Privacy Policy

Version

1.0

Updated on

December 10, 2024

  1. About Azify

Azify aims to transform banking services into intelligent processes, merging the functionalities of traditional financial markets with technological innovations related to blockchain, thereby providing agility, productivity, and efficiency in services, democratizing access for individuals and companies through a next-generation platform.

It is important to highlight that Azify is not a financial institution, does not perform activities exclusive to entities authorized by the Central Bank of Brazil, and operates exclusively as a technology company, offering infrastructure and technological solutions for its partners.

  1. Object

The Privacy Policy described here aims to demonstrate how your Personal Data is handled by Azify, reinforcing the commitment to important values, among which stand out good relationships and transparency with Users, in line with the provisions of the General Data Protection Law (Law 13.709/18). 

In this Privacy Policy, we detail the types of Information that Azify collects through all its institutional channels from the moment Users access our content or hire the offered Services. We also present the purposes for which this Information is used, the measures taken to protect it, and the means of contact available for Holders to exercise their rights or clarify doubts about our privacy practices.

  1. Definitions

Without prejudice to other definitions attributed in this Privacy Policy, the words below, when used in the singular or plural, will have the following meanings: 

  1. Azify: represents AZIFY LTDA., limited liability company, registered with the CNPJ under No. 52.491.106/0001-39, headquartered at Rua Leopoldo Couto Magalhães Júnior, No. 758, 14th floor, Itaim Bibi, São Paulo/SP, ZIP: 04.542-000.

  1. Personal Data: any Information related to an identified or identifiable natural person. Data related to an individual that, individually or together with other information, are or can be used to identify them, collected and/or processed physically or electronically. 

  1. Sensitive Personal Data: Personal Data about racial or ethnic origin, religious beliefs, political opinions, membership in a union or religious, philosophical, or political organization, related to health or sexual life, genetic or biometric data. 

  1. LGPD: means the General Data Protection Law, Law No. 13.709/2018.

  1. Information: all Information, whether Personal Data or not, that the User will provide to Azify, or that will be obtained from third parties during their use of the Service or even created from the use of the Service.

  1. Holder: is the natural person to whom the Personal Data that is the subject of Treatment refers.

  1. Treatment: is any way of use that Azify may make of Personal Data, including, but not limited to, the following activities: collection, storage, consultation, use, sharing, transmission, classification, reproduction, deletion, and evaluation.

  1. Services: refers to the Services, products, and Technological Solutions offered by Azify.

  1. Technological Solutions: services and tools developed by Azify to support the operation of partners in the financial market and blockchain, without conducting or directly managing financial transactions or regulated services.

  1. You, Holder or User: any individual or legal entity that uses the services of Azify or who simply accessed the service.

  1. Acceptance of the Privacy Policy

The provisions of this Privacy Policy relate to the use of applications and Services provided by Azify in Brazil, as described in the General Terms and Conditions of Use. By accessing Azify's website or application or using the Services offered, the User acknowledges and accepts that Azify may collect, store, process, associate, share, use, or disclose their Personal Data, as provided in applicable law and this Privacy Policy. 

The use of Azify's applications and Services implies full acceptance of the conditions established in this Privacy Policy. If the User does not agree to the terms of Treatment of Personal Data described here, it will not be possible to use the Services provided by Azify.

  1. Applicability of the Privacy Policy

This Privacy Policy generally applies to all Users interacting with the technological operations carried out by Azify. More specifically, its application encompasses:

  1. Clients: individuals who, when using Azify's technological infrastructure, access Services or products made available by regulated partners who have Azify's solutions;

  1. Third Parties: individuals who interact with Azify's platform, either to request the hiring of products or Services offered by partners or to conduct operations with those partners, even without becoming direct clients; and

  1. Job Candidates: individuals who participate in selection processes conducted by Azify.

  1. Treatment of Personal Data

Azify, in the context of providing Technological Solutions to partners in the financial market and blockchain, may process Personal Data and transactional data exclusively for purposes related to the operation and maintenance of its technological tools. The following details the data collected and their purposes, always in compliance with applicable law.

