Privacy Policy
1. Who We Are
Pipevoz ("Pipevoz", "we", "us") operates the AI voice-agent platform available at pipevoz.com.
This Privacy Policy explains how Pipevoz collects, uses, shares and protects personal data in accordance with Brazilian law, including the LGPD, the Brazilian Internet Civil Rights Framework and the Brazilian Consumer Protection Code where applicable.
2. Roles in Personal-Data Processing
2.1 Pipevoz as Controller
When you sign up as a Pipevoz customer and use our platform, Pipevoz is the controller of your account, billing and platform-usage data.
2.2 Pipevoz as Processor
When a customer uses Pipevoz to make calls on behalf of its own company, Pipevoz processes the personal data of that customer's contacts as processor, following the customer's instructions and the agreement between the parties.
If you received a call originated by a Pipevoz customer, that customer is the controller responsible for your personal data. You should contact that company to exercise your rights.
3. Data We Collect
| Category | Data |
|---|---|
| Registration and identification | Name, business email, phone number, company name and tax ID, role and account details. |
| Billing and payment | Tokenized card data through payment providers, billing address, transaction history, credit purchases and tax-invoice data. |
| Platform usage | IP address, device/browser data, authentication logs, agent and pipeline settings, call metrics and consumed credits. |
| Support and communication | Messages sent to support and records of interactions with our team. |
| Customer-provided call data | Contact names, phone numbers, emails, custom lead fields, call audio, transcripts, metadata and AI-generated analyses. |
4. How and Why We Use Data
| Purpose | Data used | Legal basis |
|---|---|---|
| Account creation and management | Registration data | Contract performance |
| Billing, credit purchases and tax invoices | Billing data | Contract performance and legal obligation |
| Service delivery and maintenance | Platform usage and call data | Contract performance |
| Security, fraud prevention and audit | Access logs and usage signals | Legitimate interest |
| Product improvement and aggregate analytics | Usage data, preferably anonymized or aggregated | Legitimate interest |
| Marketing communications | Registration data | Consent where required |
Call data processed on behalf of customers is used only to execute configured calls and agents, store recordings and transcripts for the defined period, provide results and metadata to the customer, and comply with applicable obligations.
5. Call Recordings
Calls made through Pipevoz agents may be recorded. The customer-controller is responsible for providing any required notice and ensuring a proper legal basis for recording and processing the data of its contacts.
Recordings are stored securely in private cloud storage and are available for 90 days from the call date, after which they are automatically deleted.
6. International Data Transfers
Pipevoz does not sell, rent or monetize personal data for third-party advertising. We share data only with subprocessors such as infrastructure, telephony, AI and payment providers, subject to contractual data-protection obligations.
Some subprocessors may process data in infrastructure located outside Brazil, including the United States. These transfers are based on contractual protections, data minimization and periodic review of subprocessors.
7. Retention and Deletion
| Data category | Retention period | Reason |
|---|---|---|
| Customer registration and contractual data | During the contract plus 5 years | Contractual limitation periods and tax obligations |
| Billing and tax-invoice data | 5 years | Tax obligation |
| Platform access logs | 6 months | Brazilian Internet Civil Rights Framework |
| Call recordings | 90 days | Automatic storage lifecycle |
| Transcripts and call metadata | While the account is active | Customer access and service operation |
8. Information Security
Pipevoz adopts technical and organizational measures to protect personal data against unauthorized access, loss, destruction or improper disclosure, including encryption in transit and at rest, role-based access controls, private storage for recordings, controlled JWT expiration and continuous monitoring.
9. Security Incidents
In the event of a security incident that may create relevant risk or harm to data subjects, Pipevoz will investigate, take corrective measures and notify the competent authority, customers or affected data subjects when required by law.
Security-incident contact: contato@pipevoz.com.
10. Cookies and Tracking Technologies
Pipevoz uses cookies and similar technologies to maintain authenticated sessions, remember preferences and measure usage. Essential cookies are required for the service. Analytics and marketing cookies may be managed according to the consent tools and browser settings available to you.
11. Data-Subject Rights
Data subjects may request confirmation of processing, access, correction, anonymization, blocking, deletion, portability, information about sharing, revocation of consent, objection and review of automated decisions, subject to legal requirements.
To exercise your rights regarding data for which Pipevoz is controller, email contato@pipevoz.com with the subject "LGPD Request - [right type]". We may request identification to prevent unauthorized access.
If you are a contact who received a call made by one of our customers, contact that customer first, because it is the controller responsible for your data.
12. Changes to this Policy
We may update this Policy from time to time. Material changes will be communicated to customers with reasonable prior notice.
13. Governing Law and Venue
This Policy is governed by the laws of the Federative Republic of Brazil. The courts of São Paulo/SP are elected to resolve disputes, except where mandatory law provides otherwise.
14. Contact
For privacy or data-protection questions, contact contato@pipevoz.com. The Brazilian National Data Protection Authority is available at gov.br/anpd.