This Privacy Policy explains how Tolv processes personal data in its websites, platforms, support, sales, service, training, communications and digital services.
1. Privacy commitment
Tolv values security, confidentiality and responsible use of personal data. This policy was reviewed to provide more clarity about processing purposes, data subject rights and responsibilities.
Personal data processing is carried out according to applicable law, including the Brazilian General Data Protection Law (LGPD) and, when relevant, the Brazilian Internet Civil Rights Framework.
2. Data we may collect
We may collect data provided directly by you, data generated during use of websites and platforms, and data required for support, subscription, billing, technical support, commercial relationship and security.
- registration data such as name, email, phone, company, role, CPF or CNPJ, address and billing information;
- access data such as IP address, browser, device, date, time, accessed pages, cookies and technical identifiers;
- support data such as messages sent by chat, forms, tickets, emails, attachments, ratings and interaction history;
- data inserted by customers in the platforms, including users, contacts, companies, tickets, content, flows, knowledge bases, automation, integrations and settings.
3. Why we process data
We process data to provide and improve services, create and manage accounts, provide support, issue invoices, process payments, communicate with customers, protect the platform, comply with legal obligations and support commercial relationships.
4. Controller and processor roles
Depending on the context, Tolv may act as controller of data collected on its own sites and commercial channels, or as processor for data inserted by customers in the platform.
When Tolv acts as processor, the customer is responsible for defining the legal basis, purpose, processed data, communications to data subjects, handling of rights and other applicable obligations as controller.
5. Customer data inside the platform
Data inserted by customers in their accounts belongs to the respective customer and the involved data subjects. Tolv processes this data to enable platform operation and provision of contracted services.
Tolv support is not authorized to access, consult, copy, modify, configure or operate customer account data, even when there is authorization or request from the customer.
When necessary, support may guide the customer by phone, chat, email, video or screen-sharing meeting so the customer can perform settings, checks or adjustments inside its own account.
6. Data sharing, subprocessors and transfers
Tolv does not sell personal data. Sharing may occur when necessary for service operation, legal compliance, protection of rights, fraud prevention, infrastructure, billing, tax issuance, communication, analytics, integrations and tools contracted by the customer.
Service provision may involve subprocessors and providers of infrastructure, communication, support, payments, tax issuance, analytics, security, artificial intelligence, email, storage, messaging, APIs and integrations.
Some providers may be located outside Brazil or use international infrastructure. In these cases, Tolv adopts measures compatible with LGPD and limits sharing to the purposes necessary for operation, security, support, legal compliance or customer contracting.
7. Cookies, analytics and advertising
We use cookies and similar technologies for website operation, chat support, security, preferences, metrics, navigation analysis and, when applicable, campaigns and ads.
More details are available on the Cookie policy page.
8. Security, logs and retention
We adopt technical and administrative measures to protect data against unauthorized access, loss, alteration, destruction, misuse or improper disclosure.
We may keep logs, access records, IP addresses, authentication events, security events, audit trails and technical records for platform protection, fraud prevention, incident investigation, diagnostics, billing, legal compliance and regular exercise of rights.
Data is kept for the time necessary to fulfill the stated purposes, legal, tax, regulatory, contractual obligations, regular exercise of rights, security, audit and fraud prevention. After this period, data may be deleted, anonymized or retained when there is an applicable legal basis.
9. Data subject rights
Under LGPD, data subjects may request confirmation of processing, access, correction, anonymization, blocking, deletion, portability, information about sharing, review of automated decisions when applicable and withdrawal of consent.
Some requests may depend on identity validation, legal basis analysis, contractual or legal obligations and Tolv’s role in processing. When Tolv acts as processor on behalf of a customer, certain requests may be directed to the responsible controller.
10. Third-party links and services
Our websites and platforms may contain links, integrations, channels, APIs, payment providers, analytics tools, communication tools, AI and other third-party services. Use of these environments may be subject to those third parties’ own policies.
11. Changes to this policy
This policy may be updated to reflect legal, technical, commercial or operational changes. The current version will be published on this site, with the update date indicated.
12. Privacy contact
For questions or requests about privacy and data protection, contact us through the website contact form or Tolv chat, informing the request context and the data required for identification.