DPIR, Data Protection Impact Report

Formal impact and risk report on personal data processing in the UtilizAí platform.

1. Controller identification

Controller: UtilizAí (founder, individual)
Contact channel/DPO: dpo@utilizai.com

2. Processing purposes

  • Provide calculation, validation and public query tools.
  • Authenticate registered users (Supabase Auth) for logged-in features.
  • Manage subscriptions and billing (Stripe).
  • Issue personalized Official Gazette publication alerts.
  • Measure aggregated usage for rate-limiting and capacity.

3. Legal bases used (Art. 7 and 11)

  • Contract execution (Art. 7, V): features contracted by Pro/Enterprise users.
  • Consent (Art. 7, I): non-essential cookies and marketing.
  • Legitimate interest (Art. 7, IX): security, fraud prevention, rate-limiting.
  • Compliance with legal obligation (Art. 7, II): sales taxation, tax retention.

4. Categories of personal data

  • Registration data: email, contracted plan.
  • Authentication data: password hash, session tokens (managed by Supabase Auth).
  • Usage data: API call timestamps, features used.
  • Payment data: card last4, billing country (stored in Stripe, not on our servers).
  • Content voluntarily entered in clinical calculators (sensitive health data — processed only in the browser).

5. Sensitive data (Art. 11)

Health and Speech-Therapy tools may process health data entered by the user (BMI, vocal test results, screenings). This data is processed exclusively in the browser and is not transmitted to the server — it remains only in the localStorage of the user's own device, with implied consent in the voluntary input.

6. Sharing with third parties

  • Supabase Inc. (USA): database, auth hosting. SCC applicable.
  • Vercel Inc. (USA): frontend/edge hosting. SCC applicable.
  • Stripe (USA/Ireland): payment processing. PCI-DSS Level 1.
  • Upstash (AWS): cache/rate-limiting.
  • Brevo (FR/BR): transactional emails (confirmation, alerts).

7. Security measures

  • Mandatory HTTPS, TLS 1.2+ (Cloudflare SSL Full Strict).
  • HSTS with preload.
  • Restrictive Content-Security-Policy.
  • Rate limiting by IP and by account.
  • RLS (Row-Level Security) in Postgres — each user only sees their own data.
  • Audit logs for access to sensitive data.
  • Encrypted backups on Supabase (daily, 7-day retention on Pro plan).

8. Retention periods

  • Registration data: during the account's lifetime + 5 years (tax obligation).
  • Usage logs: 90 days.
  • Payment data: according to Stripe retention (typically 7 years).
  • Data entered in tools: remain on the user's device; never sent to the server.

9. Data subject rights (Art. 18)

Users may exercise their rights (access, correction, anonymization, portability, deletion) directly at /conta:

  • Data export (JSON) — immediate.
  • Account deletion — immediate and cascading across all tables.
  • Subscription cancellation — via Stripe portal.

10. Identified risks and mitigation

RiskProbabilityMitigation
Credential leakLowPassword hash (bcrypt via Supabase), optional MFA, API key rotation
Unauthorized DB accessVery lowRLS, service role only server-side, SCC with Supabase
API abuseMediumUpstash rate-limit + manual revocation via admin
Exposure of health dataVery low100% client-side processing in sensitive tools

11. Contact channels

Data subject requests: dpo@utilizai.com.
ANPD: https://www.gov.br/anpd.