Privacy Policy
Effective date: April 17, 2026 | Version: 1.0
This Privacy Policy explains how your personal data is collected, used, shared, and protected when you use Retorno ("Service"), available at https://retorno.io. This policy is aligned with the Brazilian General Data Protection Law (LGPD β Lei 13.709/2018) and provides best-effort compliance with CCPA and GDPR principles.
1. Data Controller
Dusik Consultoria em Ti Ltda CNPJ: 52.470.169/0001-09 Email: eduardo@retorno.io
2. Data Protection Officer (DPO)
Contact our DPO / Encarregado de Dados at: eduardo@retorno.io
3. Data We Collect
| Category | Examples | Source |
|---|---|---|
| Account data | Name, email address, password hash | Provided by you |
| Site & profile data | Website URL, LinkedIn profile URL | Provided by you |
| ICP data | Ideal Customer Profile answers, target audience descriptions | Provided by you |
| Enrichment data | Prospect names, job titles, company info, LinkedIn public profiles | Apollo.io, Firecrawl |
| Outreach data | Messages sent, response status, campaign history | Generated by the Service |
| Usage & analytics | Pages visited, feature usage, session data, IP address | PostHog (post-consent) |
| Cookie data | Authentication tokens, consent preferences | Your browser |
4. Purposes and Legal Basis
| Purpose | Data categories | Legal basis (LGPD art. 7) |
|---|---|---|
| Account creation and authentication | Account data | Performance of contract (art. 7, V) |
| Delivering the outreach service | ICP, site/profile, enrichment, outreach data | Performance of contract (art. 7, V) |
| Prospect enrichment via third parties | Site/profile data | Legitimate interest (art. 7, IX) |
| Product analytics and improvements | Usage & analytics | Consent (art. 7, I) |
| Security and fraud prevention | Account, usage data | Legitimate interest (art. 7, IX) |
| Legal compliance | All categories as needed | Legal obligation (art. 7, II) |
5. Sharing with Sub-processors
| Sub-processor | Purpose | Location |
|---|---|---|
| Vercel | Hosting and CDN | United States |
| Anthropic (Claude API) | ICP inference and message generation | United States |
| Unipile | LinkedIn integration | EU |
| Resend | Transactional and outreach email delivery | United States |
| Apollo.io | Prospect data enrichment | United States |
| Firecrawl | Website crawling and scraping | United States |
| PostHog | Product analytics | United States |
We do not sell personal data to third parties.
6. International Data Transfers
Some sub-processors are located outside Brazil, primarily in the United States. These transfers rely on:
- Standard contractual clauses or equivalent safeguards where available.
- The necessity of the transfer for performance of the contract between you and the controller (LGPD art. 33, II).
- Your consent where no other legal basis applies (LGPD art. 33, VIII).
7. Data Retention
- Account data: Retained while your account is active, plus 30 days after deletion.
- Outreach and enrichment data: Retained for 12 months after the last campaign activity, then anonymized or deleted.
- Analytics data: Retained for up to 24 months.
- Legal compliance data: Retained as required by applicable law.
8. Your Rights (LGPD art. 18)
As a data subject, you have the following rights:
- Confirmation of the existence of processing.
- Access to your personal data.
- Correction of incomplete, inaccurate, or outdated data.
- Anonymization, blocking, or deletion of unnecessary or excessive data, or data processed in violation of the LGPD.
- Portability of your data to another service provider.
- Deletion of data processed with your consent.
- Information about public and private entities with which your data has been shared.
- Information about the possibility of denying consent and its consequences.
- Revocation of consent at any time.
To exercise any of these rights, contact us at eduardo@retorno.io. We will respond within 15 business days.
9. Cookies
We use essential cookies and analytics cookies (PostHog, post-consent only). For details, see our Cookie Policy.
10. Security
We implement reasonable technical and organizational measures to protect your data, including encryption in transit (TLS), secure credential storage, and access controls. However, no method of electronic transmission or storage is 100% secure.
11. Children
The Service is not intended for anyone under 18 years of age. We do not knowingly collect data from minors. If you believe a minor has provided us with personal data, contact us at eduardo@retorno.io.
12. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-app notification at least 15 days before taking effect. The "Effective date" at the top will be updated accordingly.
13. Contact
Dusik Consultoria em Ti Ltda CNPJ: 52.470.169/0001-09 DPO: eduardo@retorno.io General: eduardo@retorno.io