Privacy Policy

Operforma
CNPJ (company tax ID): 43.945.657/0001-34
Email: contact@operforma.com
Website: operforma.com

Operforma is classified as a Small-Scale Processing Agent (Agente de Tratamento de Pequeno Porte, ATPP) under CD/ANPD Resolution No. 2/2022, operating under the simplified regime provided for smaller-scale agents.

When you contract the RAD (Revenue Architecture Document), we use exclusively data that you yourself have made public to promote your business:

• Full name and CNPJ (when you operate as a MEI or sole proprietor)
• Social media profiles (Instagram, Linktree, and similar) and your own website
• Mentions and references about your business found on the web
• Revenue and commercial-structure analysis derived from these public sources

We do not collect sensitive data — health, biometrics, religion, ethnicity, or political belief (Art. 5, II, LGPD). We do not scrape private profiles or use third-party data unrelated to your business.

All data is information that you yourself have made public — published on social media and other digital channels to promote your professional activity.

The LGPD permits using this data for the same purpose for which it was published, without requiring new consent, as long as the original context is respected (Art. 7, §3 and §4). In Operforma's case: you published it to attract clients; we use it to diagnose that same business, at your request.

We do not sell or transfer your data. We share it only with the technical processors essential to provide the service:

• Anthropic (USA) — natural language processing to generate the diagnosis
• Perplexity AI (USA) — enriched research of public sources
• Netlify (USA) — hosting of the website and the RAD delivery pages
• Resend (USA) — sending transactional emails

Each processor follows its own data protection policies, compatible with the purposes declared here. International transfers follow the safeguards provided for in Art. 33 of the LGPD.

• RAD delivery: your report is delivered as an HTML page encrypted with AES-256-GCM (Advanced Encryption Standard, 256 bits). The content is decrypted only in your browser — no readable text remains on the hosting servers.
• Access link: token generated with UUID v4 (122 bits of randomness — Universally Unique Identifier) and valid for 14 days, sent directly to you through a secure channel.
• In transit: HTTPS (Hypertext Transfer Protocol Secure) required on all connections.
• In the source code: personal data is not stored in plain text in any code repository.
• Working files: kept out of version control and deleted in accordance with the retention policy below.

At any time you may request, by email (contact@operforma.com):

• Confirmation and access — to know whether we process your data and receive a copy
• Correction — to correct inaccurate or incomplete data
• Deletion — to request the deletion of your data (subject to minimum legal retention periods)
• Portability — to receive your data in an open format (PDF or JSON)
• Withdrawal of consent — when the processing is based on consent (for example: use as a case study), you may withdraw it at any time; this does not affect prior processing based on a contract
• Information about sharing — to know with which entities your data is shared

We respond within 15 calendar days (Art. 18, LGPD).

In the event of an incident that may cause relevant risk or harm, Operforma will notify the ANPD within 6 business days and inform the affected data subjects at the same time, in accordance with CD/ANPD Resolution No. 15/2024.

Relevant changes will be communicated by email at least 10 days in advance. The effective date at the top of this page always indicates the version in use.

To exercise your rights, ask questions, or file a complaint:

contact@operforma.com

If you are not satisfied with our response, you may turn to the ANPD (National Data Protection Authority) — the federal public body that oversees data protection in Brazil: gov.br/anpd.