Privacy policy
Last updated: April 18, 2026
1. Data we collect
We collect only what's needed to run VVAio: business info (name, tax ID, contacts), conversation data (messages, phone numbers, emails of your customers who chat with the bot), payment data (processed by Asaas, never stored on our servers), and platform usage metrics.
2. How we use your data
We use your data to deliver the service you hired, train your bot's tone of voice (scoped to your tenant — never cross-tenant), process payments, catch fraud, and meet legal duties. We never sell it or share it with third parties for marketing.
3. Where your data lives
Stored on Supabase servers in sa-east-1 (São Paulo, Brazil). Encryption at rest (AES-256) and in transit (TLS 1.3). Daily backups kept for 30 days. No data leaves Brazil without explicit consent.
4. Your rights (LGPD)
You have the right to access, correct, export, or delete your personal data at any time. The My Data panel gives you direct access. Manual requests are handled within 15 business days, as LGPD requires.
5. How long we keep it
Conversations: 365 days. Customers: while your account is active. Orders and invoices: 1,825 days (5 years, fiscal requirement). Auth data: up to 90 days after account deletion.
6. Reach our DPO
Questions about privacy? Our Data Protection Officer (DPO) replies within 72h: dpo@vvaio.com.br · Priority service for data subjects.