Your data is safe with us

Privacy Policy

Last updated: April 30, 2026

At DoesItClick, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform.

Data Protection Officer (DPO)

In accordance with the LGPD (Art. 41), we designate the following Data Protection Officer:

Email: privacy@doesitclick.ai

Role: Receive complaints from data subjects, receive communications from the ANPD, and guide employees on data protection practices.

1. Information We Collect

1.1 Personal Information

We may collect personal information that you voluntarily provide to us when you:

  • Register for an account
  • Use our platform
  • Contact our support team
  • Subscribe to our newsletter
  • Participate in surveys or promotions

This information may include:

  • Name and email address
  • Company name and job title
  • Payment information (processed securely by our payment provider)
  • Usage data and preferences

1.2 Usage Data

We automatically collect certain information when you visit, use, or navigate the platform. This information does not reveal your specific identity but may include:

  • Device and browser information
  • IP address and location data
  • Usage patterns and feature interactions
  • Log and performance data

2. How We Use Your Information

We use the information we collect for the following purposes, with their respective legal bases under the LGPD (Art. 7):

  • Provide, maintain, and improve our services
  • Process transactions and send related information
  • Send administrative information and updates
  • Respond to inquiries and offer support
  • Send marketing and promotional communications (with your consent)
  • Protect against fraudulent or illegal activity
  • Comply with legal obligations

Legal Bases (LGPD Art. 7)

  • Provide and maintain SaaS services — Performance of contract (Art. 7, V)
  • Process transactions and payments — Performance of contract (Art. 7, V)
  • Send administrative information — Performance of contract (Art. 7, V)
  • Respond to support requests — Performance of contract (Art. 7, V)
  • Send marketing communications — Consent (Art. 7, I)
  • Analyze product usage and improvements — Legitimate interest (Art. 7, IX)
  • Prevent fraud and ensure security — Legitimate interest (Art. 7, IX)
  • Comply with legal obligations — Legal obligation (Art. 7, II)
  • Process AI simulations — Performance of contract (Art. 7, V)

Use of Artificial Intelligence

We use artificial intelligence models (Gemini, provided by Google) to:

  • Generate personalized marketing personas
  • Simulate consumer reactions to marketing messages
  • Analyze and suggest improvements to marketing texts
  • Answer questions via assistant chat

Data sent to the AI provider:

  • Marketing content you create (texts, headlines, CTAs, pricing)
  • Persona descriptions and simulation parameters
  • Messages exchanged in the assistant chat
  • Project preferences and context

Protection measures:

  • In the chat assistant, personally identifiable data (emails, phone numbers, tax IDs) is automatically masked before being sent to the AI provider
  • The AI provider’s data handling is governed by its terms of service. Review Google’s AI privacy policy for details on data use for model improvement
  • We implement prompt injection detection and input limits

Right to review (LGPD Art. 20): You have the right to request a review of automated decisions that affect your interests. Since our simulations are auxiliary tools (not binding automated decisions), this right applies to any automatic product or pricing recommendations. To exercise this right, contact our DPO.

3. How We Share Your Information

We may share your information with:

  • Service Providers: Third-party vendors who provide services on our behalf
  • Business Partners: Partners with whom we jointly offer products or services
  • Legal Requirements: When required by law or to protect our rights
  • Business Transfers: In connection with a merger, sale, or acquisition

4. Data Security

We implement appropriate technical and organizational security measures to protect your personal information, including:

  • Encryption in transit (TLS 1.2+) and at rest (provider-managed encryption)
  • Security assessments and automated testing
  • Access controls and authentication requirements
  • Monitoring, alerting, and error reporting

5. Your Privacy Rights

In accordance with the General Data Protection Law (Law No. 13,709/2018), you have the following rights regarding your personal data:

  • Confirmation and access (Art. 18, I and II): confirm whether we process your data and request a copy
  • Correction (Art. 18, III): correct incomplete, inaccurate, or outdated data
  • Anonymization, blocking, or deletion (Art. 18, IV): of unnecessary, excessive, or non-compliant data
  • Portability (Art. 18, V): request a copy of your data in a structured format by contacting our DPO
  • Deletion (Art. 18, VI): request deletion of your account and associated data via your account settings or by contacting our DPO
  • Information about sharing (Art. 18, VII): know with whom your data was shared
  • Consent revocation (Art. 18, IX): withdraw consent at any time
  • Automated decision review (Art. 20): request review of decisions made exclusively by automated means
  • ANPD petition (Art. 18, §2): file a complaint with the National Data Protection Authority

Response time: 15 business days from the request (Art. 18, caput). To exercise your rights, contact our Data Protection Officer at privacy@doesitclick.ai.

