Get in touch
Legal & Compliance

Privacy Policy

SYSOUT TECNOLOGIA LTDA CNPJ 25.336.602/0001-45 Last updated: June 15, 2025

Introduction

SYSOUT TECNOLOGIA LTDA ("Sysout", "we", "our" or "us") is a technology solutions company incorporated under Brazilian law, registered under CNPJ 25.336.602/0001-45, with its principal place of business at Rua 1A, nº 300, Quadra 21A, Lote 17, Setor Aeroporto, Goiânia — GO, Brazil. We develop and deliver intelligent software systems, custom automation, web and mobile applications, cloud infrastructure, and related technical consulting services.

This Privacy Policy explains, in plain language, how we collect, use, store, share and protect personal information when you visit our website at sysout.site, interact with our digital content, contact us through our website forms, or engage with us as a prospective or current client. It also describes the rights you have in relation to your personal data and how you can exercise them.

We take the trust you place in us seriously. Our data practices are designed to comply with Brazil's Lei Geral de Proteção de Dados Pessoais (LGPD, Law 13,709/2018), the European Union's General Data Protection Regulation (GDPR, Regulation (EU) 2016/679), and other applicable data protection and privacy laws. Where the LGPD and GDPR set different standards, we follow whichever affords the greater level of protection to the individual.

By using this website or submitting any information to us, you acknowledge that you have read and understood this policy. If you have questions or concerns at any point, you are welcome to contact us using the details in Section 11.

Information We Collect

We collect personal information only to the extent necessary to provide our services, respond to your enquiries, and improve our website. The categories below describe exactly what we collect, the source of that information, and the lawful basis under which we process it.

📋

Contact Form Submissions

When you fill out a contact, quote request, or lead form on our site, we collect the information you type in those fields — typically your full name, email address, phone number, company name, and the message or project description you provide. This data is collected based on your consent (LGPD: Art. 7, I / GDPR: Art. 6(1)(a)) and on our legitimate interest in responding to your enquiry and assessing potential commercial relationships.

🌐

Browsing & Technical Data

When your browser loads our website, our hosting infrastructure and analytics tools automatically receive certain technical data: your IP address (anonymised after 24 hours), browser type and version, operating system, referring URL, pages visited, time and date of each visit, and session duration. This is collected under our legitimate interest in understanding how our website is used and ensuring its correct technical operation.

🍪

Cookies & Similar Technologies

We use first-party and third-party cookies, pixels and local-storage mechanisms to remember your preferences, measure site performance, and serve relevant advertising via Google Ads. First-party session cookies are strictly necessary and do not require consent. Analytics and advertising cookies are only activated after you provide explicit consent via our cookie-consent banner. See Section 4 for full details.

💬

Communications Data

If you send us an email, respond to a message from us, or communicate via WhatsApp or any other channel, we retain a record of that correspondence. This includes your name, contact details, and the content of your messages. We do this to manage our business relationship, provide continuity of service, and comply with legal obligations to keep commercial records where required.

We do not collect any sensitive personal data — such as data revealing racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic or biometric data, health information, or data concerning a person's sex life or sexual orientation — and we have no business reason to do so. If you inadvertently include such information in a free-text message to us, we will treat it with the highest level of confidentiality and delete it from our systems once it is no longer needed to address your enquiry.

How We Use Your Information

Every use of your personal data at Sysout has a defined and documented purpose. We do not use your information for any purpose that is incompatible with why it was originally collected without first informing you and, where required, obtaining your consent. Specifically, we use the information we hold for the following purposes:

