Privacy Policy

Curupira S.A. (“Blip” or “Company”) was born to promote smarter contacts between brands and people. Through our solutions, we offer the next step in digital communication and services across the world’s leading messaging and voice assistant channels.

Blip is passionate about connecting people with the organizations they choose and it is concerned about personal data privacy and protection for its customers, employees, partners, suppliers and all other personal data subjects. As such, it is committed to ensuring that these rights are respected, abiding by applicable laws, especially Brazilian Law No. 13.709/2018 (“General Law on Personal Data Protection” or “LGPD”).

This Privacy Policy (“Policy”) aims to inform users of the Blip website and Blip platform and other data subjects about how their personal data will be processed when they access and use the Blip website and platform, and when they interact via Smart Contacts (Chatbots) created through Blip or when they interact with the Company in other media.

If you have any questions about the content of this Policy, please contact our Data Protection Officer directly, by e-mail: [email protected].

1. HOW DO WE COLLECT YOUR PERSONAL DATA?

When you access and use our website or our Blip platform, or interact with Blip in other ways, we may collect your personal data in different ways, such as those listed below:

• By the provision of information by you, when you fill in the data to register on the Blip platform, to subscribe to our newsletter, to request more information about our solutions, to talk to the “Blip Smart Contact”, to participate in events promoted by the Company and other companies in the group or when you contact the Company directly by other means or channels of communication, such as telephone, e-mail or messages on our social networks.
• By automatically collecting data, such as information on your device type, your device’s unique identifier number, browser type, approximate geographic location, through your browser’s tools and other technologies, such as cookies. (See our Cookies Policy).
• By receiving your personal data from recruitment companies, referrals, or other persons who share your data with us for the purposes of enabling your participation in selection processes conducted by the Company.
• By receiving your personal data through our partners, group companies, service providers, suppliers or third parties, such as in cases where we have a business relationship with your employer, when we may receive your personal data to ensure our communication and confirm your identity as an employee of that company or for your registration on the Blip platform. We also receive your personal data from companies with which you have a business relationship and which use chatbot services or other solutions provided by the Blip Group.

2. WHY DO WE COLLECT YOUR PERSONAL DATA?

Blip processes your personal data for various purposes, according to your relationship with the Company and the way you interact with us.

The main purposes for which we collect, process or otherwise handle your personal data include the following:

