Privacy and Personal Data Protection Policy

Intellibold Tecnologia Ltda.

Last updated: May 2026
Privacy contact channel: privacy@intellibold.com

Transparency and Trust

This Policy has been prepared for public communication purposes. It clearly and accessibly describes how we process and protect personal data while maintaining the legal robustness required by enterprise clients.

1. Introduction

Intellibold Tecnologia Ltda. is a company specialized in optimizing cloud computing contracts through its ICO (Intellibold Cloud Optimization) offering.

The protection of personal data is an institutional commitment of Intellibold and guides our commercial relationships, contracting activities, project execution, and internal management processes.

2. Purpose of this Policy

This Policy transparently describes how Intellibold processes personal data and the measures adopted to protect such information, in compliance with the Brazilian General Data Protection Law (Law No. 13,709/2018 — LGPD) and the guidelines issued by the National Data Protection Authority (ANPD).

3. Scope of Application

This Policy applies to all personal data processing activities carried out by Intellibold, including:

  • Commercial prospecting (lead generation through events, referrals, and networking)
  • Contract negotiation and formalization (execution of NDAs, proposals, and agreements)
  • ICO project execution (communication with client teams, exchange of documents and emails)
  • Post-project activities (relationship management and follow-up)
  • Employee management (personal and employment-related data under employment contracts)
  • Website and marketing activities (newsletter subscriptions based on consent; cookies based on consent)

4. Roles in Data Processing

Intellibold may act:
(i) as a Data Controller, when it determines the purposes and means of processing in its own activities; and
(ii) as a Data Processor, when it processes data under the instructions of clients acting as controllers within the scope of contracted services.

5. What Personal Data We Process

In our activities, we primarily process ordinary personal data and predominantly professional contact data in a B2B context. The most common categories include:

  • Full name
  • Corporate email address
  • Telephone number
  • Position/Role
  • Taxpayer Identification Number (CPF), when applicable and exclusively for electronic signature and contractual formalization purposes

6. Sensitive Data and Data of Children and Adolescents

Intellibold does not routinely process sensitive personal data.

Intellibold does not process personal data of children or adolescents within the context of its activities.

7. Purposes and Legal Bases

Intellibold relies on legal bases established under the LGPD according to the purpose of each processing activity. In general, the main legal bases are:

  • Contract performance and preliminary procedures (e.g., execution and performance of contracts and NDAs; electronic signatures when applicable)
  • Legitimate interest (e.g., B2B commercial prospecting and maintenance of professional relationships, with opt-out options available)
  • Consent (e.g., newsletter distribution, when explicit consent is provided)
  • Compliance with legal or regulatory obligations (e.g., retention of documents for tax and accounting purposes)
  • Regular exercise of rights (e.g., maintenance of records for defense in judicial or administrative proceedings, when applicable)

8. Data Protection Principles

Intellibold adopts the data protection principles established under the LGPD and seeks to apply them practically in its activities, including purpose limitation, adequacy, necessity, transparency, security, prevention, non-discrimination, and accountability.

9. Data Lifecycle

The processing of personal data may involve the stages of collection, processing, storage, sharing, and disposal.

Intellibold seeks to limit data collection to the minimum necessary, maintain appropriate controls during use, and preserve essential records for the period applicable to the intended purposes and legal obligations.

10. Sharing with Third Parties

Intellibold does not sell, rent, or commercially share personal data.

Data sharing may occur on a limited basis when necessary to enable our activities, including with technology infrastructure providers, technical partners strictly necessary for the execution of contracted services, and public authorities when required by law or court order.

When applicable, we adopt contractual confidentiality and data protection commitments with third parties.

11. International Data Transfers

Intellibold uses cloud computing platforms with data centers located in Brazil and the United States.

When international data transfers occur, they result from the technological infrastructure used and are managed through applicable contractual mechanisms and security standards.

12. Information Security

Intellibold implements technical and organizational measures proportionate to the risks involved in order to protect personal data against unauthorized access and accidental or unlawful destruction, loss, alteration, disclosure, or dissemination.

Measures adopted include multifactor authentication, encryption of data in transit and at rest, access controls and audit logs, as well as organizational confidentiality practices and access management procedures.

13. Data Subject Rights

Under the LGPD, data subjects may request: access, correction, deletion (when applicable), portability, objection (when applicable), withdrawal of consent, and information regarding data sharing, when applicable.

To exercise their rights, data subjects must contact us through the channel indicated in this Policy.

14. How to Request the Exercise of Rights

Service channel: privacy@intellibold.com.

Intellibold seeks to respond to requests within 15 calendar days.

Responses are provided free of charge, except where requests are manifestly unfounded or excessively repetitive, as provided under the LGPD.

15. Data Retention and Disposal

Intellibold retains personal data only for the time necessary to fulfill the informed purposes and comply with legal and regulatory obligations.

At the end of the applicable retention period, data may be securely deleted or anonymized whenever feasible.

Category Retention Period
Active clients During the contract term + 5 years
Prospects Up to 6 months after the last contact
Newsletter subscriptions (consent-based) Until consent is withdrawn by the data subject
Employees During the employment relationship + 5 years after termination

16. Cookies and Preferences

Within the website context, browsing data may be collected through cookies only with the visitor’s consent.

17. Incident Management

Intellibold maintains a formalized incident response process involving personal data.

When a relevant risk exists, Intellibold may notify the ANPD and, when applicable, affected data subjects and clients, in accordance with Article 48 of the LGPD.

18. Data Protection Officer (DPO) and Contact

For questions, requests, and communications related to privacy and personal data protection, please contact: privacy@intellibold.com.

19. Updates to this Policy

This Policy may be periodically updated to reflect changes in our practices, applicable legislation, and ANPD guidelines. The update date is indicated at the beginning of this document.

20. Institutional Commitment

Intellibold works with organizations operating under high standards of corporate governance and seeks to adopt equivalent standards of privacy and data protection in its own processes.

Our approach is pragmatic and proportionate: we process personal data in a B2B context, adopt appropriate protection measures, and maintain communication channels for data subjects, clients, partners, and authorities.