Privacy Policy

1. PARTIES

1. Didata Tecnologia Ltda., a private legal entity registered under CNPJ no. 60.643.880/0001-46, headquartered in Belo Horizonte, Minas Gerais, hereinafter referred to as "Didata" or the "Platform";
2. User, an individual over 18 years old or a minor represented by a legal guardian, duly registered on the Platform.

2. PURPOSE

This Policy describes how Didata collects, uses, stores, shares, and protects personal data when the User accesses the educational digital application that uses Artificial Intelligence resources to generate study content and automatically evaluate activities.

3. Personal Data Collected

Note: The Platform is not intended for minors under 18 without consent from legal guardians. Irregular accounts may be blocked.

4. Purposes of Processing

1. Create and manage the User account and authenticate access;
2. Generate personalized educational content and evaluate activities with AI;
3. Monitor performance, analyze learning metrics, and improve features;
4. Comply with legal and regulatory obligations;
5. Send institutional communications, satisfaction surveys, and marketing campaigns, always with opt-out;
6. Prevent fraud and maintain information security.

5. Google Calendar Data

When the User chooses to connect Google Calendar, Didata requests the https://www.googleapis.com/auth/calendar.events.owned permission to create, view, change, and delete events on Google calendars owned by the User. The connection is optional and occurs only after authorization through Google's consent flow.

Didata uses data received from Google Calendar only to provide and improve the visible user-facing feature that syncs the study plan with the User's calendar. This includes creating study blocks, updating the times, descriptions, and statuses of those blocks, and removing events created by Didata when the User disables the integration, deletes a plan, or deletes the account.

Didata may store identifiers of events created in Google Calendar, start and end times, time zone, title, description, synchronization status, last synchronization date, synchronization errors, and metadata needed to match the study plan in the Platform with events in Google Calendar. Didata may also store authorization metadata needed to maintain the connection with the Google account while the integration is active.

Didata does not use Google Calendar data for advertising, retargeting, personalized ads, sale of data, credit analysis, or any purpose unrelated to study-plan synchronization. Didata does not sell data received from Google APIs and does not transfer that data to third parties except when necessary to provide or improve the feature requested by the User, comply with legal obligations, protect the security of the Platform, or with the User's explicit consent.

Human access to data received from Google Calendar is restricted to situations where the User gives affirmative authorization, where access is necessary to investigate abuse, bugs, or security incidents, to comply with legal obligations, or where the data is aggregated and used for internal operations in accordance with applicable law.

Didata's use and transfer of raw or derived user data received from Google Workspace APIs will adhere to the Google API Services User Data Policy , including the Limited Use requirements .

6. Legal Bases (LGPD, art. 7)

7. Data Sharing

Didata does not sell personal data or share it for third-party marketing without specific consent.

• Data processors (hosting, transactional email, analytics) bound by contracts with confidentiality and security clauses;
• Public authorities when required by court order or legal obligation;
• International transfers only to countries with an adequate level of protection or under standard contractual clauses.

8. Cookies and Tracking Technologies

The Platform uses essential, analytics, and functional cookies. The User may configure the browser to block non-essential cookies, understanding that some features may become unavailable.

9. Data Subject Rights

1. Confirm the existence of processing;
2. Access personal data;
3. Correct incomplete, inaccurate, or outdated data;
4. Request anonymization, blocking, or deletion of unnecessary, excessive, or unlawfully processed data;
5. Request portability to another service provider;
6. Withdraw consent and request deletion of data processed on that basis;
7. Obtain information about the entities with which Didata shared data.

10. Information Security

Didata adopts technical and administrative measures proportionate to the risk, including encryption of data in transit and at rest, access control with strong authentication, continuous vulnerability monitoring, periodic backups, and incident response procedures, with notice to the ANPD and data subjects when required.

11. Retention and Deletion

Data is stored for as long as necessary to fulfill the purposes described above or comply with legal obligations. After the relationship ends or the legal term expires, data is deleted or anonymized.

12. Marketing Communications

Promotional messages may be sent based on legitimate interest or consent, always including an opt-out mechanism. Withdrawal does not affect essential transactional messages, such as password reset emails.

13. Support Channel

Questions or requests should be sent to contato@didata.ai.

14. Changes to this Policy

Didata may update this Policy at any time. Material changes will be communicated through the registered email or a notice on the Platform. Continued use after publication implies acceptance.

15. Governing Law and Venue

This Policy is governed by the laws of the Federative Republic of Brazil, especially the LGPD and the Brazilian Internet Civil Framework. The courts of Belo Horizonte, Minas Gerais, are elected to settle disputes.