• For user registration. We will process your personal data required to register you as a user on the Blip platform in order to allow for creating and managing your account, whether linked to your employer or directly to you.
• For creating and using the Blip platform. We will process personal data to enable the functionality of features you use to create and use the chatbot, such as Builder, Contacts, Customer Service, Payments, among other features.
• To charge for use of the platform and other products/services. When you or your organization purchases one of the Blip platform plans (Standard, Business and Enterprise), we will process your personal data to enable the transaction and payment for our services.
• To answer your questions, compliments, complaints, suggestions, and to communicate with you. When you contact us, either through our website, by phone, e-mail, Help Center, Ideas, relationship and customer/consumer service websites or by any other means of communication, we will process your personal data in order to communicate with you, answering your questions, compliments, complaints or suggestions, as well as any message you may have sent us, including to report technical problems with the use of our website, Blip platform or any other solutions offered by Blip.
• To promote our activities. We will process your personal data in order to send you our newsletter, invitations to events held by the Company and/or with partner companies, as well as information about our services, surveys, studies, news, podcasts, videos, promotions, new solutions or any other content or material that we produce, in order to promote our activities.
• For marketing, sending information about our products or services. If you already have a business relationship or have already interacted with the Company previously, or have registered to receive Blip materials and information through the website, to download content or access to sponsored media, we may process your personal data for marketing and/or sending information about products or services provided by Blip.
• For contact with possible customers, leads and prospects. If you have filled out the form on our website to contact our Commercial team, provided your information via landing pages, or if we identify that you or your organization may be interested in our products or services, we will process your personal data to promote our activities and to contact you and share information about the solutions provided by Blip.
• To conduct satisfaction surveys. We may process your personal data to conduct satisfaction surveys, to identify whether the products or services we offer are being positively received and what can be changed for better usability and operability.
• To recruit new employees. When you send us your résumé by e-mail, social networks, instant messaging applications, etc., when we receive your résumé from third parties, or when we have an open selection process and are looking for professionals in the market, we will process your personal data for the purpose of recruiting new employees, contacting them and allowing them to participate in all stages of the respective selection processes, such as interviews, group dynamics, practical or theoretical tests, among other activities inherent to the recruitment process, to evaluate the compatibility of your professional profile with the characteristics of the open position.
• To analyze the use of our platform. When you visit and browse our website or the Blip platform, we will process your personal data to understand aspects related to use of the website or platform, such as pages visited and duration of visits, the way you interact through Blip, the tools used most, among other aspects related to use of the platform, in order to improve the content provided to visitors, customers and data subjects. We will also process your personal data to identify the adherence rate of e-mails we send and interaction with the content we publish, in order to understand which of the materials we produce are being better received by our users.
• To ensure the security of our platforms. We will process your personal data to ensure the security of the Blip website and platform, evaluating unusual patterns in relation to its use, unexpected voluminous access requests, access attempts with invalid user ID and password, among other actions that may indicate a cyber attack or breach of confidentiality, integrity or availability of our systems.
• To comply with legal or regulatory obligations or court orders. When we need to comply with legal or regulatory obligations or court orders, we will process your personal data that is necessary for such purposes, including by sharing such data with public agencies and the Judiciary.
• To defend ourselves in judicial, administrative or arbitration proceedings. When necessary, we will process your personal data to defend our interests in legal, administrative or arbitration proceedings brought by you or a third party against us, or brought by us against you or a third party.
• To ensure the safety of our facilities and staff. If you come to our physical facilities, we will process your personal data to ensure the safety of our employees and our facilities, including the security of information we store, whether it is personal data, trade secrets or other corporate information.
• To ensure the protection of your health, the health of our employees and that of third parties. If you come to our physical facilities in person, we will process your personal data to ensure that you, our employees or third parties do not present any symptoms of an infectious disease (especially COVID-19) that could jeopardize everyone’s health.
• To evaluate new acquisitions. We will process your personal data when necessary in the process of evaluating new acquisitions of products, services, or shareholding stakes in other organizations, especially during the legal or tax due diligence process, during which we may have access to information about employees of the organizations we are evaluating as business partners or potential shareholding acquisitions.
• To investigate potential complaints. When you initiate or are involved in a report made through our Reporting Channel about conduct inconsistent with our corporate values or that violates applicable law, we may process your personal data to investigate the complaints made and, if you filed the complaint and choose to reveal your identity, to report back to you on the outcome of the process related to the complaints.
• For credit analysis. In cases where Blip sells products or services to you, we will process your personal data to assess your ability to meet your financial obligations and to protect our credit.
• For conducting meetings, videoconferences or conference calls. We will process your personal data for the purpose of conducting meetings, videoconferences or conference calls, including, depending on the medium used, your image and voice, as well as identification and e-mail correspondence data, for sending invitations and links to access meetings.
• To receive third-party indications. We will process your personal data when we receive indications from third parties about your potential interest, or potential interest from your organization, in hiring our products or services, allowing our subsequent contact with you to present our solutions.
• For internal audits. We will process your personal data as necessary to conduct internal audits of our platforms and systems, including in connection with financial, tax and accounting audits, audits of compliance with laws and regulations to which we are subject, audits of financial and risk controls, audits for the reorganization, sale, assignment or transfer of all or part of our assets, audits required by Government Authorities, or any other audits that are necessary or relevant for the proper development of our business.
• To provide analysis of interaction with advertisements on third-party platforms, when companies contracting Blip products also contract advertising services integrated with the Blip Platform that provide for the sharing of conversion data, such as, but not limited to, Google Ads and Meta Ads (see Blip’s Acceptable Use Policy).
  

3. WHAT DATA DO WE COLLECT?

In order to achieve the purposes indicated above, we may process one or more of the following personal data, to the extent necessary for the respective purposes:

• User registration data. When you are a user of the Blip website or platform, we will process data such as your full name, e-mail address and telephone number to create your account and to receive our newsletter and marketing e-mails. For the Commercial team to contact you, we will process the data entered on the form, such as your full name, e-mail address, telephone number and position in your company. In order to process payment for one of the Blip platform plans, we will process your name, CPF (Tax ID), information on the organization you represent and contact information.
• Usage and device data. We will process data related to your use of the Blip website and platform, such as clicks, page scrolling, cursor scrolling and pages visited, geolocation, date and time of access, IP of your device, browser used, type of device, language preference, features used, registrations made, among others.
• Data for chatbot operation. We will process personal data of users who interact with Smart Contacts present on the Blip platform, either on their own behalf or on behalf of our clients, for whom we act as Operator, such as full name, location, telephone number, content of your message, personal data of attendants who perform the service manually, such as full name, status and working hours; the content of pre-formatted chatbot messages and their responses; data for chatbot configuration, such as chatbot name, description, image, welcome messages, connection information, among others.
• Other information. We will process additional data that may be voluntarily entered by users in their resumes or in communications sent to the Company through “Contato Inteligente Blip”, by email, correspondence, or any other means.

