Privacy Policy
HOW WE HANDLE YOUR INFORMATION
At Illustra AI, transparency and accountability guide how we handle your personal data. This notice explains—in clear, practical terms—what information we collect, the reasons we use it, who might process it on our behalf, and the rights you can exercise. It should be read together with our full Privacy Policy set out below.
If you have any question specifically about privacy or data protection, please contact our dedicated channel: dataprotection@illustraia.com.
----------------------------------------
1) Who is responsible for data processing?
----------------------------------------
• Individual Users (Simple Users): Illustra AI acts as the DATA CONTROLLER. Once you sign up or use our tools, we decide how your information is processed to deliver our services safely and efficiently.
• Business Users (Corporate/Enterprise accounts): Illustra AI acts as the DATA PROCESSOR (OPERATOR). In these cases, the contracting company defines the purposes and means of processing data of its representatives or authorized users.
To operate the platform, we rely on carefully selected service providers (processors), such as cloud infrastructure, hosting, analytics, chat systems and AI model providers. These companies may have limited access to data strictly to provide their services to us under contracts that require confidentiality, security and compliance with applicable law.
----------------------------------------
2) How do we protect your data?
----------------------------------------
We store your information in secure environments hosted on AWS and Azure. Access to these environments is restricted and monitored. Because these services may be located outside Brazil, data may be transferred internationally—primarily to the United States—always in accordance with applicable law and with safeguards designed to protect your information.
----------------------------------------
3) What information do we request?
----------------------------------------
To create and manage your account and deliver our services, we generally need:
• Individual Users: full name and e-mail address.
• Business Users: full name and e-mail address of the company representative(s), CNPJ (Brazilian business tax ID), legal name (company name) and business address.
----------------------------------------
4) For what purposes do we use your data?
----------------------------------------
We process data for legitimate, specific and informed purposes, including to:
• create and authenticate accounts, and verify identity;
• provide and improve platform features and integrated APIs;
• optionally generate digital characters (avatars), when requested;
• draft contracts and meet tax/accounting obligations;
• offer customer support and communicate service updates;
• send service notifications, operational messages, and (where applicable) marketing communications.
----------------------------------------
5) With whom do we share your data?
----------------------------------------
We do not sell personal data. We may share information only when:
• needed to operate the platform (e.g., hosting and infrastructure providers);
• required by law, regulation or court order; or
• authorized by you through clear, specific consent, when such consent is the applicable legal basis.
----------------------------------------
6) Do we collect access logs?
----------------------------------------
Yes. As required by Brazilian law, we store access logs (date/time and IP address) for at least six (6) months in a secure and confidential environment (per Federal Law nº 12.965/2014 and Law nº 13.709/2018).
----------------------------------------
7) Do we collect data indirectly?
----------------------------------------
Yes. We may collect information through cookies and similar technologies to enable core functionality, perform analytics and improve the user experience, as detailed in our Cookie Policy.
----------------------------------------
8) Do we keep records of communications?
----------------------------------------
Yes. Interactions via our official channels (e.g., support chat and e-mail) may be recorded to improve service quality, enhance security and help resolve requests efficiently.
----------------------------------------
9) What are your rights?
----------------------------------------
You may request, at any time: confirmation that we process your data; access to your data; correction of inaccurate or outdated data; anonymization, blocking or deletion of unnecessary or unlawfully processed data; portability to another provider; deletion of data processed with consent; information about any sharing with third parties; and the ability to refuse or revoke consent without prejudice to services that do not depend on consent.
----------------------------------------
10) How is this Privacy Policy organized?
----------------------------------------
• Publication date of the Policy;
• Definitions of technical/legal terms;
• Processing agents and roles;
• Information security measures;
• Data we collect;
• How and why we process personal data;
• Account cancellation and data deletion;
• Data subject rights;
• Policy updates;
• Privacy contact channel;
• General contact information.
========================================
PRIVACY POLICY
========================================
Before using the Illustra AI platform, carefully read this Privacy Policy and proceed only if you freely, expressly and informedly agree to its terms.
This platform, named “Illustra AI”, is owned and operated by ANTONIO GUILHERME PRADO DE OLIVEIRA COSTA CONSULTORIA EM MARKETING LTDA, registered with the Brazilian CNPJ under nº 58.821.556/0001-29, with registered address at R. Monsenhor Bruno, nº 1153, Sala 1423, Bairro Aldeota, CEP 60115-191, Fortaleza – CE, Brazil.
