Privacy Policy — CuritaTech

1. Introduction

CuritaTech Soluções em Informática LTDA ("we", "our", or "us"), registered under CNPJ 47.581.978/0001-58, with its principal place of business at R. João Guntowski, 70, Capão da Imbuia, Curitiba - PR, 82810-220, is committed to protecting your privacy and personal data.

This Privacy Policy describes how we collect, use, store, and share your personal information in compliance with Brazil's General Data Protection Law (Lei Geral de Proteção de Dados — LGPD, Law No. 13.709/2018) and other applicable regulations. As an IT services provider, we take particular care in handling client data that may be stored on devices and systems we service.

2. Data We Collect

Identification data: full name, CPF/CNPJ
Contact data: email address, phone number, physical address
Service data: device specifications, diagnostic reports, repair history, and service notes
Network data: network topology documentation, configuration records, and access credentials provided for service purposes
Account credentials: system passwords and access credentials temporarily provided by clients for service execution
Client system data: data stored on devices and systems under our care during repair, maintenance, or migration
IT contract data: support agreement terms, SLA specifications, and maintenance schedules
Payment data: billing information processed through secure payment systems
Fiscal data: information required for NFS-e and tax compliance
Navigation data: IP address, browser type, cookies, access logs

3. How We Use Your Data

Performing computer diagnostics, repairs, and hardware upgrades
Designing, deploying, and maintaining network infrastructure
Configuring cloud services, backup systems, and disaster recovery solutions
Conducting security audits, firewall setup, and cybersecurity implementations
Providing remote and on-site technical support
Processing payments and issuing invoices (NFS-e)
Complying with consumer protection obligations and applicable regulations

4. Legal Basis for Processing

Performance of a contract or preliminary procedures related to a contract
Consent provided by the data subject
Compliance with legal or regulatory obligations
Legitimate interests of the controller, provided fundamental rights are preserved

Data stored on client devices and systems that come into our possession during service is treated with the highest level of confidentiality. We do not access, copy, read, or use client data beyond what is strictly necessary for the requested service. Access credentials provided by clients are used exclusively for service execution and are securely deleted upon service completion. Network configurations, topology maps, and security architecture are treated as highly sensitive and are never disclosed to unauthorized parties. All technical staff are bound by confidentiality agreements.

5. Data Sharing

Hardware manufacturers for warranty claims and authorized repair procedures
Software vendors for licensing and activation support
Cloud service providers for migration and hosting as directed by the client
Payment processors for secure transaction handling
Tax authorities as required by fiscal regulations
Government authorities when required by law

We do not sell, rent, or trade your personal data or any data from client systems to third parties for any purpose. Client system data is never accessed for purposes beyond the contracted service. All data sharing is conducted in compliance with the LGPD.

6. Data Retention

Personal data will be retained only for as long as necessary to fulfill the purposes described in this policy, or as required by applicable law. Service records and diagnostic reports are retained for the applicable consumer protection warranty period. Access credentials provided by clients are securely deleted immediately upon service completion. Client data on devices under repair is not retained beyond the service period; data recovery outputs are delivered to the client and securely deleted from our systems. IT support contract data is retained for the contract duration plus applicable statutory periods. Transaction and fiscal data are retained as required by tax regulations.

7. Your Rights

Under the LGPD, you have the following rights:

Confirmation of the existence of data processing
Access to your personal data
Correction of incomplete, inaccurate, or outdated data
Anonymization, blocking, or deletion of unnecessary or excessive data
Portability of data to another service provider
Deletion of data processed with your consent
Information about entities with which your data has been shared
Information about the possibility of denying consent and its consequences
Revocation of consent

To exercise any of these rights, please contact us using the information in Section 10.

8. Cookies

Our website may use cookies and similar technologies to enhance your browsing experience. You may configure your browser to refuse cookies; however, some features may not function properly without them.

9. Data Security

We implement rigorous technical and organizational measures to protect all data under our control. Client devices in our possession are stored in secure, access-controlled areas. Credentials are stored in encrypted password management systems and purged after use. Data recovery operations are performed in isolated environments. Network documentation and security configurations receive enhanced access restrictions. All staff handling client data are bound by non-disclosure agreements. Despite our efforts, no method of electronic transmission or storage is completely secure.

10. Contact Information

CuritaTech
CuritaTech Soluções em Informática LTDA
CNPJ: 47.581.978/0001-58
R. João Guntowski, 70, Capão da Imbuia
Curitiba - PR, 82810-220
Brazil

11. Changes to This Policy

We reserve the right to update this Privacy Policy at any time. Any changes will be posted on this page with a revised "Last updated" date.