Privacy Policy

FINTALK is committed to the privacy and confidentiality of information provided by all individuals with whom it interacts.

This Privacy Notice describes how we collect, use, store, and share personal data in our activities and digital platforms, in compliance with Law No. 13,709/2018 (LGPD) and complementary regulations from the National Data Protection Authority (ANPD).

It applies to all visitors, customers, suppliers, partners, and users who interact with the website https://fintalk.ai or use our services.

• •Personal data: any information related to an identified or identifiable natural person.
• •Data subject: natural person to whom the personal data refers.
• •Controller: legal entity that makes decisions about the processing of personal data (FINTALK).
• •Processor: legal entity that processes personal data on behalf of the controller.
• •Data Protection Officer (DPO): person appointed by the controller to act as a communication channel between the controller, data subjects, and ANPD.
• •ANPD: National Data Protection Authority.
• •Cookies: files or technologies that store information about user navigation.

FINTALK S.A. provides technology for companies to communicate with their consumers through conversational artificial intelligence, via audio and text.

Our company is registered under CNPJ No. 33.143.233/0001-00, headquartered at Rua Butantã, 194 - 4th floor - Pinheiros, São Paulo - Capital, 05424-000. São Paulo/SP, ZIP 05.424-000, is the controller of personal data processed on this website and its platforms.

The company operates in compliance with Brazilian legislation, including Resolution No. 3,954/2011 of the National Monetary Council (CMN), and maintains governance practices aligned with LGPD and ANPD resolutions.

If you have questions about the provisions of this Notice or wish to exercise any of your rights as a data subject, you can contact us through the following official channels:

Our commitment is to respond to your requests within an appropriate timeframe, in compliance with the General Data Protection Law.

• •Data Protection Officer (DPO): Bruno Souza Pinto
• •Substitute DPO: Eduardo Calazans
• •Email: [email protected]
• •Address: R. Butantã, 194 - 4th floor - Pinheiros, São Paulo - SP, 05424-000

We collect only the data strictly necessary for the execution of our services and customer service activities, including:

Data is collected directly (via forms, website, chatbots) or indirectly (through authorized processors).

• •Cookies
• •Full name, email address, phone number, and Company;
• •Digital identification data (IP address, online identifiers, access logs);
• •Information necessary for the execution of proposals and contracts with financial institutions, such as account opening, credit requests, and registration updates.

We process personal data under the following circumstances:

Compliance with legal or regulatory obligation (Art. 7, II): When processing is necessary to meet requirements imposed by Brazilian legislation or regulatory authorities (e.g., Central Bank, COAF, CMN).

Contract execution or preliminary procedures (Art. 7, V): When Personal Data is processed for the execution of contracts signed with data subjects or to meet pre-contractual stages.

Legitimate interest of the controller (Art. 7, IX): Refers to the use of Personal Data for promotion, prospecting, and offering financial products and services, always respecting the data subject's right to object to processing (opt-out).

Data subject consent (Art. 7, I): When using personal data for digital marketing purposes, use of non-essential cookies, newsletters, or personalized communications, through free, informed, and unequivocal consent of the data subject, which can be revoked at any time.

FINTALK ensures that all data processing based on legitimate interest is preceded by impact analysis and allows the exercise of opt-out at any time.

Personal data may be stored on servers located abroad. In such cases, specific contractual clauses and security measures compatible with the level of protection required by LGPD (art. 33 and following) are adopted.

Compliance with legal or regulatory obligations (Art. 7, II): Communication to public bodies or regulators (e.g., Central Bank, COAF, Federal Revenue Service), when required by law.

Service providers and technology operators (Art. 7, V): Involvement of infrastructure, hosting, security, data analysis, and technical support providers (such as AWS, Google Cloud, Microsoft Azure), who act under processor contract.

Judicial or administrative authorities (Art. 7, VI): Provision of data by court order, administrative process, or regular exercise of rights.

International transfer to cloud providers (Article 33): Storage on servers located outside Brazil, observing art. 33 of LGPD and contractual clauses that ensure an adequate level of protection.

We adopt technical and administrative security controls, aligned with standards such as ISO/IEC 27001, ISO/IEC 27002, and NIST Cybersecurity Framework, including:

Data is kept only for the time necessary to fulfill purposes or legal obligations, according to art. 15 and 16 of LGPD and Resolution CD/ANPD No. 15/2024. After this period, they are securely and auditably eliminated.

• •Data encryption at rest and in transit;
• •Role-based access control (RBAC);
• •Multi-factor authentication;
• •Log recording and monitoring;
• •Periodic vulnerability testing.

We use cookies in our online environments to improve your browsing experience, ensuring performance, security, and personalization according to your preferences and recurring visits.

Two types of cookies may be used: Session cookies (temporary, automatically deleted when browsing ends) and Persistent cookies (remain on the device for the period defined for each cookie or according to browser settings).

If you prefer, you can manage your cookie preferences directly in your browser.

Categories and Purposes:

Necessary Cookies: ensure basic website functionality and security features.

Functional Cookies: enable additional features such as social media sharing, feedback, and integration with third-party resources.

Performance Cookies: analyze website usage to optimize speed and usability, where we map improvement points in the user experience.

Analytical Cookies: provide access and user interaction metrics, such as number of visitors, most accessed pages.

Advertising Cookies: display personalized ads according to your interests and browsing behavior.

Data subjects have the rights provided in arts. 18 to 20 of LGPD, including:

Requests should be sent to our service channel, via email [email protected], as indicated in Section 4 of this Privacy Notice.

Responses will be sent within a reasonable timeframe and within the limits established by applicable legislation, ensuring transparency and respect for data subjects' rights.

• •Confirmation of existence and access to data;
• •Correction of incomplete or outdated data;
• •Anonymization, blocking, or deletion of unnecessary data;
• •Data portability;
• •Deletion of data processed with consent;
• •Information about sharing performed;
• •Consent revocation;
• •Review of automated decisions.

This Notice may be changed to reflect legal, regulatory, or technological changes.

The new version will be published on the FINTALK website with indication of the update date. We recommend that data subjects review this document periodically.

• •Law No. 13,709/2018 – General Data Protection Law (LGPD);
• •Resolution CD/ANPD No. 2/2022 – Processing Agents and Data Protection Officer;
• •Resolution CD/ANPD No. 3/2022 – Dosimetry and Sanctions;
• •Resolution CD/ANPD No. 4/2023 – Administrative Sanctioning Process;
• •Resolution CD/ANPD No. 15/2024 – Incident Communication and Processing Records;
• •Cookies and Tracking Technologies Guide (ANPD, 2024);
• •Information Security and Best Practices Guide (ANPD, 2023).