4. WHO IS YOUR PERSONAL DATA SHARED WITH?

We may share your personal data with:

• Companies in our Economic Group. We may share your personal data with other companies in our economic group in order to improve our products or services and to gain efficiency in our business, such as in the case of using single or integrated systems between companies in the same group.
• Our partners, service providers and suppliers. In order to carry out our business activities, we maintain relationships and contract with various partners, service providers and suppliers, who are essential to our business. Some of these partners and suppliers may need to have access to the personal data we collect in order to perform their functions as providers of cloud data hosting services or solutions for sending e-mail communications, external recruiters, auditors, banks and affiliated companies, in which cases we will share your personal data with them. We carry out an assessment of all our partners and suppliers, requiring that personal data be treated in compliance with all applicable laws and ensuring information security, in order to minimize possible risks in data sharing.
• External Advisors. We may share your personal data with external advisors who provide services to us, including financial, accounting, legal or technical advisors, who need access to the data to carry out the activities for which they were hired.
• Government Authorities. We may share your personal data with any and all Government Authorities that request it, including with labor or financial activity oversight bodies, in order to comply with our legal or regulatory obligations.
• Judiciary. We may share your personal data with Judiciary bodies, whenever necessary to comply with a court order, our legal or regulatory obligations, or for the regular exercise of our rights.
• Police Authorities. We may share your personal data with police authorities or agencies with police powers, such as the Public Prosecutor’s Office, whenever we believe there is suspicion or confirmation of any unlawful or criminal act, when necessary to protect our employees, our rights and our properties, even when there is no legal or regulatory obligation that requires sharing.
• With third parties interested in the combination or acquisition of our businesses. We may share your personal data with third parties interested in the combination or acquisition of our businesses, with whom we are discussing potential merger, acquisition or incorporation operations of the Company, its business units or its specific assets, either during the due diligence phase carried out by the third parties in the Company’s businesses or at a later time, with their definitive transfer to the acquiring company or person, when applicable. In the event of any insolvency or reorganization proceedings of the Company, your personal data may also be shared with third parties that acquire our businesses or assets.
• With other users of the Help Center and BLiP Ideas. If you send us requests through the Help Center or BLiP Ideas, these publications will remain public and may be accessed by third parties who are users of the respective platforms.
• With third parties indicated by you. We may share your personal data with third parties indicated by you, upon your request and based on your consent.

5. WHAT ARE THE LEGAL BASIS THAT AUTHORIZE THE PROCESSING OF YOUR PERSONAL DATA?

All of our personal data processing operations are always carried out with the support of a legal basis provided for in applicable legislation, in accordance with the particularities of each data processing activity.

Among the legal hypotheses that authorize the processing of your personal data that are used by us to enable our processing activities are the following:

• Compliance with legal or regulatory obligations. In certain situations, we process your personal data based on the need to comply with a legal or regulatory obligation, such as when we keep records of your access to our website or applications, in compliance with article 15 of Law 12,965/2014 (“Marco Civil da Internet”).
• Execution of contract. When you decide to use the Blip platform, we establish a contractual relationship with you based on your adherence to the Terms of Use of the Blip platform, and, in the case of paid plans, on the signing of the Blip Contract, to make the functionalities available. In these cases, we will process your personal data that is necessary for the execution of the contract, such as your full name, email, and telephone number, to link your registration to the platform.
• Regular exercise of rights. We may process your personal data when necessary to allow the regular exercise of our rights in contracts, or in administrative, judicial or arbitration proceedings, such as, for example, the indication of your registration data in a legal claim filed by you against the Company.
• Protection of life or physical safety. We will process your personal data when necessary to protect your life or physical safety or that of third parties, such as by taking your temperature before allowing you to enter one of our facilities, to ensure that you do not show signs of infection with infectious diseases that could contaminate our employees or third parties.
• Credit protection. We will process your personal data when necessary to protect our credit, such as in cases where it is necessary to verify your ability to pay for products or services offered by the Blip Group.
• Legitimate interest. We will process your personal data when we have a legitimate interest in processing it, except in cases where your fundamental rights and freedoms prevail, such as when we promote our activities by sending emails to our customers.
• Guarantee of fraud prevention and data subject security. We will process your personal data when necessary to guarantee fraud prevention and data subject security, in processes of identification and authentication of registrations in electronic systems.
• Consent. When we have no other legal basis that allows us to process your personal data, we may process your personal data based on your free, unequivocal and informed consent, which may be revoked at any time, free of charge and easily.

