Privacy and Data Protection Policy
Última atualização: 06 de julho de 2026
1. Who We Are — Data Controller
Legal name: CUBO9 SOLUCOES EM TECNOLOGIA DA INFORMACAO E SERVICOS LTDA
Brazilian Tax ID (CNPJ): 14.982.217/0001-59
Business: Custom software development, web systems, mobile applications and technology consulting.
Address: Rua do Futuro, 564 CP2098, Graças, Recife/PE — ZIP 52050-005, Brazil
General contact: contato@cubo9.com.br
Data Protection Officer (DPO): Wagner Santos
DPO contact: dpo@cubo9.com.br
The Data Protection Officer is the official point of contact for exercising your rights, clarifying questions and reporting incidents. We respond within 15 business days.
2. Data We Collect
a) Data you provide
- Full name
- Email address
- Phone number / WhatsApp
- Company name and job title
- Message submitted through contact forms
- Any other information you choose to share voluntarily
b) Data collected automatically
- IP address and device identifiers
- Browser type, operating system and device
- Pages visited, time spent and navigation flow
- Traffic source (organic, paid, social media, direct)
- Approximate geolocation (country, state, city)
- On-site interaction events (clicks, forms started, conversions)
- Advertising campaign identifiers (UTMs, Google Ads and Meta Ads click IDs)
We do not intentionally collect sensitive personal data, such as health information, religion, sexual orientation or political opinions.
3. How We Use Your Data and Legal Bases
All personal data processing is grounded in one of the legal bases established by Brazil’s General Data Protection Law (LGPD, Law No. 13,709/2018):
| Purpose | Legal basis (LGPD Art. 7) | Detail |
|---|---|---|
| Responding to enquiries and messages submitted through the site | Legitimate interest (item IX) | Reasonable expectation of the data subject when submitting the form |
| Delivering and managing contracted services | Contract performance (item V) | Required to fulfil contractual obligations |
| Sending technical communications about our services | Contract performance (item V) | Updates, alerts and support directly related to the contract |
| Sending commercial and institutional communications | Consent (item I) | Only upon explicit opt-in; opt-out available at any time |
| Site analytics, performance improvement and paid campaigns | Consent (item I) | Via Google Analytics, GTM and Meta Pixel — managed through the cookie banner |
| Platform security and fraud prevention | Legitimate interest (item IX) | Low impact on the data subject; prevails over individual interest |
| Compliance with legal and regulatory obligations | Legal obligation (item II) | Tax, labour, judicial and regulatory requirements |
4. Data Sharing
Your data may be shared in the following situations, always on a proportionate and necessary basis:
- Technology service providers and hosting infrastructure
- Marketing automation and email platforms: RD Station and SendGrid (servers in the US — see §5)
- Analytics and advertising tools: Google Analytics, Google Tag Manager and Meta Pixel (servers in the US and EU — see §5)
- Partners directly involved in delivering contracted services
- Public authorities, regulatory or judicial bodies, when required by law
All suppliers act as data processors and are bound by contractual obligations compatible with the LGPD, including a Data Processing Agreement (DPA) signed with each of them.
Cubo9 does not sell, rent or otherwise commercialise personal data of any kind to third parties.
5. International Data Transfers
Some suppliers store or process data outside Brazil. International transfers carried out by Cubo9 are covered by the following mechanisms, pursuant to Art. 33 of the LGPD:
- Standard data protection contractual clauses entered into with each supplier (Art. 33, II)
- Recognition by the ANPD of the destination country’s adequate level of protection, where applicable (Art. 33, I)
Suppliers with servers outside Brazil: Google LLC (US), Meta Platforms Inc. (US/EU), Resultados Digitais — RD Station (Brazil, with sub-processors in the US) and Twilio — SendGrid (US).
6. Cookies and Similar Technologies
Our website uses cookies and similar technologies (pixels, tags) for operational, analytics and advertising purposes:
| Type | Purpose | Examples |
|---|---|---|
| Essential | Core site functionality, session management, security | WordPress session cookie, language preference cookie (cubonove_lang) |
| Performance / Analytics | Measure audience, pages visited, time spent, traffic source | Google Analytics 4 (_ga, _gid) |
| Functionality | Remember user preferences (language, cookie consent) | Google Tag Manager (_gtm*), consent preferences |
| Advertising / Marketing | Measure conversions from paid campaigns, create remarketing audiences | Meta Pixel (_fbp, _fbc), Google Ads (IDE, _gcl_au) |
For non-essential cookies (analytics, functionality and advertising), we ask for your consent through the banner displayed on your first visit. You can change or revoke your preferences at any time by clicking “Cookie Settings” in the site footer.
