Privacy Policy

Last updated: October 24, 2025

1. Introduction

Privum, responsible for the SREXpert platform, is committed to protecting the privacy and personal data of its users. This Privacy Policy describes how we collect, use, store, and protect your personal information, in compliance with the Brazilian General Data Protection Law (LGPD - Law 13.709/2018) and the General Data Protection Regulation (GDPR - EU Regulation 2016/679).

Data Controller: Privum
Data Protection Officer (DPO): [email protected]
Contact: [email protected]

2. Data Collected

We collect the following categories of personal data:

2.1. Registration Data

  • Username
  • Email address
  • Full name
  • Password (stored in hashed format with bcrypt)

2.2. Usage Data

  • IP address
  • Access logs (date, time, pages visited)
  • Configured Kubernetes cluster information
  • AI terminal commands executed (metadata only, not sensitive content)
  • Interface preferences and settings

2.3. Cookies and Similar Technologies

  • Authentication cookies (essential)
  • Preference cookies (essential)
  • Analytics cookies (with consent only)
  • Marketing cookies (with consent only)

For more details, please see our Cookie Policy.

3. Purpose of Processing

We use your personal data for the following purposes:

  • Authentication and access control: Validate your identity and manage your platform access
  • Service provision: Enable monitoring and management of Kubernetes clusters
  • Communication: Send important notifications about your account and the service
  • Service improvement: Analyze platform usage to identify improvements (with analytics consent only)
  • Security: Detect, prevent, and respond to fraud, abuse, and security violations
  • Legal compliance: Meet legal and regulatory obligations

4. Legal Basis for Processing

Processing of your personal data is based on the following legal grounds:

LGPD (Art. 7 and 11)

  • Consent (item I): For analytics and marketing cookies
  • Contract performance (item V): For monitoring service provision
  • Legitimate interest (item IX): For security and service improvement

GDPR (Art. 6)

  • Consent (a): For optional cookies and marketing communications
  • Contract performance (b): For contracted service provision
  • Legitimate interests (f): For security, fraud prevention, and service improvement

5. Data Sharing

We do not share your personal data with third parties for commercial or marketing purposes.

Your data may be shared only in the following situations:

  • Service providers: Companies that assist us in platform operation (hosting, infrastructure), always under strict confidentiality agreements
  • Legal obligations: When required by law, court order, or competent authorities
  • Rights protection: To protect our rights, property, or safety, or those of our users

6. Data Retention

We retain your personal data for the following periods:

  • Active account: While your account is active and you use our services
  • After account deletion: 90 days (for backup and recovery purposes)
  • Security logs: 6 months (for fraud detection and investigations)
  • Anonymized data: Indefinitely for statistical purposes

After these periods, data is permanently deleted from our systems.

7. Data Subject Rights

You have the following rights regarding your personal data, as per LGPD (Art. 18) and GDPR (Chapter III):

  • Confirmation and access: Know if we process your data and obtain a copy of it
  • Correction: Request correction of incomplete, inaccurate, or outdated data
  • Anonymization, blocking, or deletion: Request anonymization or deletion of unnecessary or non-compliant data
  • Portability: Receive your data in a structured and interoperable format (JSON)
  • Information about sharing: Know with whom we share your data
  • Consent withdrawal: Withdraw your consent at any time
  • Opposition: Object to processing based on legitimate interest
  • Review of automated decisions: Request review of decisions made solely based on automated processing

To exercise any of these rights, contact us at: [email protected]

8. Information Security

We implement appropriate technical and organizational measures to protect your data:

  • Encryption: Communication via HTTPS (TLS 1.3)
  • Password hashing: Bcrypt with salt for secure storage
  • JWT authentication: Tokens with 8-hour expiration
  • HTTP-only cookies: Protection against XSS
  • Access control: Based on roles and permissions
  • Monitoring: Security logs and anomaly detection
  • Backups: Regular encrypted backups

9. International Data Transfer

Currently, all data is stored and processed on servers located in Brazil. Should international transfer become necessary in the future, we will ensure appropriate protection mechanisms are adopted as required by LGPD and GDPR.

10. Changes to This Policy

This Privacy Policy may be updated periodically to reflect changes in our practices or legislation. We will notify you of significant changes by email or through a prominent notice on the platform. We recommend reviewing this policy regularly.

11. Contact

For questions, requests, or complaints related to this Privacy Policy or the processing of your personal data, contact us:

Data Protection Officer (DPO): Privum

Email: [email protected]

General Contact: [email protected]

You also have the right to lodge a complaint with the Brazilian National Data Protection Authority (ANPD)or your country's data protection authority.

© 2026 Privum. SREXpert v1.0.0