6.1. Treatment of Personal Data and Legal Bases

Generally, the Treatment of Personal Data by Azify occurs for the following situations:

  1. Allow access to Azify's platform through the application;

  2. Enable the hiring or use of products and services offered;

  3. Facilitate navigation on websites - https://azify.com/;

  4. Respond to requests sent through customer service channels;

  5. Conduct research or promotions to improve Services;

  6. Integrate the services of partners that use Azify's API;

  7. Conduct selection processes for hiring new employees.

The Treatment of Personal Data performed by Azify will always be based on a legal basis provided in the LGPD. Among the main legal bases used are compliance with legal or regulatory obligations, contract execution, regular exercise of rights in proceedings, and legitimate interest, as provided in articles 7 and 11 of the LGPD.

6.2. Collection of Personal Data and Information by Azify

6.2.1. Collection of Users' Personal Data

Collected Information

Purpose

Registration Data

Full name, as stated on the identification document.

  1. Identify and authenticate the User;

  2. Provide technological support to financial partners to enable the opening of the Payment Account and comply with the Money Laundering Prevention Law or Concealment of Goods, Rights, and Values;

  3. Fulfill legal obligations to maintain records;

  4. Comply with other legal and regulatory obligations;

  5. Ensure the possibility of portability of Registration Data;

  6. Protect the User against fraud and other related crimes;

  7. Provide technological support to financial partners to enable access to other products and services linked to the Payment Account;

Social Name - how you would like to be called.

Nationality.

Gender.

CPF registration number.

Date of birth.

Mother's name, as stated on the identification document.

Marital status.

Spouse's name or partner, if applicable.

Profession/Occupation.

Monthly income.

Assets.

Declaration if the person is Politically Exposed.

Full Address.

  1. Establish communications between the financial partner and the User;

  2. Support the partner in notifications and in cases of suspected fraud or inappropriate use of the Payment Account.

Email address.

Phone number.

Documents Requested

  1. ID card (RG); or

  2. National Driver's License (CNH);

  3. National Foreign Registration (RNE);

  4. National Identification Document (DNI);

  5. National Migratory Registration Card (CRNM).

  6. Passport.

  1. Identify and authenticate the User;

  2. Provide technological support to financial partners to enable the opening of the Payment Account;

  3. Protect the User against fraud and other crimes;

  4. Fulfillment of legal and regulatory obligations.

Selfie – Image captured by the front camera of the User's mobile device.

6.2.2. Collection of Information from Legal Entities

Collected Information

Purpose

Registration Data

Corporate Name

  1. Identify and authenticate the Holder;

  2. Provide support to financial partners to enable the opening of the Payment Account and comply with the Money Laundering Prevention Law or Concealment of Goods, Rights, and Values;

  3. Fulfill legal obligations to maintain records;

  4. Comply with other legal and regulatory obligations;

  5. Ensure the possibility of portability of Registration Data;

  6. Protect the Holder against fraud and other related crimes;

  7. Provide support to financial partners to enable access to other products and services linked to the Payment Account;

CNPJ registration number

Trade name

Main business activity

Company size

Revenue

List of partners or shareholders

Full Address

  1. Establish communications between the financial partner and the Legal Entity;

  2. Support the partner in notifications and in cases of suspected fraud or inappropriate use of the Payment Account.

Email address

Phone number

Documents Requested

Documents from the legal entity:

  1. Articles of Association or Bylaws;

  2. Minutes of the election of the legal representative(s), as appropriate; and

  3. Powers of Attorney, as appropriate.

Identity document of partners holding 25% (twenty percent) or more of the shares:

  1. ID card (RG); or

  2. National Driver's License (CNH);

  3. National Foreign Registration (RNE);

  4. National Identification Document (DNI);

  5. National Migratory Registration Card (CRNM).

  6. Passport.



Note: If one of the partners holding more than 25% (twenty percent) of the shares is a legal entity, all documents related to the company will be required, as well as the documents of all partners holding 25% (twenty percent) or more of the shares*.



