Privacy Policy

3.1. Information You Provide Directly

We collect information that you provide when you create an account, complete your profile, add properties, interact with our support team or participate in surveys and research.

3.2. Information Collected Automatically

When you access or use our services, we automatically collect technical and usage information through technologies such as cookies, logs and similar tools.

3.3. Information from Third Parties

We may receive information about you from authentication providers (such as single sign-on services), business partners, analytics providers, payment processors and other third parties, always in accordance with applicable law.

3.4. Special Category and Sensitive Data

We do not intentionally collect sensitive data (such as racial or ethnic origin, religious or philosophical beliefs, health data, sexual life or orientation, or trade union membership), except when strictly necessary, provided by you on your own initiative or when we have your explicit consent or another lawful basis under GDPR, UK GDPR and LGPD.

4.2. Legitimate Interest Assessments

Whenever we rely on "legitimate interests" as a lawful basis, we carefully assess whether the processing is necessary for our business purposes, whether it is proportionate and whether your fundamental rights and freedoms are not unduly affected. You have the right to object to processing based on legitimate interests in certain situations.

• Network and information security.
• Fraud prevention and abuse monitoring.
• Product development and service improvement.
• Direct marketing, where permitted by law and with the possibility to opt out.

A. Business Partners and Service Providers on the Platform

We share personal data with companies and professionals who use the HomePass platform to offer services to you (such as maintenance, cleaning, improvements and other property-related services). They receive only the information necessary to provide the requested services and must process it in accordance with applicable data protection laws and their own privacy notices.

Informações compartilhadas: Shared Information: identification details, contact information, property address and the details of your request or order.

B. Technical and Infrastructure Service Providers

We use third-party providers to host our infrastructure, store data, send communications, process payments, provide analytics and perform other technical services. These providers act as processors, have restricted access to personal data and are bound by contractual obligations of confidentiality, security and data protection.

C. Public Authorities and Legal Requests

We may disclose your information to supervisory authorities, regulatory bodies, law enforcement or courts when we are legally required to do so or when such disclosure is reasonably necessary to protect our rights, your rights or the rights of third parties.

D. Corporate Transactions

In the context of a merger, acquisition, reorganisation, sale of assets or similar transaction, your data may be transferred as part of the transaction, subject to confidentiality and data protection safeguards. We will inform you where required by law.

5.2. International Transfers of Personal Data

Your data may be transferred to and processed in countries other than the one in which you reside, including Brazil, Member States of the European Union, the United Kingdom and the United States of America, where some of our infrastructure providers are located.

You may request further information about international transfers and copies of the appropriate safeguards we use.

• Use of Standard Contractual Clauses (SCCs) approved by the European Commission and, where applicable, by the UK authorities.
• Reliance on adequacy decisions issued by the European Commission or the UK government, where available.
• Implementation of additional technical and organisational safeguards, such as encryption and access controls.

5.3. Sale of Personal Data

We DO NOT sell your personal data to third parties, including within the meaning of the California Consumer Privacy Act (CCPA/CPRA). Should this policy ever change, we will provide clear notice and the right to opt out before any such sale occurs.

6.1. Right of Access

You have the right to obtain confirmation as to whether we process your personal data and, if so, to access such data and receive information about how and why it is processed.

6.2. Right to Rectification

You have the right to request the correction of inaccurate, incomplete or outdated personal data concerning you.

6.3. Right to Erasure (Right to be Forgotten)

You may request the deletion of your personal data, in particular where it is no longer necessary for the purposes for which it was collected, when you withdraw consent (where applicable), when the data has been processed unlawfully or when deletion is required by law.

6.4. Right to Data Portability

You may request to receive your personal data in a structured, commonly used and machine-readable format and to have those data transmitted to another controller, where technically feasible.

6.5. Right to Object

You have the right to object, on grounds relating to your particular situation, to processing based on legitimate interests, including profiling, and to processing for direct marketing purposes.

6.6. Right to Restriction of Processing

You may request the restriction of processing, for example while we verify the accuracy of your data, when processing is unlawful and you prefer restriction to erasure, or when we no longer need the data but you require it for legal claims.

6.7. Right to Withdraw Consent

Where we rely on your consent, you may withdraw it at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

6.8. CCPA/CPRA Rights Regarding Sale and Sharing

You have the right to opt out of the sale or sharing of your personal information for cross-context behavioural advertising. As we do not sell your data, this right is already respected by default.

6.9. Non-Discrimination

You will not be discriminated against for exercising any of your privacy rights, for example through unjustified denial of services, different prices or reduced quality.

6.10. How to Exercise Your Rights

To exercise any of your rights, please contact us using the channels indicated in the Contact section or by contacting our DPO. We may need to verify your identity before responding to your request.

