Voraxus - Custom Systems Development Company Voraxus Custom Systems • Automation
WhatsApp Get in touch
Home / Privacy

Privacy Policy

Full transparency about how we collect, use, share and protect personal data, in compliance with LGPD (Law No. 13,709/2018) and, when applicable, GDPR.

Quick summary (important)
Voraxus is a company specialized in custom systems development and process automation. We are not a hosting company, we do not sell servers and do not offer our own "cloud". Data is processed minimally necessary and, for marketing/analytics, only after consent.

Table of Contents

1) Who we areController / scope 2) What data we collectContact, usage, technical 3) Legal bases and purposesLGPD/GDPR 4) Cookies & ConsentGoogle/Meta 5) Data sharingOperators 6) International transfersSafeguards 7) Retention and deletionTimeframes 8) SecurityTechnical measures 9) Data subject rightsRequests 10) Children and minorsProtection 11) Policy changesVersions 12) DPO contactOfficial channel

Scope and applicability

This policy applies to the domain voraxus.com and subdomains, as well as institutional pages and contact forms related to Voraxus. When a project involves data processing in the client's environment, specific contractual rules may complement this policy.

Important: solutions developed by Voraxus may include integrations and third-party services as per project requirements. In these cases, processing is also governed by contracts and guidelines of the client (controller), when applicable.

1) Who we are

Voraxus () is the controller of personal data processed on this website and through official support channels, for purposes of contact, proposals and commercial relationships.

Legal name
CNPJ
Contact/DPO
Email

Definitions (LGPD)

  • Controller: who decides on data processing (Voraxus, on this website).
  • Operator: who processes data on behalf of the controller (contracted vendors).
  • Data subject: you, the natural person to whom the data refers.
  • Processing: any operation with data (collect, store, use, delete, etc.).

2) What data we collect

  • Contact data: name, email, phone, company and message sent via form.
  • Usage data: pages visited, traffic source/UTM, device/browser and interactions (in anonymized mode until consent).
  • Technical data: IP, date/time, user-agent, online identifiers (e.g., fbclid, gclid), event_id for deduplication and security logs.
  • Leads and relationships: contact history and communication preferences.

What we don't do

  • We do not request sensitive data (health, religion, biometrics, political opinion) without necessity and adequate legal basis.
  • We do not collect payment information on this website (when contracting, the flow is defined in proposal/contract).
  • We do not sell personal data.

Note: if you voluntarily send sensitive data in a message, we may process it only to respond to your request, limiting use to the minimum necessary.

3) Legal bases and purposes

  • Contract execution: quotes, proposals, service delivery and support.
  • Consent: measurement and personalization via cookies/similar technologies (Google Ads/Analytics with Consent Mode v2 and Meta Pixel). Consent is granular and can be revoked at any time.
  • Legitimate interest: site improvements, aggregate statistics, security and fraud/abuse prevention (limited to minimum necessary and with impact assessment when applicable).
  • Legal compliance: tax, accounting obligations, audits and authority requests.

Marketing and measurement (consent-based only)

For campaigns and remarketing, we may use Meta Pixel and, when applicable, Advanced Matching (SHA-256 hash applied to email/phone before sending) and/or Conversions API (server events), always conditioned on your consent.

Important
Our focus is corporate custom software development. We do not offer our own "cloud", servers, hosting or infrastructure as a service. Data processing is limited to communication, proposals, project execution and legal requirements.

4) Cookies & Consent

We use Google Consent Mode v2 to adjust the behavior of Google tags when there is no consent, sending only basic/modeled signals. Meta Pixel respects the same banner — it is only activated after acceptance.

Categories

  • Necessary (always active): security, essential preferences and basic website functionality.
  • Analytics/Ads (opt-in): Google Ads/Analytics, Meta Pixel, deduplication with event_id, advanced matching (opt-in).

Clicking will remove saved consent and the banner will reappear on your next visit.

How to disable cookies in your browser

You can also configure your browser to block cookies or alert you when they are sent. Some features may not work properly if essential cookies are blocked.

5) Data sharing

We may share data with vendors (operators) strictly necessary for the described purposes, under contracts and data protection addendums (Data Processing Addendums — DPAs), when applicable. We do not sell personal data.

Examples of operators

  • Measurement/marketing tools (e.g., Google and Meta), conditioned on consent.
  • Corporate email services and support for responding to requests.
  • Protection and security (logs, abuse prevention and site integrity).

Sharing always occurs with the minimum necessary and in compliance with LGPD/GDPR.

6) International transfers

When there is transfer to other countries (for example, global infrastructure of vendors like Google or Meta), we apply appropriate safeguards: standard contractual clauses, encryption, access controls and risk assessment, following LGPD/GDPR.

Protection measures

  • Encryption in transit (TLS) and, when applicable, at rest.
  • Access control by role and strong authentication.
  • Data minimization and limited retention.

7) Retention and deletion

We will retain data only for as long as necessary for the described purposes or legal requirements. After that, we securely delete, anonymize or aggregate it.

Retention criteria

  • Contact/Lead: for the time necessary for commercial treatment and relationship history.
  • Contract/Project: for the contract term and related legal obligations.
  • Security logs: for the minimum time necessary for audit and abuse prevention.

If you request deletion, we will evaluate the request according to the applicable legal basis (e.g., legal obligation may require retention).

8) Security

  • Encryption in transit (TLS) and, when applicable, at rest.
  • Access management (principle of least privilege) and audit trails when applicable.
  • Monitoring, abuse prevention and incident response.
  • Engineering best practices: review, testing and controls to reduce risks.

Incidents

In case of a relevant incident involving personal data, we will adopt containment, investigation and notification measures, as required by applicable law and security best practices.

No infrastructure guarantee
Voraxus does not offer hosting, server or own cloud services. Security here refers to data processing in the context of the institutional website and internal processes necessary for service delivery and execution.

9) Data subject rights (LGPD/GDPR)

  • Confirmation of processing and access to data.
  • Correction, anonymization, portability and deletion (when applicable).
  • Information about sharing and revocation of consent.
  • Opposition to processing based on legitimate interest, where applicable.

How to request

To exercise your rights, contact our official channel: . For your security, we may request minimal identity verification before responding to your request.

If you are in Brazil and are not satisfied with the response, you may also seek guidance from ANPD, observing applicable rules.

10) Children and minors

Our websites and services are not intended for children under 13 years of age. If we identify data from minors without appropriate consent, we will take measures to remove it.

Legal guardian responsibility

If a guardian identifies improper processing, we ask that you contact us immediately so we can remove/adjust it.

11) Changes to this policy

We may update this policy to reflect legal, technical or operational changes. We will publish the updated version on this page and indicate the revision date.

Last updated:

Version history (best practice)

If relevant changes are made (e.g., new purposes or new partners), we will highlight them at the top of the page and adjust consent when necessary.

12) DPO contact

Data Protection Officer
Email
Recommended channel
For privacy requests (access, correction, deletion, consent), preferably use the DPO's email. This ensures traceability and formal response.