DavitAI Privacy Policy

1. Introduction and Scope

This Privacy Policy describes how DavitAI collects, uses, shares, stores, and protects the personal data of users, site visitors, paying customers, partner agencies, and job applicants. It applies to all official DavitAI surfaces: davitai.com, app.davitai.com, admin.davitai.com, public APIs, email communications, and any other integration identified with the DavitAI brand.

DavitAI is a Brazilian AI agent platform for content creators. We operate in compliance with the Brazilian General Data Protection Law (Law 13,709/2018 — LGPD), the European General Data Protection Regulation (GDPR — Regulation (EU) 2016/679), and, where applicable to California residents, the California Consumer Privacy Act (CCPA/CPRA).

Last updated: 8 June 2026. We recommend reading this together with the Terms of Use and the LGPD Rights guide.

2. Data We Collect

We collect only what is strictly necessary (minimisation principle). Categories include:

We do not deliberately collect sensitive data (Art. 5, II of the LGPD). If you share sensitive information in agent prompts (racial origin, political opinion, health, biometric data), it will be processed only for immediate job execution and discarded according to our retention policy.

3. How We Use Your Data (Purposes)

Your data is processed strictly for:

DavitAI grounds each processing activity on one of the bases in Art. 7 of the LGPD (and the equivalent Art. 6 of the GDPR):

5. Sharing with Processors and Third Parties

DavitAI does not sell, rent, or trade personal data. We share exclusively with processors that perform services essential to the platform, under a data processing agreement (DPA) and protection clauses equivalent to the LGPD/GDPR:

The complete, up-to-date list of subprocessors is available on request from the DPO.

6. Your Rights as a Data Subject

Under the LGPD, GDPR, and CCPA, you have broad rights over your personal data — all of which can be exercised free of charge:

To exercise any right, email davitai@davitai.com or consult the detailed guide at /en/legal/lgpd. Response within 15 business days.

7. Data Retention

We follow specific periods per category, always justified by the purpose:

8. Security Measures

We implement technical and organisational controls aligned with the state of the art:

In the event of a personal-data incident, we will notify the ANPD and affected subjects within the LGPD time limits (Art. 48) and the GDPR (Art. 33 — 72 hours).

9. International Data Transfers

Running DavitAI involves necessary and protected international transfers:

All transfers follow Chapter V of the LGPD and Chapter V of the GDPR.

We use essential cookies (session, authentication, CSRF) without requiring consent. Analytics cookies (Google Analytics 4 configured with Consent Mode v2) and marketing cookies require explicit consent via the banner. You can review and revoke your choices at any time by clicking the Cookies link in the page footer.

Full detail of cookies, purpose, duration, and provider is available within the banner interface.

11. Children’s Privacy

DavitAI is not directed at children under 13. In compliance with the US COPPA (Children’s Online Privacy Protection Act) and Art. 14 of the LGPD, we do not deliberately collect data from minors. For users aged 13 to 18 we require consent from a legal guardian. If we identify a minor’s account without authorisation, the account is removed and the data deleted.

12. Changes to This Policy

This Policy may be updated periodically. Material changes (change of purpose, new significant subprocessor, change of retention) will be communicated by email with at least 15 business days’ notice. The date of the last update appears at the top of this page, and previous versions are archived on request from the DPO.

13. Data Protection Officer (DPO) Contact

For all matters relating to privacy, data protection, or exercising rights:


Related links: LGPD Rights · Terms of Use · Contact · About DavitAI · Available agents.