* This procedure should be adopted up to the third layer.

  1. Identify and authenticate the Holder;

  2. Provide technological support to financial partners to enable the opening of the Payment Account;

  3. Protect the Holder against fraud and other crimes;

  4. Fulfillment of legal and regulatory obligations.

Selfie – Image captured by the front camera of the mobile device of the legal representative(s) who will be the Holder(s) of the account.

Financial Documents: 

  1. Balance sheet for the last fiscal year; and

  2. Statement from the accountant indicating the revenue for the last 12 months*.

* If the company has not been established for 12 months, the revenue statement may be replaced by a signed revenue projection by the accountant.



  1. Assist partners in following compliance rules, ensuring that financial transactions align with the company's reality.


6.3. Data created during the use of services by the application

In some situations, Azify may collect Personal Data and other Information using pixel tags, cookies, or similar technologies, which create and maintain unique identifiers. It is important to emphasize that such technologies are used exclusively to improve the functionality of Technological Solutions and ensure operational support to regulated partners, always respecting the User's privacy settings.

The collection may include the following types of Personal Data and/or Information:

  1. Device data: data will be collected about the devices used to access the services, IP address, Device ID, and behavior metrics. This data is used to protect the User from unauthorized access and to improve the experience on the platform;

  2. Transaction data: technical Information will be collected related to the use of Azify's solutions, such as the type of product accessed, Information about orders (date, value, and quantity), and metadata of transactions conducted by financial partners;

  3. Usage data: interaction data of the User with Azify's services, such as, for example, date and time of access, application features used, pages viewed, and application errors; and

  4. Metadata: Information related to the communication channel used by the User to contact Azify.

6.4. Collection of Personal Data from Third Party Users:

Users' Personal Data may be collected from third parties in the following situations, exclusively to enable support to regulated partners:

  1. Information provided by Azify's commercial partners, such as social media services, applications, websites, or APIs that use or are integrated with Azify's Technological Solutions;

  2. Data provided by suppliers that assist in confirming Users' identities, conducting regulatory compliance checks, validating KYC (know your client) requirements, and preventing money laundering and international sanctions;

  3. Publicly available information or made public by the User themselves, such as their inclusion in Politically Exposed Persons (PEP) lists, restriction lists (OFAC, UNSC, and other international lists), as well as interactions conducted by the User with Azify's social media;

  4. Data obtained from social networks if the User connects their Azify account to a third-party social network, such as Facebook, Instagram, or LinkedIn. In this situation, Azify may access information such as user ID, associated username, information contained in the public profile, and connections. It is worth noting that the specific information collected by Azify depends on the privacy settings defined by the User on the respective social network.

  1. How Data is Used by Azify 

7.1. The Personal Data provided by the User will or may be used by Azify to: 

  1. Identify and authenticate whether the User meets the requirements set by law to access the services and products offered by Azify's regulated partners;

  2. Support financial partners in verifying the User's identity at the time of hiring, including know your client (KYC) and anti-money laundering (AML) procedures;

  3. Provide technological support for the provision of services contracted by regulated partners;

  4. Confirm the identity and eligibility of Users intending to use the services offered by partners, including biometric authentication (selfie), as allowed by law, to prevent fraud and misuse of the platform;

  5. Ensure the security and authenticity of transactions made through Azify's Technological Solutions;

  6. Contact the User through communication channels, such as phone, email, SMS, WhatsApp, or push notifications, exclusively to send information related to Azify's technological services;

  7. Address Users' requests and clarify doubts about the use of the platform;

  8. Enhance the services and functionalities of Azify's platform, including analyzing aggregated and anonymized data for improvements;

  9. Assist partners in preventing and resolving technical and security issues related to the contracted services;

  10. Prevent and remedy issues related to fraud, financial crimes, and unauthorized access, ensuring the security of the platform and integrated systems;

  11. Comply with applicable legal or regulatory requirements, including collecting, storing, and sharing data with competent authorities;

  12. Regularly exercise Azify's rights in judicial or administrative proceedings, always within the scope of its technological operations; and

  13. If the User applies for a position at Azify, or Azify receives their Information in connection with a potential available position, such Information may be used to assess the application and reach out.