7.1. Technical Measures

• Encryption of data in transit (HTTPS/TLS) and, where appropriate, at rest.
• Use of secure authentication mechanisms, including modern protocols and token-based authentication.
• Access control based on roles and least privilege.
• Monitoring of systems, logs and suspicious activities.
• Regular backups and tested recovery procedures.
• Continuous updates and security patches of infrastructure and software.

7.2. Organisational Measures

• Training of employees and contractors on information security and data protection.
• Internal policies and procedures covering access control, incident response and acceptable use.
• Restricted access to personal data only to authorised personnel who need it for their duties.
• Periodic security reviews and, where appropriate, external audits.

7.3. Limitations

No method of transmission or storage is completely secure. While we take reasonable and industry-standard measures to protect your data, we cannot guarantee absolute security. If you become aware of any security incident, please contact us immediately.

8.1. Retention Periods

We retain your personal data only for as long as necessary for the purposes described in this Policy, including for the fulfilment of legal, tax, accounting and regulatory obligations, as well as for the establishment, exercise or defence of legal claims.

8.2. Deletion and Anonymisation

At the end of the retention period, we will securely delete or anonymise personal data, unless further storage is required or permitted by law.

8.3. Exceptions

In specific situations we may retain data for longer than the periods indicated, for example when required by law, in ongoing legal proceedings or investigations, or to protect vital interests and security.

9.1. Destination Countries

Your data may be transferred to and processed in Brazil, Member States of the European Union, the United Kingdom, the United States and other countries where we or our providers operate. These countries may have different data protection laws from those in your country.

10.1. What Are Cookies

Cookies are small text files that are stored on your device (computer, smartphone or other) when you visit websites. They are widely used to make websites work, improve performance, remember your preferences and provide analytics and advertising.

10.3. Managing Cookies

You can manage cookies in several ways: through your browser settings, by configuring our cookie banner or using opt-out tools provided by third parties. If you disable certain types of cookies (especially strictly necessary ones), parts of the site may not function correctly.

11.1. Minimum Age

Our services are intended for individuals aged 18 or over. We do not knowingly collect personal data from children under 18 years of age.

11.2. Children Under 13 (COPPA – United States)

We do not knowingly collect personal information from children under 13 years old. If we become aware that we have collected data from a child under 13 without verifiable parental consent, we will promptly delete such data and take steps to prevent future collection, in accordance with COPPA.

11.3. Minors Between 13 and 18

For minors between 13 and 18 years of age, we recommend parental or guardian supervision. Parents or legal guardians may contact us to request access, correction or deletion of data and to withdraw consent where it has been provided.

11.4. Rights of Parents and Guardians

• To access personal data of the minor, to the extent allowed by law.
• To request deletion of personal data in accordance with applicable regulations.
• To withdraw consent given previously, when consent is the lawful basis.
• To refuse any further collection or use of the child's personal information.

12.1. How We Notify You of Changes

We may update this Privacy Policy from time to time. When changes are material, we will notify you through prominent notices in the app or website, by e-mail and/or by updating the "Last Updated" date at the top of this Policy.

12.2. Continued Use of the Services

Your continued use of our services after the publication of changes to this Policy will be deemed acceptance of the updated version, to the extent permitted by law.

12.3. Previous Versions

Previous versions of this Policy may be made available upon request, where appropriate.

13.1. General Contact

If you have any questions, comments or requests regarding this Privacy Policy or our privacy practices, you may contact us through the channels published on our website or in the application.

13.2. Data Protection Officer (DPO)

For questions specifically related to data protection and your rights under GDPR, UK GDPR, LGPD or other applicable laws, you may contact our DPO at the e-mail address indicated in the legal information on the site.

13.3. Supervisory Authorities

You also have the right to lodge a complaint with a competent data protection authority:

14.1. Brazil (LGPD)

Processing of personal data of data subjects located in Brazil will comply with the Lei Geral de Proteção de Dados Pessoais (LGPD – Law No. 13.709/2018), including the rights provided for in Article 18 and the applicable legal bases.

14.2. European Union (GDPR)

Processing of personal data of data subjects in the European Union is carried out in accordance with Regulation (EU) 2016/679 (GDPR), including the rights set out in Chapter III and the obligations applicable to controllers and processors.

14.3. United Kingdom (UK GDPR)

Processing of personal data of data subjects in the United Kingdom is carried out in accordance with the UK GDPR and the Data Protection Act 2018.

14.4. United States (CCPA/CPRA and COPPA)

Where US state laws such as the California Consumer Privacy Act (CCPA/CPRA) apply, we will respect the rights of consumers regarding access, deletion and non-discrimination, as well as obligations relating to children under COPPA.