Privacy Policy
1. Introduction
Davit (“we”, “our”) is the data controller for personal data collected through the Davit platform. This Privacy Policy describes how we collect, use, store, and protect your information, in compliance with the Brazilian General Data Protection Law (Law 13,709/2018 — LGPD).
Data controller: Davit (CNPJ to be registered)
2. Data Collected
We collect the following types of data:
- Registration data: name, email address, and password (stored in encrypted form).
- Usage data: agents used, execution history, credits consumed, access times, and configuration preferences.
- Payment data: processed directly by Stripe, Inc. We do not store credit card data on our servers.
- Cookies: essential cookies for session maintenance and, with consent, analytics cookies.
- Technical data: IP address, browser type, operating system, and device used.
3. Purpose of Processing
Your data is processed for the following purposes:
- Service operation: authentication, agent execution, credit management, and user support.
- Marketing communications: sending updates, tips, and offers — only with the user’s express consent.
- Analytics: product improvement and user experience enhancement — only with express consent.
- Legal obligations: compliance with legal and regulatory requirements.
4. Legal Basis
The processing of personal data by Davit is based on the following legal grounds provided for in Art. 7 of the LGPD:
- Consent (Art. 7, I): for marketing and analytics, collected in a granular manner at registration.
- Contract performance (Art. 7, V): for the operation of the service subscribed by the user.
- Legitimate interest (Art. 7, IX): for security improvement and fraud prevention.
5. Data Sharing
Your data may be shared with the following third parties, exclusively for the purposes described:
- Stripe, Inc.: payment processing.
- Resend: sending transactional and marketing emails.
- AI providers (Anthropic, OpenAI): processing agent tasks. Data sent is limited to what is strictly necessary for task execution.
Davit does not sell, rent, or trade personal data under any circumstances.
6. Storage and Security
Your data is stored on secure servers in Europe (Hetzner) with the following protection measures:
- Encryption in transit (TLS 1.3) and at rest (AES-256).
- OAuth authentication tokens encrypted with AES-256-GCM before storage.
- Automated daily database backups.
- Continuous security monitoring and incident alerts via Sentry.
7. Data Subject Rights
Under the LGPD (Art. 18), you have the right to:
- Confirmation of the existence of data processing.
- Access to the personal data we hold about you.
- Correction of incomplete, inaccurate, or outdated data.
- Anonymization, blocking, or deletion of unnecessary data or data processed in non-compliance with the LGPD.
- Data portability to another service provider.
- Deletion of personal data processed with consent.
- Information about the entities with which we share your data.
- Revocation of consent at any time.
To exercise your rights, visit the Your Rights — LGPD page or contact us at the email below.
8. Cookies
Davit uses cookies as follows:
- Essential cookies: required for Platform operation (session, authentication). Do not require consent.
- Analytics cookies: used only with the user’s express consent, to understand usage patterns and improve the product.
9. Data Retention
Your personal data is retained as long as your account is active. After 24 months of inactivity, your data will be automatically deleted, unless legal retention obligations apply.
You may request the deletion of your data at any time through your account settings or by contacting us.
10. Changes to this Policy
This Privacy Policy may be updated periodically. Significant changes will be communicated via email in advance. The most recent version will always be available on this page.
11. Data Protection Officer (DPO) Contact
For questions related to privacy and data protection, contact our Data Protection Officer:
Email: davitai@davitai.com