7.2. The Personal Data of Users collected from third parties will or may be used to:

  1. Enable compliance processes conducted by Azify's financial partners, including identity verification, analysis of international sanctions, and KYC and AML procedures;

  2. Support the development and enhancement of technological services and products offered by Azify;

  3. Provide support for partners in prospecting new clients and marketing products or services, always in accordance with applicable law;

  4. Identify, prevent, and remedy technical and security problems;

  5. Take preventative measures against illicit activities, fraud, and financial crimes, in support of regulated partner entities; and

  6. Comply with applicable legal or regulatory obligations.

7.3. The Personal Data collected from the User's device will or may be used to:

  1. Enable the provision of services contracted by Azify's regulated partners;

  2. Improve the User's experience when using the technological platform;

  3. Recommend new services or functionalities offered by regulated partners;

  4. Monitor and resolve operational and technical issues, as well as conduct usage research and analysis on the platform;

  5. Identify and prevent fraudulent activities or unauthorized access to Users' accounts; and 

  6. Comply with court orders, directives from competent authorities, or legal and regulatory requirements.

7.4. Data generated by the use of services may be used to:

  1. Provide technological support for the provision of services contracted by financial partners;

  2. Monitor and authenticate transactions conducted through Azify's solutions, always within the technological scope;

  3. Enhance the services and functionalities offered by Azify;

  4. Resolve technical or security problems identified during the use of services;

  5. Address requests from legal or regulatory authorities;

  6. Regularly exercise Azify's rights in administrative or judicial proceedings, when necessary.

7.5. Data obtained from public sources may be used for:

  1. Supporting partners in regulatory compliance verification, such as identifying Politically Exposed Persons (PEP);

  2. Preventing and combating fraud or financial crimes, in accordance with applicable laws;

  3. Complementing Information provided by the User, respecting legal limits; and 

  4. Disseminating technological products and services on social media or institutional materials.

7.6. Treatment of third-party data:

The data shared with Azify for support of the economic activities contracted by partners may be used to:

  1. Address requests from end clients of regulated partners; and

  2. Provide technical and operational support to financial partners for the provision of services to their clients.

In the event of sharing Personal Data of third parties with Azify in connection with economic activities, the User must obtain the authorization from the Holder of the Personal Data or their legal representative, in addition to basing each Treatment on some legal grounds set forth in applicable law.

Azify may register and process data and information related to occurrences, attempts, and/or indications of fraud solely to prevent such acts and ensure the security of its Technological Solutions. These records are made in compliance with applicable legal and regulatory obligations within the scope of its role as a technology provider for regulated partners. 

Additionally, it is the responsibility of financial partners to implement additional security measures related to the financial transactions conducted on their platforms. 

  1. Sharing of Personal Data with Third Parties

Azify does not share, sell, assign, transfer, or lease the database formed with Personal Data, except in the situations provided for in this Privacy Policy. 

When necessary, the sharing will be limited to purposes compatible with the role of Azify, being carried out exclusively in accordance with applicable legislation and to enable the technological services offered to Azify's regulated partners.

