Privacy Policy

GIO Brain Tecnologia LTDA ("GIO", "we", "our" or "company") recognizes the importance of privacy and the protection of personal data.

This Policy aims to clarify how we process, store, and use information related to users of our platform and services.

The use of GIO implies full awareness and agreement with the terms described herein.

We are committed to following the principles of the Brazilian General Data Protection Law (LGPD - Law No. 13,709/2018), as well as best practices in data governance, security, and transparency.

GIO collects data automatically and voluntarily, according to platform usage.

2.1. Registration and Identification Data

• Full name, email, CPF or CNPJ (when applicable).
• Phone number, country, and language preference.
• Authentication data from linked accounts (Google, Meta, etc.).
• Subscription and plan information (Free, Pro, Specialist).

2.2. Advertising Account and API Data

• Information from Google Ads, Meta Ads, TikTok Ads, LinkedIn Ads, and other connected platforms.
• Data on campaigns, ads, ad groups, keywords, audiences, costs, conversions, CTR, CPC, CPA, ROAS, and other performance metrics.
• Access tokens and encrypted API credentials.
• API call logs and synchronization status.

2.3. Usage and Interaction Data

• Pages accessed, browsing time, clicks, searches, and preferences.
• Interface data: filters used, saved settings, language and theme selections.
• Interactions with AI features, prompts sent, and responses received.
• History of notifications, alerts, reports, and generated analyses.

2.4. Technical and System Data

• IP address, approximate location, device type, operating system, and browser.
• Network information, cookies, session identifiers, and cache preferences.
• System performance data, failures, error logs, and monitoring.

2.5. Payment and Billing Data

• Billing and subscription data via Stripe, Pix, or credit card (processed by certified third parties).
• Payment history, invoices, and transactions.
• Client identifiers, transaction IDs, and contracted plan records.

2.6. Communication and Support Data

• Messages sent via chat, email, or forms.
• Request records, tickets, responses, and support history.
• Audio, screenshots, videos, or attachments voluntarily submitted.

2.7. Derived or Inferred Data

• Statistical indicators derived from behavior and usage.
• Account groupings by performance pattern (machine learning).
• Predictive metrics, trends, and scores generated by GIO's AI.

Data collection and use have the following purposes:

1. Contractual and technical execution of platform services.
2. Training, evaluation, and continuous improvement of GIO's proprietary neural networks and algorithms, in an anonymized and aggregated manner.
3. Statistical analysis and generation of performance reports to improve user results.
4. Personalization of user experience, adjusting recommendations, dashboards, and interface according to behavior.
5. Security, authentication, and fraud prevention, including access auditing and detection of misuse.
6. Administrative communications, such as maintenance notices, alerts, and updates.
7. Compliance with legal, fiscal, and regulatory obligations.
8. Development of new products, features, and internal testing.

Collected data may be used in an anonymous and aggregated manner for the development, validation, and improvement of GIO's neural networks and decision models.

These models learn from behavioral patterns and campaign results to:

• Improve performance predictions;
• Adjust automatic recommendations;
• Detect anomalies and optimization opportunities;
• Learn new relationships between metrics and results.

GIO does not use individualized personal information to train models without anonymization.

Data may be shared with:

• Technical service providers, such as cloud servers (AWS, Supabase, Google Cloud), authentication providers, and payment processors.
• Integration partners, such as Google, Meta, and other APIs necessary for operation.
• Government authorities, upon court order or legal obligation.
• Companies within the same economic group or research partners, in an anonymized and aggregated manner.

Data is stored in secure data centers, with encryption at rest and in transit (TLS 1.2+), automatic backups, and strict access control.

GIO processes data based on the following legal bases under the Brazilian General Data Protection Law (LGPD):

• Contract execution (art. 7, V);
• Compliance with legal or regulatory obligations (art. 7, II);
• Legitimate interest of the company, for service improvement, security, and AI development (art. 7, IX);
• Consent of the data subject, when required by applicable legislation.

We adopt robust technical and organizational measures to protect data:

• Token and password encryption.
• Firewalls and multi-level access control.
• Continuous incident monitoring.
• Periodic compliance audits.
• Security logs and event traceability.

Despite all efforts, no system is 100% immune to failures. GIO is not responsible for damages caused by third parties, viruses, intrusions, force majeure, or failures beyond the company's control.

Data will be stored as long as:

• The contract is active;
• Legal or regulatory obligations exist;
• There is a legitimate need for preservation for technical or security reasons.

After this period, data may be permanently anonymized for statistical use and machine learning, without the possibility of identification.

GIO is not responsible for losses resulting from improper use of the platform by the user, including:

• Automated actions executed without review;
• Incorrect data entered by the user;
• Failures in external integrations (Google Ads, Meta Ads, etc.);
• Decisions based on predictions, recommendations, or reports generated by the AI.

The user is fully responsible for verifying and validating executed actions, especially those that impact campaigns, budgets, and advertising accounts.

The data subject may:

• Request access, rectification, portability, and deletion;
• Revoke consent;
• Request anonymization;
• Question the use of their data.

This Policy may be changed at any time to reflect improvements, legal, or technical changes.

The current version will always be available at https://giobrain.com.

Continued use of the services implies agreement with the most recent versions.