This Policy explains how we collect, use, store and otherwise process personal data of visitors and users, in compliance with Federal Law nº 12.965/2014 (Marco Civil da Internet) and Federal Law nº 13.709/2018 (LGPD).
----------------------------------------
1. PUBLICATION DATE OF THIS TEXT
----------------------------------------
1.1 This Policy was drafted and made available on 16/08/2025.
----------------------------------------
2. DEFINITIONS AND KEY TERMS
----------------------------------------
For clarity, the following terms are used in this Policy:
• Controller: person or entity that makes decisions regarding the processing of personal data.
• Operator (Processor): person or entity that processes personal data on behalf of the Controller.
• Cookies: text files placed on a device to recognize preferences and enable certain platform features.
• Cryptography (Encryption): techniques used to protect data and prevent unauthorized reading.
• Personal Data: information relating to an identified or identifiable natural person.
• Sensitive Personal Data: data about racial/ethnic origin, religious belief, political opinion, union/organization membership, health or sex life, genetic or biometric data, when linked to a natural person.
• DPO (Data Protection Officer): person appointed to act as the primary channel between the Controller/Operator, data subjects and the ANPD.
• AI (Artificial Intelligence): software or systems that perform tasks resembling human intelligence.
• IP (Internet Protocol): unique address that identifies a device on a network.
• Data Processing: any operation with personal data (collection, storage, use, sharing, deletion, etc.).
2.2 Platform user categories:
• Simple User (Individual): people who register directly on the platform. They may become paying users if they choose paid features.
• Business User (Corporate): people who use the platform through a company that has contracted Illustra AI for professional/commercial use.
----------------------------------------
3. PROCESSING AGENTS AND OUR ROLE
----------------------------------------
3.1 For Simple Users, Illustra AI acts as CONTROLLER. We collect information when a Simple User registers or uses our tools and we decide how to process that information to deliver services with safety and quality.
3.2 For Business Users and their authorized users, Illustra AI acts as OPERATOR (PROCESSOR). Our technology is provided for the contracting company’s activities, without our interference in the purposes, which are defined by the company (the Controller).
3.3 Essential processors we engage and their purposes include:
• Intercom (or similar) chat systems: user assistance, storage of conversations and customer service/training.
• Experience and analytics tools responsible for traffic analysis, product performance and preference signals (e.g., Google Analytics, Google, Microsoft, Pendo, PostHog).
• AWS and Azure: cloud storage, hosting and platform security.
3.4 All such processors must handle personal data under strict contractual obligations, including information security, confidentiality and legal compliance. If they access data, they are responsible for safeguarding it and must not disclose it for purposes beyond those contracted.
3.5 International transfers: because our infrastructure uses servers outside Brazil (primarily in the United States), data may be processed abroad, as permitted under Article 33, IX of the LGPD, with appropriate safeguards.
----------------------------------------
4. INFORMATION SECURITY
----------------------------------------
4.1 Illustra AI maintains administrative, technical and organizational measures to protect personal data proportionate to the risks involved, including:
• restricted access controls, multi-factor authentication and key-based privileges;
• encryption in transit and at rest where appropriate;
• risk assessments and written Information Security Policies;
• periodic reviews, monitoring and incident response procedures.
4.1.1 We continuously assess the AI models we use to reduce bias and prevent unlawful or harmful outputs. These models are independent technologies not developed or trained by Illustra AI. If a harm is caused exclusively by the AI model, Illustra AI will not be liable.
4.1.2 Data entered by users in Illustra AI is not used to train or improve external artificial intelligence models. User input is used solely to fulfill the user’s request and then stored in a segregated database for support and compliance purposes.
4.2 Access Logs: we keep application access records (date/time and IP) for at least six (6) months, in a controlled and secure environment, as required by law (Marco Civil da Internet and LGPD).
4.3 Although we employ industry-standard protections, no internet service is entirely immune to illegal intrusions. If unauthorized third parties compromise the system, Illustra AI will make reasonable efforts to identify those responsible, but is not liable for damages exclusively attributable to such third parties.
----------------------------------------
5. DATA WE COLLECT
----------------------------------------
5.1 To register and use Illustra AI, we generally collect:
• Simple Users: full name and e-mail address.
• Business Users: representative’s full name and e-mail address, CNPJ, company (legal) name and business address.