8.1. Consequently, there may be sharing of the User's Personal Data in the following situations:

  1. Transfer of ownership: in the event of a transfer of ownership of Azify or corresponding companies, exclusively to continue activities related to technological support;

  2. Suppliers and contracted service providers: with suppliers and providers performing complementary activities to the operation of Azify's Technological Solutions, including cloud storage providers and development tools;

  3. External services in other jurisdictions: providers located in Brazil or in other jurisdictions acting on behalf of Azify for maintenance, support, or enhancement of the platform;

  4. Partner entities: banking institutions, suppliers, consultants, and business partners, including marketing providers, research and analysis platforms, social networks, and legal and accounting consultancies, exclusively for the enablement of contracted technological services; and 

  5. Regulatory bodies and public authorities: such as the Central Bank of Brazil, Council for the Control of Financial Activities (COAF), or other legally provided bodies, when necessary to comply with the provisions of Law 9.613/98 and other applicable regulations for the prevention of illicit activities.

8.2. Sharing of Users' Personal Data with third parties may have the following purposes: 

  1. Identification and eligibility: verify the User's identity and support regulated partners in eligibility for contracting financial or payment services;

  2. Service provision: enable the functioning of the platform, including the use of cloud storage providers;

  3. Communication: facilitate contact with the Holder through channels such as phone, email, WhatsApp, SMS, or push notifications;

  4. Prevention of illicit activities: support investigations and the adoption of measures to prevent and combat illicit activities, fraud, and financial crimes;

  5. Regular exercise of rights: ensure the rights of Azify in administrative or judicial proceedings;

  6. Compliance with legal requirements: comply with court orders, directives from competent authorities, or regulatory obligations;

  7. Support for marketing and research: prospecting clients, market research, or promoting technological products and services, always respecting the User's rights;

  8. Security and stability: prevent and remedy technical problems, security issues, or unauthorized access to the platform; and 

  9. Damage mitigation: avoid physical, financial, or loss-related damages relating to fraudulent or illegal activities.

8.3. The sharing of Users' data with public authorities and regulatory bodies may have the following purposes:

  1. Prevention of illicit activities: investigate and adopt measures against fraud, financial crimes, and other illicit activities;

  2. Exercise of rights: ensure the regular exercise of Azify's rights in administrative or judicial proceedings;

  3. Compliance with legal orders: adhere to legal orders or requirements from regulatory bodies; and 

  4. Legal compliance: fulfill applicable legal or regulatory obligations.

8.4. Azify may use Personal Data to generate statistical information related to the technological services offered. In these cases, the data will be anonymized and never associated with specific individuals.

  1. Rights of Personal Data Holders 

Holders have the right to request Azify information regarding the Treatment of their Personal Data through the requests below:

9.1. Confirm the existence of Treatment: the Holder may request Azify to confirm the existence of Treatment of their Personal Data by the company.

9.2. Access to Personal Data: it is the right of Holders to request access to the Personal Data processed by Azify.

9.3. Correction of incomplete, inaccurate, or outdated data: the Holder may request correction or updating of their data that they consider incomplete or incorrect. If the update is not possible within Azify's application, the User will need to send, via email [email protected], a document proving the Personal Data to be updated.

9.4. Anonymization, blocking, or elimination of unnecessary, excessive data, or data treated in non-compliance with the Law: the Holder may request the anonymization, blocking, or elimination of data they consider excessive, unnecessary, or treated in non-compliance with the LGPD, provided it is effectively proven that the data is excessive, unnecessary, or non-compliant with the Law. Note: The elimination of Personal Data may prevent the use of certain functionalities of the application or even the termination of the services provided. However, it will not prevent Azify from using anonymized data and data whose Treatment is based on another legal ground provided in the LGPD.

9.5. Request portability of data: the Holder may request portability of their Personal Data, subject to applicable regulations and commercial and industrial secrets.

9.6. Request elimination of Personal Data treated with consent: the Holder may request the elimination of Personal Data that is treated by Azify based on the legal grounds of consent.

9.7. Request information about public and private entities with which the controller has shared the data: the Holder may request Azify information regarding the sharing of their data with third parties.

9.8. Request information about the possibility of not providing consent: Azify is available to assist and transparently address any questions that may arise due to the Treatment of Holders' Personal Data, including the potential impacts arising from not providing consent.

9.9. Revoke consent granted previously: the Holder may revoke previously granted consent for Treatment of their Personal Data. 

