Privacy Policy

Welcome to the Privacy Policy of CNPJA TECNOLOGIA LTDA (“CNPJá” or “we”), registered under CNPJ No. 37.335.118/0001-80, which describes how we collect, use, store, and protect personal data when you (“user” or “you”) access our CNPJ query platform, comprising the web panel, API, Excel add-in, and other functionalities (“Platform” or “Services”). By using our Services, you acknowledge that you have read, understood, and agree with the terms described herein.

1. Data Collected

1.1. Data Provided Directly

When you register using a password, we collect your email address. If you choose to register via social media, we collect your name, email, and profile picture. To process subscriptions and billing, we also request your CPF or CNPJ and address. This data is necessary for identification, authentication, issuing invoices, and generating payment slips or PIX.

1.2. Data Collected Automatically

When browsing the Platform or performing queries, your IP address and user-agent information may be recorded. We also use analytics tools (such as Google Ads and Google Analytics) that may generate navigation cookies for statistical and advertising purposes. Session cookies are also used to authenticate and maintain your access.

1.3. Payment Data

We do not collect credit card data, as credit card payments are intermediated by PayPal, subject to PayPal’s own privacy policy. For payments via bank slip (boleto) or PIX, we collect CPF or CNPJ and address for issuing bills and invoices, as required by tax legislation.

1.4. Third-Party Data from Public Databases

CNPJá integrates information about companies (CNPJ and, when available, details of partners and directors) sourced from official databases (Federal Revenue Service, among others). This data is cached in our system and displayed on the Platform for query purposes.

2. Purposes and Legal Basis

2.1. Contract Performance

We process personal data to enable the creation and maintenance of user accounts, provide access to the Platform, offer CNPJ queries, make the API and Excel add-in available, and to process and finalize payments and subscriptions.

2.2. Consent

We rely on consent to send newsletters, informational materials, and promotional offers via email. The user may opt out of receiving these at any time through the site’s preference settings or the unsubscribe link in the email footer.

2.3. Legitimate Interest

Certain processing activities are based on legitimate interest, for example, to improve the user experience, maintain access logs, carry out occasional commercial communications, and reinforce the Platform’s security. We always respect the fundamental rights and freedoms of data subjects.

2.4. Legal Obligations

We comply with legal obligations related to invoice issuance, which requires the collection and retention of registration data (CPF, CNPJ, address) for tax purposes.

3. Use of Cookies and Tracking

3.1. Session and Analytics

The Platform uses session cookies to authenticate and keep your account logged in, as well as cookies generated by analytics tools, such as Google Analytics, which collect information about how you browse and interact with the website. If you prefer, you can adjust your browser settings to block or alert you about cookies. However, some functionalities may be limited if you do so.

3.2. Third-Party Cookies

Third-party services like Google Ads may generate advertising cookies to display more relevant ads. We also use internal tools (Prometheus, Grafana, Sentry) to monitor performance and detect errors, but they do not aim to personally identify the user, focusing instead on infrastructure and performance metrics.

4. Data Sharing

4.1. Third Parties and Providers

In order to enable payments, invoice issuance, and user authentication, we share personal data with partners:

  • Auth0, responsible for login management.
  • Banco Inter, responsible for issuing bank slips (boletos).
  • Nuvem Fiscal, responsible for issuing invoices.
  • PayPal, the intermediary for credit card payments.
  • Google Cloud (us-east1 region), where our servers are hosted.

4.2. International Transfer

Data may be processed or stored outside of Brazil, such as in the United States, using top-tier cloud infrastructure. We adopt security and data protection practices in compliance with applicable legislation for these transfers.

5. Retention and Deletion of Data

5.1. Registration Data and Logs

Registration data (name, email, CPF or CNPJ, address) remain stored as long as the account is active. Access logs (queries on the Platform, API) are retained for 45 days for security and auditing purposes.

5.2. Deletion Procedure

If you request your account to be deleted, access is immediately revoked. Registration data is kept for up to 30 days, after which it is permanently erased from our systems, except where there is a legal obligation to maintain specific information.

5.3. Invoices

Invoices issued by CNPJá cannot be deleted, as tax legislation requires their retention for an indefinite period or as stipulated by law.

6. Data Subject Rights

6.1. Access, Correction, and Deletion

You may access, update, or delete your personal data through the settings panel on the website or by contacting our DPO directly. In situations where legal or contractual obligations require retention, certain information may not be immediately deleted.

6.2. Portability and Withdrawal of Consent

You may request the portability of your data in a structured, commonly used format. At any time, consent for receiving newsletters can be withdrawn, either via the system itself or by using the link in the footer of the emails.

7. Information Security

7.1. Protection Measures

CNPJá implements security procedures such as daily backups, the use of firewalls, and restricted access control for the IT leadership, to prevent unauthorized access, alteration, or disclosure of stored personal data.

7.2. Security Incidents

In the event of significant incidents that may pose risks to data subjects, we will notify the competent authorities, including the Brazilian National Data Protection Authority (ANPD), as well as the users themselves, in accordance with legal requirements.

8. Third-Party Data and User Responsibility

The Platform displays information about companies, such as CNPJ and partner data, obtained from public databases and cached. Users must use this information in compliance with the LGPD and other applicable laws. The use of such data for commercial prospecting or any other purpose involving direct contact with third parties is the sole responsibility of the user.

9. Children and Adolescents

There is no age restriction for using the Platform. However, given the nature of the Services and the requirement to provide data such as CPF or CNPJ, the expectation is that the user has full legal capacity. If minors choose to use the Platform, supervision by a guardian is recommended.

10. Changes to this Policy

CNPJá may update this Privacy Policy at any time, whether to comply with legal changes or to reflect improvements and updates to our Services. We will notify you of significant changes through the Platform itself, by email, or other channels. Continued use after these changes are made public indicates acceptance of the new terms.

11. Contact

If you have any questions, requests, or complaints regarding this Privacy Policy or the processing of your personal data, you can contact our Data Protection Officer (DPO) at dpo@cnpja.com .

By using our Services, you confirm that you have read, understood, and agree with this Privacy Policy.