5.2 Optional avatar feature: Business Users may optionally create digital characters (avatars) of Simple Users. For this feature, photos and voice (audiovisual content) may be shared with Illustra AI.
5.2.1 In such cases, Business Users are solely responsible for collecting specific and informed consent from Simple Users. Illustra AI will not be responsible for avatar creation with photos or voice of Simple Users without proper consent.
5.2.2 Illustra AI will not pay any compensation to users for the use of their photos and voice.
5.3 Contact history: information regarding interactions with users (e.g., support chat and e-mails) may be stored to improve service quality, security and team training.
5.4 Indirect collection: we may collect information through cookies and similar technologies as described in our Cookie Policy.
----------------------------------------
6. HOW WE PROCESS PERSONAL DATA AND LEGAL BASES
----------------------------------------
6.1 By accepting this Policy, the user understands that the following data are necessary for contract performance and related purposes:
6.1.1 Full name, company name and CNPJ: used to create, identify and verify users, contact them, draw up contracts and issue invoices.
Legal Basis: contract performance or steps prior to a contract at the data subject’s request (Art. 7, V, LGPD) and compliance with legal/regulatory obligations (Art. 7, II, LGPD).
6.1.2 Photos and voice (audiovisual content): used exclusively for the optional avatar feature.
Legal Basis: consent of the data subject (Art. 7, I, LGPD).
6.1.3 Business address: used for identification, contracting and invoicing.
Legal Basis: contract performance (Art. 7, V, LGPD) and legal/regulatory obligations (Art. 7, II, LGPD).
6.1.4 E-mail: used for account validation and login, communication and contracts; also for sending marketing, news or newsletter e-mails when applicable.
Legal Basis: contract performance (Art. 7, V, LGPD) and legitimate interest (Art. 7, IX, LGPD), when applicable.
6.1.5 IP address (Internet Protocol): stored to comply with Article 15 of Federal Law nº 12.965/2014 (keeping access records), for a minimum of six (6) months.
Legal Basis: compliance with legal/regulatory obligations (Art. 7, II, LGPD).
----------------------------------------
7. ACCOUNT CANCELLATION AND DATA DELETION
----------------------------------------
7.1 By Illustra AI: we may block, restrict, disable or prevent access in cases of inappropriate conduct, breach of the contract or policies, non-payment, or violations of laws.
7.2 By the User:
• Simple Users: requests for service cancellation and account deletion must be sent to support@illustraia.com.
• Business Users and associated individuals: requests must be directed to the Business User (the Controller), and Illustra AI will act according to the company’s instructions and the governing contract.
7.3 When processing purposes end, and upon request (by e-mail to dataprotection@illustraia.com for Simple Users, or by the Controller for Business Users), we will delete personal data immediately and permanently, except where retention is legally required or necessary to exercise rights in judicial/administrative/arbitral proceedings (e.g., access logs kept under the Marco Civil da Internet).
----------------------------------------
8. RIGHTS OF DATA SUBJECTS
----------------------------------------
Under the LGPD, data subjects may request at any time: (i) confirmation of processing, (ii) access to data, (iii) correction of incomplete/inaccurate/outdated data, (iv) anonymization, blocking or deletion of unnecessary or unlawfully processed data, (v) data portability to another provider, (vi) deletion of data processed based on consent, (vii) information about public and private entities with which data has been shared, (viii) information on the possibility of refusing consent and the consequences, and (ix) revocation of consent previously granted.
----------------------------------------
9. UPDATES TO THIS POLICY
----------------------------------------
Illustra AI may amend this Policy to reflect legal or operational changes. The updated version becomes effective upon publication. Where consent is required for changes, users will be able to accept or refuse the new text. If a user disagrees with a change, they may refuse consent for specific actions or terminate the relationship, without prejudice to obligations assumed under prior versions.
----------------------------------------
10. PRIVACY CONTACT CHANNEL (DPO)
----------------------------------------
Illustra AI appoints a Data Protection Officer (DPO) as the primary contact for privacy matters. You can reach our DPO at dataprotection@illustraia.com, pursuant to Article 41 of the LGPD, to submit requests, complaints and questions, including those from the ANPD.
10.1 Illustra AI also provides Terms of Service governing license, rights, duties, guarantees and general provisions, which form an inseparable part of this Policy.
----------------------------------------
11. GENERAL CONTACT
----------------------------------------
For general matters, Simple Users may contact support@illustraia.com or use the in-platform chat. Business Users have access to dedicated support, including WhatsApp, when necessary.