Privacy Policy

Heavid, operated by Agnaldo Alves do Carmo Junior Consultoria em Tecnologia da Informação LTDA (CNPJ: 44.618.532/0001-62), collects different types of information to provide and improve our services. The categories of data collected include:

Registration data: full name, email, phone number, company/clinic/school name, address, CNPJ/CPF, and professional information provided at the time of registration.

Usage data: information about how you use the Platform, including pages accessed, features used, access times, IP address, browser type, and operating system.

User-entered data: information about students, patients, professionals, appointments, financial records, and other data entered by the user when using the Maestro and HealthSoftware products.

Payment data: information required for payment processing, handled directly by the Asaas payment provider. Heavid does not store complete credit card data on its servers.

Communication data: messages exchanged with our support team, feedback, and reviews provided by the user.

The information collected is used for the following purposes:

a) Providing, maintaining, and improving our services and features;

b) Processing transactions and sending notifications related to your account;

c) Personalizing the user experience on the Platform;

d) Sending communications about updates, new features, and relevant service information;

e) Providing technical support and customer service;

f) Detecting, preventing, and resolving technical and security issues;

g) Complying with legal and regulatory obligations;

h) Generating statistical analyses and aggregated reports for service improvement (using anonymized data).

Data is stored on secure servers hosted at Hetzner (Germany/Finland), protected by appropriate technical and organizational measures, including:

a) Encryption of data in transit (TLS/SSL) and at rest;

b) Role-based access control and multi-factor authentication;

c) Continuous security monitoring and intrusion detection;

d) Periodic backups and data redundancy;

e) Firewall and DDoS protection via Cloudflare.

While we adopt strict security measures, no data transmission or storage system is completely secure. Heavid is committed to notifying affected users in the event of a security incident that may compromise personal data, as required by the LGPD.

Heavid uses third-party services to operate the Platform. These third parties may have access to personal data as necessary to provide their services and are subject to confidentiality obligations. The main services used include:

Asaas: Payment processing, billing, and subscription management. Payment data is transmitted directly to Asaas and is subject to their privacy policy.

WhatsApp/Meta: Integration for sending notifications and communications with the users' clients through the Platform. Messages sent via WhatsApp are subject to Meta/WhatsApp policies.

Email providers: Used for sending transactional emails (confirmations, password recovery, notifications).

Hetzner: Server infrastructure provider where data is hosted.

Cloudflare: CDN, DNS, and attack protection services, which may process traffic data.

In compliance with the Brazilian General Data Protection Law (Law No. 13,709/2018), personal data subjects have the following rights:

a) Confirmation of the existence of personal data processing;

b) Access to processed personal data;

c) Correction of incomplete, inaccurate, or outdated data;

d) Anonymization, blocking, or deletion of unnecessary, excessive, or non-compliant data under the LGPD;

e) Data portability to another service provider, upon express request;

f) Deletion of personal data processed based on consent;

g) Information about public and private entities with which data has been shared;

h) Information about the possibility of not providing consent and the consequences of refusal;

i) Revocation of consent at any time.

To exercise any of these rights, the data subject may contact us at [email protected]. Requests will be responded to within 15 (fifteen) days, as provided by law.

Personal data will be retained for as long as necessary to fulfill the purposes for which it was collected, including compliance with legal, contractual, accountability, or competent authority requirements.

Active account data: maintained throughout the account's duration and for 90 (ninety) days after cancellation.

Financial and tax data: maintained for 5 (five) years after the transaction, in accordance with Brazilian tax legislation.

Communication and support data: maintained for 2 (two) years after the last contact.

Access logs: maintained for 6 (six) months, in accordance with Brazil's Internet Framework (Law No. 12,965/2014).

After the retention period expires, data will be anonymized or securely deleted.

The Platform uses cookies and similar technologies to improve the user experience. The types of cookies used include:

Essential cookies: Required for the basic operation of the Platform, such as authentication and security. These cannot be disabled.

Performance cookies: Collect information about how users interact with the Platform, enabling performance improvements.

Functionality cookies: Allow the Platform to remember user preferences, such as language and display settings.

Users can manage their cookie preferences through browser settings. Disabling essential cookies may affect Platform functionality.

Heavid's services are not directed at individuals under 18 (eighteen) years of age. We do not intentionally collect personal data from minors without the consent of their legal guardians.

In the context of the Maestro product (music school management), data of minor students may be entered on the Platform by users (schools). In this case, the user (school) is the data controller and is responsible for obtaining appropriate consent from legal guardians.

In the context of the HealthSoftware product (clinic management), data of minor patients may be entered by the user (clinic), who is responsible for complying with applicable legal requirements for processing minors' data.

If we become aware that we have collected personal data from minors without appropriate consent, we will take immediate steps to delete such information.

Heavid reserves the right to update this Privacy Policy periodically. Changes will be communicated through in-Platform notification and/or to the registered email address.

We recommend that users review this Policy periodically to stay informed about how we protect their information.

The date of the last update will always be indicated at the top of this page.

For questions related to privacy and data protection, please contact our Data Protection Officer (DPO):

Heavid - Agnaldo Alves do Carmo Junior Consultoria em Tecnologia da Informação LTDA

CNPJ: 44.618.532/0001-62

DPO Email: [email protected]

Location: Chapecó, SC - Brazil

We are committed to responding to all requests within the timeframe established by applicable legislation.