1. Introduction and Data Controller
This Privacy Policy informs clients, users, debtors, creditors, investors, partners, service providers, and website visitors about the practices of PraQuitar Tecnologia e Serviços Financeiros Ltda., CNPJ/MF No. 32.842.827/0001-39 (“PraQuitar,” “we,” or the “Controller”), under Law No. 13,709/2018 (LGPD), Brazil's Internet Civil Rights Framework, Consumer Protection Code, and applicable Brazilian Central Bank (BACEN) regulations.
By accessing our website, using our services, or otherwise interacting with PraQuitar, the Data Subject acknowledges having read and understood this Policy.
2. Definitions
- Personal Data
- Information related to an identified or identifiable natural person.
- Sensitive Personal Data
- Data concerning racial or ethnic origin, religion, political opinion, health, sex life, genetics, or biometrics linked to a person.
- Processing
- Any operation performed on personal data, including collection, access, use, storage, sharing, modification, or deletion.
- Data Subject
- The natural person to whom the personal data relates.
- Controller
- The person or entity responsible for decisions concerning personal data processing.
- Processor
- The person or entity processing personal data on behalf of the Controller.
3. Personal Data Collected
Depending on the relationship, PraQuitar may collect identification and registration data; contact, professional, income, and employment data; debt, contract, banking, PIX, payment, proposal, settlement, score, and credit bureau information; IP address, device, browser, operating system, pages visited, approximate location, and cookies; as well as biometric, proof-of-life, KYC, and AML/CFT information.
4. Purposes and Legal Bases
Processing is based on one or more legal grounds under Articles 7 and 11 of the LGPD, including contract performance and preliminary procedures; compliance with legal or regulatory duties; legitimate interests such as fraud prevention and service improvement; consent where required; exercise of rights in proceedings; and credit protection.
5. Data Sharing
Subject to applicable legal bases and safeguards, data may be shared with partner financial institutions and QI Tech; creditors and assignees; receivables investment funds and structured vehicles; credit and antifraud bureaus; contracted processors such as cloud, communications, payment, legal, and collection providers; and public or judicial authorities when legally required. PraQuitar does not sell personal data.
6. International Data Transfers
International transfers, including those resulting from overseas cloud infrastructure, will occur only with an adequate level of protection or safeguards permitted by Article 33 of the LGPD, such as standard contractual clauses or certifications.
7. Storage and Retention
Data is retained only as long as necessary for the purposes described, subject to limitation periods, tax and financial-sector obligations—generally five to ten years after the relationship ends—and the need to demonstrate legal and contractual compliance. Data is then securely deleted or anonymized, except as permitted by Article 16 of the LGPD.
8. Security Measures
PraQuitar uses technical, administrative, and organizational safeguards, including encryption in transit and at rest, role-based access controls, least privilege, environment segregation, audit trails, monitoring, testing, internal security policies, and recurring training. Relevant security incidents will be reported to Brazil's Data Protection Authority (ANPD) and affected Data Subjects as required by Article 48 of the LGPD.
9. Data Subject Rights
Under Article 18 of the LGPD, Data Subjects may request confirmation of processing; access; correction; anonymization, blocking, or deletion; portability; deletion of consent-based data; information about sharing and the consequences of withholding consent; and withdrawal of consent. Requests may be sent to the DPO below and any denial will be justified under applicable law.
10. Cookies and Similar Technologies
We use cookies and similar technologies for operation, security, performance, and personalization. See our Cookie Policy for details.
11. Children and Adolescents
PraQuitar's services are intended for people aged 18 or older. We do not intentionally process children's or adolescents' data and will promptly delete inadvertently collected data.
12. Data Protection Officer (DPO)
Data Subjects and the ANPD may contact the DPO at edgard.melo@praquitar.com.br.
13. Changes to this Policy
This Policy may be updated due to regulatory developments, operational changes, or new products. The current version and its update date will remain available on the website.
14. Applicable Law and Venue
This Policy is governed by the laws of the Federative Republic of Brazil. The courts of São Paulo, State of São Paulo, are elected to resolve disputes, subject to any mandatory consumer venue.
PraQuitar Tecnologia e Serviços Financeiros Ltda.
CNPJ: 32.842.827/0001-39
Contact: edgard.melo@praquitar.com.br