9.10. Request review of automated decisions: the Holder may request a review of decisions made solely based on the automated Treatment of Personal Data that affects their interests.

If the Holder wishes to exercise any of the rights set forth in the LGPD, they should contact Azify, using the contact information provided in this Privacy Policy, using the email [email protected]Azify will make every effort to adopt the necessary measures within the timelines specified in the LGPD and other relevant regulations.

  1. International Transfer of Personal Data

Azify may transfer Personal Data to servers located abroad, especially when using cloud storage services. All international transfers of Personal Data conducted by Azify will follow the guidelines of the LGPD and the National Data Protection Authority (ANPD), particularly Resolution CD/ANPD No. 19/2024. 

To ensure the security and confidentiality of the transferred data, Azify adopts rigorous measures for selecting and auditing its service providers, including: (a) verification of compliance with international information security standards; and (b) requiring data protection policies consistent with the best market practices.

  1. Security Measures and Data Confidentiality

Azify implements administrative, technical, and physical safeguards to protect Personal Data against destruction, loss, alteration, unauthorized access, disclosure, or accidental, illegal, or unauthorized use. These measures include advanced cybersecurity practices, aligned with the best market practices.

Although Azify strives to maintain high security standards, it is important to note that no measure can guarantee total protection against interceptions or breaches of systems and databases. Therefore, Azify is continuously improving its security processes and promoting a culture of protection of Personal Data.

Without prejudice to other measures, among the initiatives adopted by Azify are: (a) continuous training of employees on best practices for data protection; (b) periodic review of processes and contracts with partners to ensure compliance; (c) providing supporting materials in the Help Center to assist clients in maintaining the security of their accounts; and (d) restricted access to Personal Data, limited to authorized and trained employees and service providers to ensure proper use of Information. Any misuse is treated rigorously and may result in legal and disciplinary measures.

Azify warns that it is not responsible for fraudulent communications sent in its name by third parties. In case of doubts, we recommend contacting instantly through the company's official channels. Information security professionals can report possible vulnerabilities or security-related problems by sending an email to [email protected] or [email protected].

Additionally, if the User is redirected to other sites or applications while using the Azify platform, it is recommended that they check the Privacy Policies and Terms of Use of those third parties, since Azify is not responsible for the privacy practices and content of these.

  1. Retention and Deletion of Personal Data

Personal Data will be stored by Azify in a secure and controlled environment until the end of the relationship between the User and Azify, respecting applicable legal and regulatory periods.

In order to determine the appropriate retention period for each type of Personal Data collected, Azify has prepared a temporal table based on a technical analysis conducted by the company, considering the nature of the data, the need to collect it, the purpose of the Treatment, and whether retention is required to fulfill obligations or protect individual or collective rights.

After the prescribed period, the Personal Data processed by Azify will be deleted, except in cases where the Treatment is necessary due to the hypotheses provided in items of art. 16 of the LGPD, highlighted as follows: (a) compliance with a legal or regulatory obligation by the controller; (b) study by a research body, guaranteed, whenever possible, the anonymization of Personal Data; (c) transfer to a third party, provided that the Treatment of Data requirements set out in this Law are respected; or (d) exclusive use by the controller, prohibited access by third parties, and as long as the data is anonymized.

  1. Data Protection Officer

The Data Protection Officer of Azify is Karem Fernanda Pereira da Silva, responsible for acting as a communication channel between the controller, data Holders, and the ANPD.  

If you have any questions about this Privacy Policy, would like to obtain information about the Treatment of your Personal Data, or exercise the rights provided in the LGPD, you can contact the Officer through the email [email protected]

  1. Updates to the Privacy Policy

This Privacy Policy may be updated periodically and without prior notice to reflect changes in our practices. However, in the case of significant changes, Users will be notified via email.

By continuing to use the products and Services offered by Azify after any changes to the Privacy Policy, the User agrees to the new conditions. If you have any questions or concerns, our support channel is always available to assist you.