Privacy Policy

Personal Data: information relating to an identified or identifiable natural person.

Sensitive Personal Data: data on racial or ethnic origin, religious or political beliefs, trade-union membership, health, sex life, genetic or biometric data linked to a natural person.

Data Subject: the natural person to whom personal data relates.

Controller: the entity that decides on the processing — in this case, Alquimia SEO.

Processor: the entity that processes data on behalf of the Controller (e.g., hosting, email and analytics providers).

Processing: any operation performed on personal data (collection, classification, use, access, transmission, storage, deletion, etc.).

Data Protection Officer (DPO): the person designated as the point of contact between Alquimia SEO, Data Subjects and the supervisory authority (ANPD in Brazil).

Account and contact data provided by the Data Subject: name, company, email, phone/WhatsApp, role.

Data about the analyzed environment provided by the Data Subject: URLs, domains, server addresses, technical credentials strictly required for the service, incident descriptions, logs, screenshots and files submitted for analysis.

Browsing data collected automatically: IP address, device identifiers, operating system, browser, pages visited, time on page, traffic source and access dates/times, collected via cookies and similar technologies.

Communication data: history of messages exchanged through official channels (email, WhatsApp Business, contact form).

Contractual and tax data: company name, registration numbers, address, bank details for invoicing, when applicable.

We avoid collecting sensitive data whenever possible. When unavoidable (e.g., data found incidentally during security analysis), we apply reinforced protection and controlled disposal.

Respond to inquiries received through our channels and provide pre-contractual information.

Deliver contracted services (security analysis, malware removal, hardening, monitoring, digital forensics and vulnerability remediation).

Comply with legal, regulatory, tax and accounting obligations.

Issue contracts, proposals, invoices and other documents required by the commercial relationship.

Communicate with the Data Subject on the status of analyses, reports, scheduling and support.

Improve site experience, security and overall service quality.

Send institutional and commercial communications (newsletters, security alerts, updates) under legitimate interest or consent, with opt-out in every message.

Prevent fraud, abuse and misuse of services, and regularly exercise rights in judicial, administrative or arbitration proceedings.

Consent: for marketing communications and non-essential cookies.

Performance of a contract or pre-contractual steps: for delivering contracted services and responding to quote requests.

Compliance with a legal or regulatory obligation: for retention of tax and accounting records and responses to authorities.

Legitimate interests: for site security, fraud prevention, aggregated audience measurement and service improvement, balanced against the rights and freedoms of Data Subjects (LIA — Legitimate Interest Assessment).

Regular exercise of rights in judicial, administrative or arbitration proceedings when necessary.

Alquimia SEO does not sell personal data. Sharing occurs only with processors that are essential to service delivery, contractually bound to comparable security and privacy standards.

Categories of processors: (i) cloud infrastructure and hosting; (ii) transactional and marketing email platforms; (iii) WhatsApp Business and customer-support tools; (iv) analytics and performance measurement; (v) payment processors and electronic invoicing; (vi) accounting and legal advisors.

International transfers: some processors operate infrastructure outside Brazil. We rely on the safeguards set by LGPD art. 33 (standard contractual clauses, adequacy guarantees or specific consent of the Data Subject, as applicable).

Sharing with authorities: data may be shared with competent authorities upon judicial order, legitimate administrative request or to comply with legal obligations.

Data is kept only for as long as needed to fulfill the purposes for which it was collected, following these reference periods: (i) leads and commercial contacts without contracting: up to 12 months from the last interaction; (ii) active clients: throughout the contractual relationship; (iii) inactive clients: up to 5 years after termination, for defense purposes; (iv) tax and accounting records: 5 years, in accordance with applicable law; (v) technical reports and evidence from security analyses: up to 24 months after delivery, unless the client expressly requests earlier disposal or extended retention.

After the retention period, data is securely erased or anonymized, except where preservation is required by legal or regulatory obligation.

You may, at any time and free of charge: (i) confirm the existence of processing; (ii) access your data; (iii) request correction of incomplete, inaccurate or outdated data; (iv) request anonymization, blocking or deletion of unnecessary, excessive or non-compliant data; (v) request portability; (vi) request deletion of data processed on the basis of consent; (vii) be informed about entities with whom we share data; (viii) be informed about the possibility of refusing consent and its consequences; (ix) withdraw consent; (x) request review of decisions made solely on the basis of automated processing, where applicable.

To exercise your rights, send your request to relationship@alquimiaseo.com, identifying yourself appropriately. We will respond as soon as possible, within a maximum of 15 days from the request, subject to justified extension under the LGPD.

If you are not satisfied with our response, you may file a complaint with the supervisory authority (ANPD in Brazil; your local supervisory authority in the EU).

As a cybersecurity company, we apply to ourselves the same standards we recommend to the market.

Technical measures: encryption in transit (TLS 1.2+) and at rest for sensitive data; role-based access control (RBAC) with least-privilege; multi-factor authentication on internal systems; segregation between production, staging and development environments; audit logs with controlled retention; backup routines with periodic restore testing; vulnerability scanning and continuous patching.

Organizational measures: internal information security policy; non-disclosure agreements (NDA) with employees and partners; regular privacy and security training; formal incident management process; due diligence on vendors processing data on our behalf.

No system is absolutely invulnerable. We commit to applying all reasonable efforts and industry best practices to prevent, detect and respond to security events.

If an incident occurs that may pose relevant risk or harm to Data Subjects, Alquimia SEO will trigger its internal response plan: immediate containment, technical investigation, impact assessment and remediation measures.

When applicable, we will notify the supervisory authority and affected Data Subjects within a reasonable timeframe — using the 2-business-day reference suggested by the authority — describing the nature of affected data, Data Subjects involved, technical and security measures adopted, and related risks.

We use strictly necessary cookies (session, security, load balancing) and occasionally analytical cookies to understand, in aggregate form, how the site is used.

You may configure your browser to block or warn about cookies at any time, knowing that some features may be limited.

Our services and website are not directed to minors under 18. We do not knowingly collect data from children. If undue collection is identified, we will promptly delete it.

The official channel for questions, requests, exercise of rights and incident communication regarding personal data is relationship@alquimiaseo.com.

This Policy may be reviewed and updated periodically. The version in force is the one published on this page, identified by the last-updated date above. Material changes will be communicated through official channels when applicable.