1. Introduction
AGTI values privacy and the protection of data processed through the AGTI Analytics platform.
This Privacy Policy describes how data is collected, used, stored, protected, and, where applicable, shared during use of the Platform.
AGTI Analytics was developed following the principle of data minimization, processing only the information strictly necessary for the operation of the services offered. By using the Platform, the Customer declares that they are aware of this Policy.
2. Scope of this Policy
This Policy applies to:
- Platform customers;
- account administrators;
- users authorized by the Customer;
- visitors to AGTI's corporate website;
- integrations between the Platform and online stores.
This Policy does not replace the privacy policy of the Customer's online store, which remains responsible for its relationship with its own consumers.
3. Roles in data processing
In most operations performed by the Platform, the Customer acts as Controller of data related to their business and AGTI acts as Processor, carrying out the processing necessary for execution of the contracted services.
In certain situations, especially with respect to registration data for the Customer's own account, AGTI may act as Controller, under applicable law.
4. Data processed
To operate the Platform, AGTI processes different categories of information.
4.1 Account data — Data necessary for account creation, authentication, billing, support, integration configuration, and administration of the contracted environment may be processed.
4.2 Store technical data — Data related to the operation of the integration may also be processed, including store domain, platform used, integration settings, authentication keys, technical configurations, and operational logs.
4.3 Browsing data — AGTI Analytics was developed to operate without the need to store personal data of end consumers of online stores. During operation, technical information such as random visitor identifiers, session identifiers, products viewed and purchased, date and time of events, and technical information necessary to generate recommendations may be processed. These identifiers serve an exclusively technical purpose and do not, by themselves, directly identify a natural person.
5. Data we do not collect
As part of the Platform architecture, AGTI Analytics does not store, in its own operational database:
- store consumers' names;
- CPF or national ID;
- residential or delivery address;
- consumers' email addresses;
- phone numbers;
- banking or card details;
- consumers' passwords;
- full order content;
- any other data intended to directly identify store consumers.
The purpose of the Platform is to generate product recommendations based on technical browsing and purchase events, minimizing personal data processing as much as possible.
6. Purpose of processing
Processed data is used exclusively to:
- provide the contracted services;
- generate intelligent recommendations;
- process integrations;
- authenticate requests;
- ensure Platform security;
- detect fraud and abuse;
- perform operational monitoring;
- continuously improve the services offered.
AGTI does not sell personal data or use one Customer's information to benefit another Customer.
7. Legal bases
Data processing may occur on the basis of contract performance, compliance with legal or regulatory obligations, regular exercise of rights, legitimate interest (where applicable), or consent (where required by law).
8. Data sharing
AGTI may share strictly necessary information with suppliers involved in the operation of the Platform, such as hosting providers, attack protection services, cloud infrastructure, monitoring, payment processing, and technical support.
Whenever possible, such suppliers will be subject to contractual obligations of confidentiality and data protection. AGTI does not sell personal data to third parties.
9. Information security
AGTI adopts technical and organizational measures intended to protect processed information, including encrypted connections, authentication for administrative access, permission controls, logical segregation between customers, access monitoring, operational event logging, continuous Platform updates, and mechanisms to prevent unauthorized access.
Although measures compatible with the state of the art are adopted, no system is completely immune to security incidents.
10. Data retention
Data will be retained only for as long as necessary for execution of the contracted services, compliance with legal obligations, response to regulatory requirements, regular exercise of rights, and preservation of Platform security. After that period, data may be deleted, anonymized, or retained where there is a legal basis for its preservation.
11. Data subject rights
Under the LGPD, data subjects may exercise rights such as confirmation of the existence of processing, access to data, correction, anonymization, blocking or deletion, portability, withdrawal of consent, and obtaining information about sharing performed. Requests may be submitted through AGTI's official support channels.
12. Cookies and similar technologies
AGTI Analytics uses only the cookies and technologies necessary for the operation of the Platform and its integrations. Details are set out in the Cookie Policy.
13. International data transfer
Some infrastructure suppliers used by AGTI may process data on servers located outside Brazilian territory. Whenever international transfer occurs, AGTI will seek to use suppliers that adopt adequate protection standards compatible with applicable law.
14. Changes to this Policy
This Policy may be updated to reflect legal or regulatory changes or changes to the Platform. The current version will always be available through AGTI's official channels.
15. Contact
If you have questions about this Policy or about data processing performed by the Platform, please contact us through the official channels made available by AGTI.