Privacy Policy
1. Scope and Controller
This Policy applies to all interactions with the Web Chat, the Maritaca API, on-premise distributions of the Sabiá models, and the management and documentation platform. The data controller is Maritaca Inteligência Artificial Ltda., CNPJ 48.565.396/0001-40.
2. Data Collection Channels
We collect only information necessary to provide the service, originating from account registration (name, email, company, password hash), user-submitted content (prompts, texts, files), technical logs (IP address, timestamp, token count, approximate geolocation), cookies, support records, and payment processors (e.g., Stripe). We do not use public databases nor process sensitive data or data of minors.
3. Retention
Account data is retained while the account is active, plus five years thereafter. User content is retained for thirty days. Technical logs are retained for eighteen months; financial records for ten years, as required by tax regulations.
4. Legal Bases
We process data to perform the contract and provide the service; to protect legitimate interests for fraud prevention and service improvement; to comply with legal obligations; and to obtain consent where required (marketing or analytics cookies).
5. Purposes of Use
To operate, maintain, and improve the services; measure token consumption and bill accordingly; provide support and administrative communications; develop new features without using user content to retrain models (unless expressly agreed); and comply with legal or judicial obligations.
6. Sharing
Data is shared only with service providers under confidentiality obligations, legal authorities, corporate successors with an equivalent level of protection, or third parties designated by the user with consent. External links have their own policies.
7. Cookies
We use strictly necessary cookies for authentication and load balancing; optional analytics cookies for metrics (up to twelve months); and functional cookies for language preferences (up to six months). Users may manage preferences via the banner or browser, acknowledging that refusing essential cookies may affect the service.
8. Security
We apply TLS 1.2+ encryption in transit and AES-256 at rest, role-based access control (RBAC), environment segregation, continuous audits, and annual penetration testing, following ISO 27001 guidelines.
9. Disposal
Upon expiration of retention periods, data is anonymized or destroyed using data shredding techniques, unless otherwise required by law.
10. Data Subject Rights
To confirm processing; access, correct, port, anonymize, block, or delete data; object to processing based on legitimate interest; withdraw consent; and request review of automated decisions. We may request identity verification and deny requests supported by legal obligations or protection of trade secrets, always with justification.
11. International Transfers
When using cloud infrastructure outside Brazil, we ensure equivalent protection through standard contractual clauses or adequacy assessments.
12. Children and Adolescents
Services are intended for individuals over 18 years of age; data of minors is removed upon identification.
13. Changes
Material changes will be communicated 30 days in advance, and prior versions will remain available for reference.
14. Contact
15. Version History
- July 15, 2025 (this version)