  • Responding to enquiries and proposals. When you submit a contact form or reach out to us, we use the information you provide to understand your needs, assess whether we can help, prepare a technical or commercial proposal, and communicate with you throughout that process.
  • Delivering contracted services. If you become a Sysout client, we use your contact and organisational information to manage the project, issue invoices, provide technical support, and fulfil our contractual obligations to you.
  • Improving our website. Aggregated, anonymised analytics data helps us identify which pages are performing well, where visitors encounter friction, and how to improve the overall experience for everyone. No individual profiling is carried out for this purpose.
  • Marketing and advertising. With your consent, we may use anonymised audience data and cookie-derived signals to display Sysout advertisements on Google platforms. We do not send unsolicited marketing emails without your prior consent, and every marketing email we send contains a clear and functioning unsubscribe link.
  • Legal and regulatory compliance. We retain certain transactional and contractual records for as long as legally required under Brazilian fiscal and commercial law (e.g., Lei 9430/1996, Código Civil Art. 206), regardless of any subsequent deletion request, where the law requires this.
  • Security and fraud prevention. Log data and IP information may be used to detect, investigate, and prevent unauthorised access, abuse, or other harmful activity directed at our website or infrastructure.

We will not sell, rent, or otherwise commercially exploit your personal data to any third party. Period.

Cookies & Tracking Technologies

Cookies are small text files stored on your device when you visit a website. They serve a range of functions, from keeping you logged into a service to helping website owners understand how visitors navigate their pages. Below we describe each category of cookie we use and explain how you can control them.

Category Purpose Examples Consent Required Retention
Strictly Necessary Enable core website functionality — session management, security tokens, and cookie-consent preference storage. The site cannot function correctly without these. Session ID, CSRF token, cookie-consent flag No (exempt under LGPD Art. 11 / GDPR Art. 6(1)(f)) Session or up to 12 months
Analytics Measure website traffic, understand user journeys, and identify pages that need improvement. Data is aggregated and anonymised. Google Analytics 4 (_ga, _gid) Yes Up to 14 months
Advertising & Remarketing Enable Google Ads conversion tracking and remarketing — allowing us to reach users who have previously visited our site with relevant advertising on Google's network. Google Ads (_gcl_au), Google Tag Manager Yes Up to 90 days
Preferences Remember settings you have applied to customise the website, such as language preference or display mode, so you do not need to reapply them on return visits. Language preference cookie Yes Up to 12 months
ℹ️

When you first visit sysout.site, a cookie-consent banner will appear explaining which categories of cookie we intend to use and asking for your permission for any non-essential categories. You can withdraw your consent at any time by clearing your cookies and revisiting the site, or by contacting us at contato@sysout.site. Withdrawing consent will not affect the lawfulness of any processing carried out before withdrawal.

Managing cookies in your browser. In addition to using our consent banner, you can control or delete cookies directly through your browser settings. The major browsers provide instructions for this: Chrome, Firefox, Safari, Edge, and Opera all expose cookie management under their respective privacy or settings menus. Be aware that blocking all cookies may impair some features of the site.

Google Analytics opt-out. You can prevent Google Analytics from measuring your visits by installing the Google Analytics Opt-out Browser Add-on. Google's own privacy policy governs how Google processes data collected through its products; we encourage you to review it at policies.google.com/privacy.

Sharing With Third Parties

We do not sell your personal data. We share it only where strictly necessary and only with parties bound by appropriate confidentiality and data-protection obligations. The following categories of third party may receive personal data for the purposes described:

  • Cloud & Hosting Providers. Our website and internal systems run on cloud infrastructure provided by reputable providers (including services hosted in Brazil, the EU, or the United States under Standard Contractual Clauses). These providers act as data processors and may only use your data to deliver the infrastructure services we have contracted.
  • Google LLC. We use Google Analytics and Google Ads for website analytics and digital advertising. Google processes anonymised or pseudonymised data in accordance with its Data Processing Terms and Privacy Policy. Google may also process data in the United States; this transfer is carried out under the EU-US Data Privacy Framework and equivalent protections for Brazilian data subjects.
  • Email & Communication Tools. We may use third-party email or CRM platforms to manage correspondence and store contact records. Any such platform is selected based on compliance with LGPD and GDPR and is bound by a data-processing agreement with Sysout.
  • Professional Advisors. Lawyers, accountants, and auditors who assist us in running our business may receive limited personal data where strictly necessary to provide their professional advice or to comply with their legal obligations. All such parties are bound by professional confidentiality obligations.
  • Authorities and Law Enforcement. We will disclose personal data to public authorities, courts, or law-enforcement agencies when we are legally required to do so, or when we believe in good faith that such disclosure is necessary to protect the rights, property, or safety of Sysout, its clients, or the public. We will, where legally permissible, notify you before making such a disclosure.

