use will be defined within the scope of the applicable agreement, with appropriate human review, and is not governed by this Policy.

9. Cookies and similar technologies

This website uses essential cookies for its operation and may use analytics cookies, with consent, to understand how visitors interact with the content.

The categories of cookies used, their purposes, durations, and how to manage your preferences are described in detail in this website's Cookie Policy.

10. Sharing of personal data

PulseFlow Tecnologia does not sell, rent, or commercialize personal data.

We may share personal data only when necessary and in a manner compatible with this Policy, including in the following cases:

  • with service providers essential to the operation of this website, such as hosting, email delivery (SMTP), and analytics;
  • with technical or commercial partners involved in the execution of a contracted consulting project, subject to confidentiality obligations;
  • with public authorities, regulators, or courts, when necessary to comply with a legal obligation or valid order;
  • for the regular exercise of PulseFlow Tecnologia's rights, including in judicial, administrative, or arbitration proceedings;
  • in any corporate transactions, such as a merger, acquisition, or reorganization, subject to applicable safeguards.

When we act as a processor of personal data in a consulting project, sharing will follow the instructions of the client acting as controller and the applicable contractual instruments.

11. International data transfers

PulseFlow Tecnologia may use hosting, infrastructure, email, or analytics providers located in Brazil or in other countries.

When international transfers of personal data occur, we will adopt reasonable measures to ensure that the transfer complies with the LGPD, such as contractual clauses, supplier assessments, and appropriate security controls.

12. Data storage and retention

Personal data will be stored for the time necessary to fulfill the purposes described in this Policy, perform contracts, respond to requests, comply with legal obligations, or as permitted by applicable law.

Contact form: data submitted through the contact form (name, email, company, role, and message) is fully retained for up to 90 days from submission. After this period, the content is automatically deleted from our operational storage, keeping only minimal metadata (identifier, date, delivery status, and language) for auditing and security purposes.

Newsletter: the email address and subscription status (pending, confirmed, or cancelled) are kept while the subscription is active. After cancellation, the unsubscribe record is preserved - without the data being reused for new sends - to demonstrate the data subject's expression of will and to prevent future sign-ups without consent.

Consulting projects: retention periods for data processed within a contracted project follow the applicable service agreement or data processing agreement.

13. Information security

PulseFlow Tecnologia adopts technical and organizational measures to protect personal data against unauthorized access, loss, destruction, alteration, or improper disclosure, including, as applicable:

  • need-to-know access control;
  • encryption in transit;
  • recording and monitoring of relevant events;
  • credential and secrets management;
  • internal information security policies;
  • assessment of critical suppliers.

Despite the measures adopted, no system is completely immune to risk. In the event of a security incident that may result in relevant risk or harm to data subjects, we will adopt appropriate containment, investigation, remediation, and communication measures, as required by applicable law.

14. Data subject rights

Under the LGPD, data subjects may request, as applicable:

  • confirmation of the existence of processing;
  • access to processed personal data;
  • correction of incomplete, inaccurate, or outdated data;
  • anonymization, blocking, or deletion of data that is unnecessary, excessive, or processed in violation of the LGPD;
  • data portability, subject to applicable regulations;
  • information about data sharing with public and private entities;
  • withdrawal of consent;
  • deletion of data processed based on consent, when applicable;
  • objection to processing carried out based on one of the legal bases that waive consent, in case of non-compliance with the LGPD.

Requests will be assessed in accordance with applicable law, third-party rights, legal obligations, information security, and other legitimate retention or restriction grounds.

15. How to exercise your rights

To exercise your rights or clarify questions about the processing of personal data, the data subject may contact us through the contact page available on this website.

Upon receiving a request, we may ask for additional information to confirm the requester's identity and ensure that data is made available only to the data subject or an authorized legal representative.

When PulseFlow Tecnologia acts as a processor of personal data in a consulting project, the request may be forwarded to the client acting as controller, who is responsible for decisions regarding the processing.

16. Automated decisions

This website does not use personal data submitted through forms or the newsletter to make automated decisions that produce legal effects or significantly impact the data subject.

Should this change in the future, we will seek to ensure appropriate mechanisms for review, challenge, and human intervention, as required by applicable law.

17. Client responsibilities in contracted consulting projects

When contracting a consulting service, the client is responsible for:

  • ensuring it is authorized to share data, documents, code, or other artifacts with PulseFlow Tecnologia;
  • avoiding the submission of personal data that is unnecessary, excessive, or incompatible with the purpose of the project;
  • removing, masking, anonymizing, or minimizing personal data whenever possible;
  • protecting credentials, tokens, and access granted to PulseFlow Tecnologia's team;
  • informing PulseFlow Tecnologia of any specific security, confidentiality, or retention restrictions applicable to the materials provided.

18. Confidentiality

Confidential information shared during a negotiation or the provision of consulting services will be handled according to the confidentiality agreement, commercial proposal, or service agreement applicable to the project.

19. Links to third parties

This website may contain links to third-party platforms, such as WhatsApp, LinkedIn, and Instagram. PulseFlow Tecnologia is not responsible for the privacy, security, or content practices of such third parties.

We recommend that users read the privacy policies of any external service before providing personal data or using its features.

20. Updates to this Policy

This Policy may be updated periodically to reflect legal, regulatory, technical, operational, or commercial changes.

The date of the latest update will always be indicated at the beginning of this document. When relevant changes occur, we may notify users through this website or other appropriate channels.

21. Contact

For questions about this Policy, requests related to personal data, or the exercise of rights provided under the LGPD, please use the contact page available on this website.


PULSEFLOW TECNOLOGIA LTDA
CNPJ: 62.683.137/0001-45
Responsible for this website, its consulting services, and the PulseFlow product portfolio.