For further details on the legal basis used in a specific personal data processing carried out by us, please contact our Person in Charge (DPO) by email: [email protected].

6. HOW LONG WILL YOUR DATA BE PROCESSED?

The Blip Group is committed to processing your personal data only for the period necessary to achieve the specific purposes of each processing, with data retention for the shortest possible period, taking into account all existing legal and regulatory obligations and the need to defend the Company’s interests in judicial, administrative or arbitration proceedings. 

In this sense, retention periods are defined by the Company according to the specific characteristics of each processing, including the purposes for the processing, existing legal or regulatory obligations, among other criteria relevant to this definition. 

For more information on specific retention periods, please contact our Person in Charge (DPO) by email: [email protected].

7. COOKIES

Cookies are text or image files made available on our website and stored on the devices used by Users who access them, for the operation, performance and optimization of navigation. 

These cookies can also be used to evaluate performance metrics, allow the website to function correctly and make it more secure, provide a better user experience, understand how the website works and where it needs to be improved and collect information about user behavior. There are several types of cookies. On our website, we use the following cookies:

● Strictly necessary cookies. These are essential for the operation of our website, to ensure its security and proper performance, without which it would not function correctly.

● Preference cookies. These store information about your preferences, such as your language and region, allowing for a better browsing experience on the website.

● Analysis cookies. These collect information about your behavior while browsing our website, such as the pages accessed, the time spent visiting them, and the pages that are rarely accessed, in order to allow us to improve the quality of the website.

An example of cookies we use are those provided by Google Analytics, which help us understand how users interact with our platform and then find opportunities to improve our services. 

If you want to manage your cookie preferences, you can configure your browser or device to remove them. However, by doing so, you are aware that some features may not work properly and that your experience with Grupo Blip may not be as personalized, compromising the usability of the platform. 

Each browser provides its own means of configuring cookies. When accessing their websites, you will be subject to the privacy policies of other companies, which may not be consistent with or similar to the terms of this Policy. To learn more about how to manage and delete cookies from your browser, visit: 

• How to remove cookies in Google Chrome
• How to remove cookies in Mozilla Firefox
• How to remove cookies in Internet Explorer
• How to remove cookies in Safari

8. WHAT ARE YOUR RIGHTS AS A SUBJECT OF PERSONAL DATA?

You have a number of rights in relation to your personal data and the Blip Group is committed to fully respecting them, as a Data Processing Agent. The rights available to you include the following:

• Confirmation of the existence of processing. Ask whether we process your personal data, confirming whether or not such processing exists.
• Access to data. Request a copy of your personal data that is processed by us, by electronic, secure and suitable means or in printed form, according to your preference.
• Rectification. Request the correction of your personal data that is incomplete, inaccurate or outdated.
• Anonymization, blocking or deletion. Request the anonymization, blocking or deletion of your personal data, in cases where unnecessary, excessive or non-compliant data is processed.
• Portability. Request the portability of your personal data to other content platforms, in accordance with the regulations issued by the National Data Protection Authority, observing the commercial and industrial secrecy of the Blip Group, if any.
• Information about sharing. Request information about the public and private entities with which we share your personal data.
• Information about the possibility of refusing your consent. Receive information about the possibility of not providing your consent, when consent is the applicable legal basis for the processing of personal data, indicating the consequences of such refusal.
• Revocation of consent. You can revoke your consent easily and free of charge by simply communicating your decision to the Blip Group Data Protection Officer or in other possible formats made available by the Company exclusively for this purpose. It is important for you to know that revoking your consent does not invalidate or render illegitimate any personal data processing activities that were carried out prior to the date of revocation.
• Objection to processing. Object to processing, stating your reasons for doing so, in cases where consent is not the legal basis applicable to the processing of your personal data and when there is any non-compliance with the LGPD. The Blip Group will assess whether your objection is justified or not, adopting the necessary measures to suspend the processing or inform you of the grounds on which it understands that the processing is lawful and permitted.
• Complaint. File a complaint regarding the processing of your personal data carried out by the Blip Group with the National Data Protection Authority. However, we expect that before doing so, you will give us the opportunity to respond to any queries or complaints you may have directly. Our Data Protection Officer is available to answer any questions and assist you in processing any complaints.
• Deletion of data processed with consent. Request the deletion of your data, in cases where your consent is the legal basis for a particular processing activity, except for the possibility that we may continue to store the data when it is necessary to comply with a legal or regulatory obligation, or to defend our interests in judicial, administrative or arbitration proceedings.