Where personal data is transferred outside of Brazil or the EEA, we ensure that appropriate safeguards are in place — such as adequacy decisions, Standard Contractual Clauses, or Binding Corporate Rules — consistent with the requirements of LGPD Art. 33 and GDPR Chapter V.

Data Retention

We keep your personal data only for as long as is necessary for the purpose for which it was collected, or for as long as we are required to retain it by applicable law. Our general retention schedule is as follows:

  • Contact form enquiries that did not result in a contract: Records are retained for up to 2 years from the date of the last communication, after which they are permanently deleted. This period reflects the statute of limitations for contractual claims under Brazilian law and allows us to reference past conversations if you return with a similar project.
  • Client project and contractual records: We retain contracts, project deliverables, invoices, and related correspondence for a minimum of 5 years from project completion, consistent with Brazilian fiscal law obligations (Lei 9430/1996 and related regulations). Certain records may be retained for up to 10 years where required by specific legal or regulatory obligations.
  • Website analytics data: Aggregated, anonymised analytics data is retained in Google Analytics for up to 14 months. Raw log files from our web server are retained for up to 90 days for security monitoring purposes, then automatically deleted.
  • Marketing consent records: Records of consent to marketing communications (including the date, time, and method of consent) are retained for the duration of our relationship with you plus 3 years, to demonstrate compliance if required.
  • Advertising and cookie data: Google Ads conversion data associated with your device is retained for up to 90 days. Remarketing audience data expires in accordance with the retention periods specified in Section 4.

When data reaches the end of its retention period, it is securely and irreversibly deleted from all our systems, including backup systems, within 30 days of the retention period expiring. Where data must be retained for legal reasons but is no longer needed for its original purpose, access to it is restricted to only those team members with a direct need.

Data Security

Protecting the personal data in our care is a technical and organisational priority at Sysout. As a technology company, we apply the same professional rigour to our own systems that we bring to the solutions we build for clients. Our security measures include:

  • Transport-layer encryption (TLS 1.2/1.3) on all connections to and from sysout.site, ensuring data transmitted between your browser and our servers cannot be intercepted.
  • Encryption at rest for databases and storage volumes that contain personal data, using industry-standard AES-256 encryption.
  • Access control based on the principle of least privilege — only team members who have a direct, documented need to access personal data are granted permission to do so, and all access events are logged.
  • Routine security reviews, including vulnerability scanning and penetration testing of our web infrastructure, carried out at least annually or following significant changes to our systems.
  • Staff awareness — all Sysout personnel who handle personal data receive training on data protection obligations and are bound by confidentiality obligations in their employment or service contracts.
  • Incident response procedures — in the event of a personal data breach that poses a risk to your rights and freedoms, we are prepared to notify the Brazilian Data Protection Authority (ANPD) within 72 hours of becoming aware of the breach (or the supervisory authority of your EEA member state, if applicable), and to notify affected individuals without undue delay where required.

No method of electronic transmission or storage is 100% secure. While we implement and maintain strong controls, we cannot guarantee absolute security. If you have reason to believe that your interaction with us is no longer secure, please contact us immediately at contato@sysout.site.

Your Rights

Under the LGPD and the GDPR, you have a meaningful set of rights over your personal data. We are committed to honouring these rights promptly and without unnecessary obstacles. Here is what you are entitled to and how each right works in practice:

Right of Access

You have the right to ask us whether we are processing your personal data, and if so, to receive a copy of that data along with information about how and why we are using it. This is sometimes called a Subject Access Request (SAR). We will respond within 15 days under LGPD (or 30 days under GDPR), free of charge, in a structured, readable format.

Right to Correction

If the personal data we hold about you is inaccurate, outdated, or incomplete, you have the right to ask us to correct or update it. Simply tell us what needs to change and we will act on it without delay.

