Legal Demarcation of Processing Agents
This Privacy Policy disciplines the collection, processing, storage, and deletion of personal data within the scope of the ChurnDefense Platform. It was structured under strict observance of the General Personal Data Protection Law (LGPD — Law No. 13.709/2018), with continuous alignment to the GDPR for cross-border data flows.
| Role | Entity | Scope |
|---|---|---|
| Controller | The Client (subscribing company) | Sovereign decisions on purpose, legal basis, and essential elements of data processing of its end users/subscribers |
| Processor | ChurnDefense (Platform Provider) | Strict processing under documented guidelines and instructions configured by the Client's administrator in the dashboard |
The Client, as Controller, bears the inalienable responsibility for: defining and sustaining the legal basis for primary data collection; validly obtaining consent (when required); and directly responding to data subject rights requests. ChurnDefense provides systemic tools (dashboards, APIs) to enable swift technical compliance.
ChurnDefense as Controller (Limited Scope)
ChurnDefense assumes the Controller role exclusively for two categories: (1) registration data of executive representatives and commercial contacts of its Clients (for B2B accounting, billing, and contract execution); and (2) anonymized, aggregated operational data used to train AI models, optimize prediction engines, and produce market benchmark reports. This secondary use is anchored in the legitimate interest legal basis (Art. 7, IX, LGPD) and supported by a Data Protection Impact Assessment (DPIA).
Data Categories Processed
The Platform processes several categories of data to deliver its analytical infrastructure:
B2B Commercial Contact Data
- Full names, institutional email addresses (@company), job titles, and phone numbers
- Company names, domains, and accounting registration data
- Data provided by Client administrators during account creation and profile management
Financial & Payment Metadata (End Users)
- Binary transactional status indicators (default/compliance)
- Encrypted hash tokens linking to payment methods — fully PCI-DSS Level 1 compliant, never storing raw card data
- Historical records of charge failures and decline patterns
- Card expiration temporal references (month/year only)
This data is captured exclusively through webhook integrations with external financial providers (Stripe, Iugu, Paddle), never through primary individual intrusion.
Behavioral & Analytics Data
- Timestamped event logs (UTC) of activities within the Platform
- Session analytics from connected sources (PostHog, GA4) via API integration
- Feature usage patterns and time-on-task metrics
- Engagement metrics with retention offers and cancellation flow interactions
Legal Bases for Processing
| Processing Activity | Legal Basis (LGPD) | Notes |
|---|---|---|
| Platform operation & service delivery | Contract Execution (Art. 7, V) | Essential for providing the contracted SaaS service |
| B2B billing & invoicing | Contract Execution (Art. 7, V) | Necessary for the commercial relationship |
| Security logging & fraud prevention | Legitimate Interest (Art. 7, IX) | Documented in DPIA; balancing test performed |
| AI model training on anonymized data | Legitimate Interest (Art. 7, IX) | Supported by irreversible anonymization process |
| Marketing communications | Consent (Art. 7, I) | Opt-in only; granular unsubscribe available |
| Compliance with legal obligations | Legal Obligation (Art. 7, II) | Tax records, audit trails, regulatory requirements |
In alignment with the ANPD's official Cookie Guidance and the Privacy by Design methodology, the Platform categorically rejects any form of dark patterns — deceptive interfaces designed to subvert, hinder, or exhaust the user's autonomy in managing their privacy preferences.
| Cookie Category | Purpose & Legal Basis | User Control |
|---|---|---|
| Strictly Necessary (Essential) | Session management, authentication tokens, CSRF protection, load balancing. Legal basis: Legitimate Interest / Contract Execution. | Cannot be disabled — disabling would render the Platform non-functional. |
| Analytics (Non-Essential) | Performance measurement, bottleneck detection, usability auditing. Anonymized statistical metrics only. | Opt-in only. Requires explicit prior consent via the cookie banner. Default state: disabled. |
ChurnDefense does not use marketing cookies or third-party advertising trackers. We do not sell, trade, or share personal data with advertisers.