9. REQUEST FOR ACCESS OR DELETION OF DATA AND HOW TO EXERCISE THE RIGHTS OF PERSONAL DATA SUBJECTS.

All of these rights may be exercised by you at any time, free of charge, unless a fee is permitted under applicable law or regulations, and the Blip Group undertakes to make its best efforts to respond to your requests in a transparent and expeditious manner. 

If you wish to request the deletion of personal data, or exercise any other right as a data subject, simply contact us using the Data Subject Request Form. 

To ensure that your rights are being exercised by you or your duly appointed legal representative, the Blip Group may request necessary information or proof of your identity, in order to prevent fraud and ensure your privacy, so that your personal data is not shared with anyone who is not authorized to do so. 

We will respond to your requests within a reasonable timeframe, in accordance with applicable law, remembering that we may only respond to some requests after receiving the confirmations provided for above.

In certain cases, such as when your request is particularly complex or when we receive a high volume of requests at the same time, our response may not be as quick as we would like. In these cases, we will always keep you informed and updated on the progress of your request. 

In situations where we act as a Personal Data Processor, hired by companies with which you have a relationship, it is the duty of the respective companies to respond to your requests to exercise the rights provided for above. In the event that you send the request to the Blip Group, we will indicate who is the Controller of your Personal Data in that processing activity and we will forward your request to that organization. Considering that in these cases we only carry out processing activities at the behest of the respective Controllers, we will be prevented from fulfilling your requests without the express authorization of the respective Controllers.

10. SECURITY INFORMATION

The Blip Group adopts technical and organizational measures, based on good market practices, to protect your personal data against unauthorized access or unlawful or accidental situations of destruction, loss, alteration, communication or any other form of inappropriate processing. Your data is stored in a secure operating environment, which is not accessible to the public. 

The measures we adopt to protect your personal data include: access controls, monitoring of access to local networks and remote connections via VPN, user authentication, antivirus, firewall, maintenance of backup copies, periodic testing and scanning of systems, encryption of data in transit and at rest, among others. 

We maintain administrative, technical and physical safeguards to support the protection of the personal information you share with us. These actions are associated with efforts to prevent security incidents, such as loss, misuse and unauthorized access, disclosure, alteration, destruction or any counter attacks perpetrated by malicious individuals, which can be highly sophisticated and innovative, with techniques and methods previously unknown, even to the best information security tools.

We know that no transmission over the internet is 100% secure, so the security of your data also depends on you adopting reasonable measures when using your devices and software. It is important that you protect data such as your email and password used for authentication on the Blip platform. This way, we prevent other people from accessing your services.

The security of your data also depends on you adopting reasonable measures when using your devices and software. If you identify or become aware of anything that may compromise the security of your personal data, or of any possible vulnerability in our website or systems, please contact us.

11. THIRD PARTY WEBSITE

Our website may provide links to third-party websites. These websites, in turn, have their own privacy policies, which may not be compatible with this Policy. We recommend that you consult the respective privacy policies of these third parties to learn about the personal data protection practices adopted by them.

The Blip Group is not responsible for the regularity of the data protection practices of third-party websites, nor for their content, which is not in any way validated, ratified or endorsed by the Blip Group.

12. HOW TO CONTACT US?

If you have any questions about this Policy or about the way your personal data is processed by Blip, or if you would like to make complaints, suggestions or comments about our personal data processing practices, please do not hesitate to contact us by email: [email protected]. 

We have a duly appointed Data Protection Officer (DPO) who is ready to respond to all your questions or complaints, and is the point of contact for your communication with the Blip Group regarding the processing of your personal data. 

Our Data Protection Officer can be contacted directly through the following channel: 

Marcelo Lopes – [email protected].

13. DATA OF THE AGENT RESPONSIBLE FOR PROCESSING PERSONAL DATA

Curupira S.A, a public limited company, registered with the CNPJ/ME under number 04.413.729/0001-40, with headquarters at Rua Sergipe, 1440 – Floor 9, Room 109, Floor 10, Savassi, Belo Horizonte, Minas Gerais, CEP 30130-174, is responsible for the processing of the Personal Data defined herein, in accordance with the definition provided for in the General Personal Data Protection Law.

14. UPDATES

As our goal is to always improve our services, this Privacy Policy may undergo changes and updates over time, to better reflect our personal data processing practices and provide greater security and transparency to our operations. 

When relevant changes are made, we will post a notice on the home page of our websites so that you can quickly identify the existence of an updated version of this Policy.

For the personal data processing activities that we carry out and that may be based on your consent, if the changes to this Privacy Policy result in effective changes to our personal data processing practices, we will request your consent again, based on the updated terms of this Policy.

We recommend that you periodically check this Policy to familiarize yourself with any changes.

Last update on September 04, 2024

Version 1.2