Right to Deletion (Erasure)

You can ask us to delete your personal data where it is no longer necessary for the purpose it was collected, where you have withdrawn consent and we have no other legal basis for processing, or where we have processed it unlawfully. We will comply unless we are required by law to retain the data — in which case we will explain what we must keep and why.

Right to Object

You have the right to object at any time to our processing of your personal data for direct marketing purposes. You can also object to processing based on our legitimate interest, in which case we will stop unless we can demonstrate compelling legitimate grounds that override your interests, or the processing is necessary for legal claims.

Right to Restriction of Processing

In certain circumstances — for example, while a dispute about the accuracy of your data is being resolved — you can ask us to restrict how we process it. During a restriction, we may retain your data but will not actively use it except to store it or with your consent.

Right to Data Portability

Where processing is based on your consent or on a contract and is carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format (such as CSV or JSON) and to transmit it to another controller of your choosing.

Right to Withdraw Consent

Where we rely on your consent to process personal data (for example, to set analytics or advertising cookies, or to send you marketing messages), you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing that took place before you withdrew consent. You can withdraw by contacting us or adjusting your browser cookie settings.

Right to Lodge a Complaint

If you believe we have handled your personal data unlawfully, you have the right to lodge a complaint with the Autoridade Nacional de Proteção de Dados (ANPD) in Brazil (anpd.gov.br), or with the supervisory authority in your EEA country of residence or work, without prejudice to any legal remedies available to you.

How to exercise your rights. To make any of the requests described above, please email us at contato@sysout.site with the subject line "Data Subject Request" and include your full name and the specific right(s) you wish to exercise. We may need to verify your identity before we can act on your request — we will ask for the minimum information necessary for this purpose and will not use it for anything else. We will acknowledge your request within 5 business days and provide a substantive response within the timeframes prescribed by applicable law (15 days for LGPD, 30 days for GDPR, with a possible one-month extension for complex requests).

Children's Privacy

Sysout's website, services, and communications are directed exclusively at businesses and adult professionals. We do not knowingly market to, target, or solicit personal data from individuals under the age of 18. Our contact forms and service offerings presuppose that the person engaging with us has legal capacity to enter into commercial contracts.

If we become aware that we have inadvertently collected personal data from a person under 18 without appropriate parental or guardian consent, we will delete that information from our systems as quickly as practicable. If you are a parent or guardian and believe your child has submitted personal data to us, please contact us immediately at contato@sysout.site so we can investigate and take corrective action.

Changes to This Policy

Privacy law and best practice evolve, and so does the way we operate our business. We may update this Privacy Policy from time to time to reflect changes in the law, our data processing activities, the technologies we use, or feedback from users and regulators. When we make changes, we will update the "Last updated" date at the top of this page.

For material changes — that is, changes that significantly affect your rights or the way we process your data — we will provide more prominent notice. Where we have your email address and the change affects ongoing processing that you consented to, we will notify you by email before the change takes effect, giving you a reasonable opportunity to review the new terms and, if applicable, withdraw consent.

We encourage you to review this page periodically so you are always aware of our current practices. The version of this policy in effect at the time you provided your personal data to us governs how that data was processed; any new version governs data collected or processed after its effective date.

Contact Us & Data Controller Details

If you have any questions about this Privacy Policy, want to exercise any of your rights, wish to report a concern about how your data is being handled, or simply want to understand more about how we approach data protection, please reach out to us. We will always do our best to respond helpfully and in a timely manner.

For all data protection and privacy matters, the responsible entity and data controller is:

You may also write to us at the postal address above, clearly marking your correspondence "Privacy / Data Protection". For requests that involve verifying your identity before we can fulfil them, email is the fastest channel — it lets us respond, confirm receipt, and ask any clarifying questions efficiently.

If you are not satisfied with our response to a data protection concern, or if you believe we are processing your personal data unlawfully, you have the right to raise a complaint with Brazil's national data protection authority, the Autoridade Nacional de Proteção de Dados (ANPD), accessible at www.gov.br/anpd, or with the competent supervisory authority in your jurisdiction if you are located in the European Economic Area.

Questions About Your Data?

Our team responds to all privacy enquiries within 5 business days. Reach out — we're here to help.

Email Us Directly