ParcAI← Back to home

Privacy Policy

Last updated: June 16, 2026

In compliance with the Brazilian General Data Protection Law (LGPD — Law No. 13,709/2018) and international data protection standards.

1. Who We Are

Suntinus Consultoria em TI Ltda is the controller of personal data collected by ParcAI. Data Protection Officer (DPO) contact: contato@parcai.com.br

For detailed information on how we use AI responsibly, including which models process your data and the limits of each agent, see our Responsible AI page.

2. Data We Collect

Data provided by you:

  • Email address (account creation or subscription)
  • Messages sent to AI agents
  • Contextual memory you authorize the Agent to store
  • Missions and action plans created with the Agent
  • Profile preferences and settings

Automatically collected data:

  • IP address (for rate-limit control)
  • Session data and usage logs (non-personal)
  • Plan type and payment history (via Stripe)
  • Agent action logs (for audit and correction — 30 days retention)

3. Purpose of Processing

We process your data to:

  • Provide the personalized AI service and Agent capabilities
  • Maintain mission context and persistent memory across sessions
  • Manage your account and subscription
  • Send transactional communications (confirmations, access links)
  • Improve service quality and safety
  • Comply with legal and regulatory obligations

4. Legal Basis (LGPD)

Data processing is based on the following legal grounds:

  • Contract performance — provision of the contracted Service (art. 7º, V)
  • Consent — sending marketing communications (art. 7º, I)
  • Legitimate interest — security, fraud prevention, service improvement (art. 7º, IX)
  • Legal obligation — compliance with legal requirements (art. 7º, II)

5. Conversation & Agent Privacy

Messages exchanged with AI agents are processed to generate real-time responses. We do not sell, rent, or share the content of your conversations with third parties for advertising purposes.

Messages identified as containing sensitive data (health, personal finance, biometric data) are automatically routed to AI providers with data non-retention policies, where available. We also apply automatic masking of personally identifiable information (PII) in AI processing flows before sending to external providers.

Agent actions (mission creation, memory updates, multi-step task execution) are logged locally for audit purposes with a 30-day retention window. These logs are used exclusively to allow you to review, correct, or roll back Agent activities.

6. Data Sharing

We share personal data only with:

  • Stripe — secure payment processing
  • Anthropic (Claude) — sensitive domain processing (health, family, faith, legal) — API access with no-training policy
  • Google (Gemini Flash) — general tasks and fast responses — API access with no-training policy
  • Hostinger — transactional email infrastructure
  • Competent authorities — when required by law

All providers are selected based on their data protection policies and are covered by appropriate contractual clauses. Neither provider uses your API conversations to train AI models.

7. Data Retention

  • Account data: while active + 5 years (tax obligation)
  • Conversation data: stored on your device; not retained on our servers beyond response processing
  • Contextual memory: retained until you delete it in Account settings
  • Mission and Agent action logs: 30 days
  • Rate-limit logs: 35 days
  • Email operational logs: 30 days
  • Payment data: as determined by Stripe and tax legislation

8. Your Rights (LGPD)

You have the following rights regarding your personal data:

  • Access — obtain confirmation and copy of your data
  • Correction — correct incomplete or outdated data
  • Anonymization / Blocking / Deletion — for unnecessary or non-compliant data
  • Portability — receive your data in structured format
  • Consent withdrawal — at any time, without prejudice to prior processing
  • Objection — to processing based on legitimate interest

To exercise your rights, send a request to contato@parcai.com.br. We will respond within 15 business days.

9. Security

We adopt technical and organizational measures to protect your data, including HTTPS/TLS communications, secure credential storage, role-based access control, and suspicious activity monitoring. In the event of a security incident, ANPD and affected users will be notified within the legal deadline. In client error reporting, we apply data minimization and screenshot capture only in opt-in mode.

10. Cookies & Tracking

ParcAI uses only strictly necessary cookies for Service operation (authentication, session preferences). We do not use third-party advertising tracking cookies.

11. Minors

ParcAI is not intended for persons under 18 years of age. We do not intentionally collect data from minors. If such collection is identified, data will be deleted immediately.

12. Policy Updates

This Policy may be updated periodically. Material changes will be communicated by email at least 15 days in advance. The "last updated" date at the top of this page will always reflect the current version.

13. Contact & DPO

Email: contato@parcai.com.br
Company: Suntinus Consultoria em TI Ltda (ParcAI)
Data protection authority: ANPD — Brazilian National Data Protection Authority

Terms of UseResponsible AI — models, limits and transparency