1. Purpose
This Data Processing Agreement ("DPA") forms part of the AGTI Analytics Terms of Use and sets out the responsibilities of the parties regarding personal data processing performed during the provision of services.
This document is prepared in compliance with Law No. 13,709/2018 (Brazilian General Personal Data Protection Law – LGPD).
2. Parties
Contracting party — Individual entrepreneur or legal entity using AGTI Analytics services.
AGTI — Company responsible for developing and operating the AGTI Analytics Platform.
3. Roles of the parties
In the context of the services provided, the Customer generally acts as Controller of data related to their business and AGTI acts as Processor, processing data exclusively in accordance with the Customer's instructions and to the extent necessary for execution of the contracted services.
When processing data related to administration of its own commercial relationship with the Customer (such as registration, billing, support, and legal obligations), AGTI may act as Controller.
4. Purpose of processing
AGTI will process data exclusively to:
- make the Platform available;
- process events necessary for service operation;
- generate intelligent recommendations;
- authenticate integrations;
- maintain infrastructure security;
- perform contractual obligations;
- comply with legal and regulatory obligations.
AGTI will not process data for a purpose incompatible with this Agreement.
5. Nature of processed data
AGTI Analytics was designed to minimize personal data processing. To generate intelligent recommendations, the Platform operates predominantly with technical and behavioral information, avoiding storage of data that directly identifies store consumers.
Depending on the integration implemented by the Customer, data related to account administration, authentication, Platform settings, and technical information necessary for service operation may be processed.
6. Store consumer data
As a general rule, AGTI Analytics does not store in its operational database information intended to directly identify end consumers of online stores, such as:
- name;
- CPF;
- address;
- email;
- phone number;
- banking data;
- payment data;
- other personal information required only for sale processing by the Customer.
The Platform was developed to operate using technical identifiers and browsing events, significantly reducing personal data processing.
7. Customer instructions
AGTI will process data only in accordance with this Agreement, the Terms of Use, the features made available by the Platform, and legitimate instructions provided by the Customer. AGTI may refuse instructions that violate applicable law.
8. Confidentiality
AGTI agrees to keep confidential all information processed in connection with the provision of services. Access to data will be restricted to persons who actually need it to perform their activities.
9. Information security
AGTI adopts appropriate technical and organizational measures to protect processed data against unauthorized access, accidental destruction, loss, alteration, improper disclosure, and unlawful processing. Measures adopted will be continuously reviewed in line with technological evolution and the risks involved.
10. Sub-processors
AGTI may use third parties to support the provision of services, including hosting suppliers, cloud infrastructure, content delivery, monitoring, attack protection, payment processing, and communications. Whenever possible, these suppliers will be subject to contractual obligations compatible with data protection.
11. International transfer
If any supplier processes data outside Brazilian territory, AGTI will seek to adopt appropriate measures to ensure a level of protection compatible with applicable law.
12. Data subject rights
When receiving requests relating to rights provided under the LGPD that depend on the Customer's role as Controller, AGTI may provide reasonable technical cooperation, subject to the operational limitations of the Platform.
13. Security incidents
If AGTI becomes aware of a security incident that may affect data processed on behalf of the Customer, it will take reasonable measures to investigate the incident, mitigate its effects, and notify the Customer when required by applicable law or when the incident may significantly impact processed data.
14. Data deletion
Upon termination of the contractual relationship, AGTI may delete, anonymize, or retain certain data for the period necessary to fulfill legal or regulatory obligations or for the regular exercise of rights.
15. Audits
Whenever reasonably necessary and subject to limits of confidentiality, information security, and protection of other Customers, AGTI may provide information demonstrating the adoption of measures compatible with this Agreement.
This provision does not require AGTI to grant unrestricted access to its infrastructure, source code, internal environments, or confidential third-party information.
16. Limitation of liability
Each Party will be liable for damages arising from breach of obligations assigned to it under applicable law and this Agreement. AGTI will not be liable for data processing performed directly by the Customer outside the Platform or in violation of applicable law.
17. Term
This Agreement will remain in effect for the entire period of use of the Platform and will produce effects while there is data processing related to the services provided.
18. Changes
AGTI may update this Agreement to reflect legal or regulatory changes or changes to the Platform. The current version will always be available through AGTI's official channels.
19. Contact
Questions relating to data processing may be submitted through the official support channels made available by AGTI.