You can also manage cookies through your browser settings. Disabling certain cookies may affect site functionality.
Google Analytics 4 is configured with IP anonymisation (_anonymizeIp) enabled. Meta Pixel honours the consent settings managed through Google Tag Manager.
7. Your Rights
Under Art. 18 of the LGPD, you may exercise the following rights at any time:
- Confirmation that your data is being processed
- Access to your personal data
- Correction of incomplete, inaccurate or outdated data
- Anonymisation, blocking or deletion of unnecessary or unlawfully processed data
- Data portability to another service provider (subject to ANPD regulation)
- Deletion of data processed on the basis of consent, except where legal grounds for retention apply
- Information about entities with which your data has been shared
- Information about the possibility of withholding consent and the consequences of doing so
- Withdrawal of consent at any time, without prejudice to the lawfulness of prior processing
To exercise your rights, send a request to dpo@cubo9.com.br, identifying yourself and describing the right you wish to exercise. We will respond within 15 business days.
You also have the right to lodge a complaint with the Brazilian National Data Protection Authority (ANPD — www.gov.br/anpd) if you believe this Policy or the LGPD has been breached.
8. Data Security
We adopt appropriate technical and organisational measures to protect personal data against unauthorised access, loss, alteration, disclosure or destruction, including:
- Data encryption in transit (TLS/HTTPS)
- Role-based access control (RBAC) for internal systems
- Access log and security event monitoring
- Confidentiality agreements with staff and suppliers
While we apply security best practices, no system is entirely immune to risk. Should a security incident occur that may cause relevant risk or harm to data subjects, we will notify the ANPD and affected individuals within a reasonable timeframe, pursuant to Art. 48 of the LGPD, and take the necessary corrective action.
If you suspect any misuse of your data, contact our DPO immediately: dpo@cubo9.com.br.
9. Data Retention
We retain personal data only for as long as necessary to fulfil the purposes described in this Policy, observing applicable legal minimum retention periods:
| Data category | Retention period |
|---|---|
| Contact form data (enquiries that did not convert into clients) | 2 years |
| Client data during and after the contract term | Duration of contract + 5 years (civil statute of limitations, Brazilian Civil Code Art. 206) |
| Navigation data and access logs | 6 months (Brazilian Internet Act — Marco Civil da Internet, Art. 15) |
| Tax, accounting and fiscal data | 5 years (Brazilian tax legislation) |
| Commercial communications and emails | 5 years |
Once the applicable period has elapsed, data is securely deleted or anonymised, unless there is a legal obligation to retain it.
10. Links to Third-Party Sites
Our website may contain links to third-party sites, platforms or applications. Cubo9 is not responsible for the privacy practices of those external environments. We recommend reading the privacy policy of each site you visit.
11. Minors
Our services are intended exclusively for legal entities and professionals aged 18 or over. We do not intentionally collect data from minors. Should we identify that data from a minor has been provided without appropriate consent, we will delete it immediately.
12. Changes to This Policy
We may update this Privacy Policy periodically as a result of legal, technological or operational changes. The most recent version will always be available on our website (cubo9.com.br), with the date of the last update shown at the top of the document.
Significant changes will be communicated by email to registered data subjects with at least 15 days’ notice.
13. Contact and DPO Channel
For questions, requests, complaints or incident reports related to privacy and data protection, contact the Data Protection Officer (DPO):
Data Protection Officer: Wagner Santos
Email: dpo@cubo9.com.br
Company: CUBO9 SOLUCOES EM TECNOLOGIA DA INFORMACAO E SERVICOS LTDA
Brazilian Tax ID (CNPJ): 14.982.217/0001-59
Address: Rua do Futuro, 564 CP2098, Graças, Recife/PE — ZIP 52050-005, Brazil
Response time: up to 15 business days from receipt of the request.