6. Cookies and Tracking

We use the following cookies and tracking technologies:

Essential cookies (do not require consent): accessToken (JWT authentication, 7 days), refreshToken (session renewal, 30 days), temporary OAuth cookies (google_oauth_state, google_oauth_verifier, google_oauth_callback — used during Google login, expire in 10 minutes).

Analytics: We use first-party analytics (no third-party services such as Google Analytics). Usage data is collected only after your explicit consent via the cookie banner. Consent is stored in localStorage (doesitclick_analytics_consent).

Management: You can revoke your analytics consent at any time by clearing browser storage or contacting us. Essential cookies cannot be disabled without compromising the service.

7. Data Retention

We retain your personal data for the following periods:

  • Account data: retained while your account is active and deleted upon account deletion request
  • Payment data: retained as required for tax and legal compliance
  • Access logs: retained for up to 6 months (Internet Civil Framework, Art. 15)
  • Analytics events: retained for a limited period to support product improvement
  • Chat history: retained while your account is active
  • Simulation cache: temporary (automatically expires)
  • Authentication tokens: expire automatically after their configured lifetime

We retain personal data only for as long as necessary to fulfill the purposes described in this policy or as required by law. You may request deletion of your account and associated data at any time by contacting our DPO.

8. Children’s Privacy

Our services are not intended for individuals under 18 years of age, in compliance with the Child and Adolescent Statute (ECA) and the Digital ECA (in effect since March 2026). We do not knowingly collect personal information from children or adolescents. If we identify that a minor has provided personal data, we will take immediate steps to delete that information. Parents or guardians who become aware that a minor has provided us with data should contact us immediately at privacy@doesitclick.ai.

9. International Data Transfers

Your data may be transferred and processed outside of Brazil in the following situations:

  • Google (Gemini AI) — USA: simulation and chat processing — Standard Contractual Clauses (ANPD Resolution 19/2024)
  • Google (Cloud/Logging) — USA: hosting and monitoring — Standard Contractual Clauses
  • Google (OAuth) — USA: social authentication — Data subject consent
  • Stripe — USA: payment processing — Standard Contractual Clauses
  • RevenueCat — USA: subscription management — Standard Contractual Clauses
  • Tavily — USA: web search — Performance of contract
  • ipapi.co — Geolocation (fallback) — Legitimate interest

We implement appropriate safeguards for international transfers, including Standard Contractual Clauses where applicable. For details about contractual arrangements, contact our DPO.

Optional integrations configured by you (such as HubSpot, Salesforce, or Slack) may involve additional data transfers governed by your own agreements with those providers.

Data Protection Impact Report (DPIA/RIPD)

In compliance with LGPD Arts. 5, XVII and 38, we are preparing a Data Protection Impact Report (RIPD) to document personal data processing activities, risk assessments associated with the use of artificial intelligence, and the technical and organizational mitigation measures implemented. The RIPD will be made available to the ANPD upon request.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of our services after any changes indicates your acceptance of the updated policy.

11. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

  • Data Protection Officer (DPO): privacy@doesitclick.ai
  • Support: support@doesitclick.ai
  • Legal: legal@doesitclick.ai
  • Lumina Serviços de Consultoria LTDA — CNPJ 57.150.909/0001-43 — Santa Bárbara d’Oeste, São Paulo, Brazil
  • Response time: 15 business days.

Questions about privacy?

We're committed to transparency. If you have any questions about how we handle your data, our team is here to help.

Privacy policy | DoesItClick