Data Retention Periods
The principle of data minimization is rigorously implemented: data is retained only while its founding purpose imposes continued necessity.
| Data Type | Retention Period | Post-Termination |
|---|---|---|
| Client Data (end-user metadata) | Active contract duration | Permanently deleted within 30 days of contract termination |
| B2B commercial contact data | Active relationship + 5 years | Required by tax and regulatory obligations |
| Billing & financial records | Active contract + 5 years | Cold archival storage; mandatory regulatory retention |
| Audit logs & security events | 3 years from creation | Retained for legal defense and compliance audits |
| Anonymized/aggregated analytics | Indefinite | No personal data — not subject to deletion requests |
Data Subject Rights
In accordance with Chapter III of the LGPD and the GDPR, data subjects have the following rights:
- Access: Request confirmation and a copy of all personal data processed
- Correction: Request rectification of inaccurate or incomplete data
- Deletion: Request erasure of personal data ("right to be forgotten"), subject to legal retention obligations
- Portability: Request data in a structured, machine-readable format (CSV/JSON)
- Objection: Object to processing based on legitimate interest, including marketing
- Restriction: Request limitation of processing in contested accuracy or unlawful processing scenarios
- Review of automated decisions: Request human review of decisions made solely by automated processing (Art. 20, LGPD)
To exercise any of these rights, contact our Data Protection Officer at [email protected]. We respond within 15 business days (LGPD) or 30 days (GDPR). EU/EEA residents may also lodge a complaint with their local supervisory authority.
International Data Transfers
The Platform's infrastructure relies on cloud providers with data centers located outside Brazil. This constitutes an international transfer of personal data under Art. 33 of the LGPD.
Transfer Mechanisms
- Standard Contractual Clauses (SCCs): For transfers to the United States and other jurisdictions without an adequacy decision, the Provider integrates the mandatory SCCs established by CD/ANPD Resolution No. 19/2024 into all DPA instruments. These clauses are non-negotiable and must be incorporated in their entirety.
- EU Adequacy: Transfers to the European Economic Area are facilitated by the mutual adequacy recognition formalized in ANPD Resolution No. 32/2026, allowing free data flow without additional SCCs.
For full details on transfer governance, sub-processors, and security obligations, refer to our Data Processing Agreement (DPA).
Security Measures
We implement industry-standard and regulatory-mandated security measures:
- Data in transit encrypted using TLS 1.2 or higher
- Data at rest encrypted using AES-256
- Access to production systems restricted via SSO and MFA
- Regular penetration testing and security audits
- Infrastructure hosted on SOC 2-compliant cloud providers
- Logical segregation of tenant data in multi-tenant architecture
Responsible disclosure of security vulnerabilities: [email protected].
AI & Algorithmic Profiling
The Platform employs machine learning and AI for predictive churn analysis and hyper-personalization of retention offers. Article 20 of the LGPD guarantees data subjects the right to request review of decisions made solely by automated processing.
While customer retention strategies rarely produce discriminatory effects (e.g., offering a discount to prevent a corporate subscription cancellation), the Platform's design internalizes Privacy by Design and Privacy by Default principles — only meta-information strictly necessary for churn probability calculation is ingested.
Manipulative interfaces (dark patterns) designed to subvert, hinder, or exhaust user autonomy during cancellation flows are categorically prohibited. All persuasion mechanisms must be transparent, revocable, and based on legitimate value propositions, in accordance with LGPD, CPRA, and GDPR guidelines.
Children's Privacy
ChurnDefense is a B2B software platform intended for business professionals. We do not knowingly collect personal information from individuals under 18. If we become aware that a minor has provided data, we will delete it immediately. Contact [email protected] to report.
Policy Changes
We may update this Privacy Policy periodically. Material changes will be notified via email at least 30 days before taking effect, with the "Last updated" date revised at the top of this page. Continued use constitutes acceptance.
Contact the Data Protection Officer
For questions, rights requests, or concerns regarding this Privacy Policy:
ChurnDefense Tecnologia e Dados Ltda.
DPO Email: [email protected]
Privacy: [email protected]
We respond to all privacy inquiries within 15 business days (LGPD) or 30 days (GDPR).