PRIVACY POLICY.

This Policy applies to all personal data processed by our advertising consulting company — including business clients who commission advertising strategy, media planning or campaign consulting, individual project contacts at those businesses, website visitors and anyone whose data is processed in connection with our consulting activities. Our services are purely B2B — we work with brands and businesses, not directly with end consumers.

• Client identification data: Company name, CNPJ and the name, role, phone number and email of the responsible contact or marketing director at the commissioning business.
• Campaign and brand data (client-provided): Brand strategy documents, campaign briefs, creative materials, audience data, competitive intelligence and all commercial and marketing information provided by the client for the purpose of the advertising consulting engagement. This data is treated as commercially confidential.
• Consumer research data (project-specific): Where an advertising consulting project requires analysis of consumer data provided by the client — for example, CRM segments, customer profile data or research findings — we process this data as operador on the client's instructions, within the consulting scope.
• Billing data: Company name and CNPJ for NFS-e issuance — in compliance with SEFAZ-SP and ISS/Prefeitura de Santana de Parnaíba requirements.
• Contact and enquiry data: Messages via WhatsApp, telephone or online form.
• Technical website data: IP address, browser type, pages visited and access times.

• Client businesses (strategy outputs): Advertising strategies, campaign briefs, media plans and all consulting deliverables are provided to the commissioning client — this is the purpose for which the service was engaged.
• Creative agencies and media vendors (client-instructed): Where a consulting engagement involves working alongside the client's advertising agency or media supplier — strategy documents or briefs are shared with those parties only as instructed by the client.
• SEFAZ-SP / Receita Federal: Tax data for NFS-e issuance and applicable federal and state tax compliance.
• Prefeitura de Santana de Parnaíba (ISS): For ISS/ISSQN obligations on advertising consulting service activities.
• PROCON-SP: When required in a consumer dispute mediation under the CDC.
• Legal authorities: When required by a competent judicial or administrative order.

We do not share client brand strategies, campaign briefs, creative materials or competitive intelligence with any third party without explicit client authorisation.

Our advertising consulting activities operate primarily within Brazil. Primary storage of client and project data is in Brazil. Any technology platforms used for project management, communication or document storage that operate on international servers do so only under the guarantees of Art. 33 of the LGPD or recognised adequacy mechanisms.

• NFS-e and fiscal records: Minimum 5 years under federal and state tax legislation (CTN, Art. 174; SEFAZ-SP).
• Client contract and project records: Duration of the client relationship plus 5 years for contractual, fiscal and dispute documentation.
• Campaign and brand data (client-provided): Retained during the active engagement period. On termination of the client relationship, campaign materials and brand documents are returned to the client or deleted as instructed — unless required for dispute documentation within the applicable periods.
• Consumer research data (operador): Retained only for the duration of the specific project scope. Deleted or returned on project completion per the client's instruction.
• Contact and enquiry data: Up to 1 year from last interaction if no project was commissioned.
• Website analytics: Aggregated and anonymised after 12 months.

• Client brand strategy, campaign briefs and creative materials accessible only to the consulting principals directly engaged on the project;
• Campaign and brand data never shared with other clients or third parties without explicit written client authorisation;
• WhatsApp and email project communications handled with discretion;
• Encryption in transit (HTTPS) for website and digital communications;
• PCI-DSS certified payment platforms — card data never retained;
• As a Ltda, formal internal data handling and access control protocols maintained;
• Incident response procedures and breach notification per LGPD Art. 48.

• Confirmation and Access (Art. 18, I–II): Confirm whether we hold your data and receive a copy.
• Correction (Art. 18, III): Request correction of inaccurate data.
• Anonymisation / Blocking / Deletion (Art. 18, IV): Request restriction or deletion — subject to fiscal and contractual retention obligations.
• Portability (Art. 18, V): Receive your data in a structured format.
• Deletion of consent-based data (Art. 18, VI): Request deletion of data processed by consent.
• Information on sharing (Art. 18, VII): Find out which entities your data has been shared with.
• Withdrawal of Consent (Art. 8º, §5º): Withdraw consent at any time.
• Complaint to the ANPD (Art. 18, §1º): Lodge a complaint at www.gov.br/anpd.

We respond within 15 business days.

Our website may use cookies for essential functionality and aggregated performance analysis. We do not use behavioural tracking cookies for advertising without prior consent — consistent with our commitment to transparent advertising practices. Preferences can be managed through browser settings.

Our advertising consulting services are engaged by businesses — adults acting in a professional capacity. We do not intentionally collect personal data from children under 13. Where advertising campaigns we consult on are intended to reach or involve minors, we advise clients on the applicable legal and CONAR requirements for advertising directed at children under the Brazilian advertising self-regulation code and applicable consumer protection law.

In our own right, we do not collect sensitive personal data as defined in LGPD Art. 5º, II. Consumer research or audience data provided by clients for analysis may in some cases include sensitive categories — for example, health-related data in pharmaceutical advertising contexts, or financial data in fintech campaign planning. In such cases, we apply the heightened handling requirements of LGPD Art. 11 and require the client to confirm the applicable legal basis before we engage with that data.

All advertising activities we consult on comply with CONAR self-regulation principles — honesty, respect for the consumer, truthfulness and social responsibility in advertising. We will not consult on campaigns that violate these principles regardless of client instruction.

This Policy may be updated to reflect changes in our activities, the LGPD, ANPD guidance, CONAR regulations or applicable tax legislation. Material changes will be communicated via our website or directly to active clients by email or WhatsApp.

All privacy requests, questions and complaints should be directed to our Data Protection Officer (Encarregado — LGPD Art. 41):