Privacy Policy

Full transparency on how UtilizAí handles your personal data.

Quick summary

  • You can use most tools without signing up.
  • Validators, generators and converters run 100% in your browser.
  • Queries to public databases (ZIP codes, company registries, banks) use third-party APIs without storing history.
  • We use Google Analytics, Google AdSense and infrastructure tools (Supabase, Vercel, Stripe).
  • You may exercise all rights granted by the LGPD at any time.

1. Controller and contact

UtilizAí ("we", "our") is the controller of the personal data processed on this site, under the terms of the Brazilian General Data Protection Law (Law 13,709/2018).

For questions, requests or complaints regarding privacy, contact us by email at privacidade@utilizaí.com. The Data Protection Officer (DPO) will respond within 15 business days.

2. What data we collect

2.1. Data you provide directly

  • Optional signup: email, name (via Google OAuth), password (if applicable). Used only for authentication and, where applicable, paid plan billing.
  • Payment data: processed directly by Stripe. We do not store card data on our servers.

2.2. Data collected automatically

  • Navigation: pages visited, time spent, device, browser, operating system (via Google Analytics 4, with anonymized IP).
  • Advertising: Google AdSense cookies for displaying relevant ads. You may opt for non-personalized ads.
  • Technical log: partial hashed IP (LGPD), timestamp and API usage count for rate-limiting purposes. Retained for 30 days.

2.3. Data we do NOT collect

  • CPF, CNPJ, ZIP code or other documents you validate/query. This data is processed locally in the browser and is not sent to our servers.
  • Text content, generated passwords, converted files.

3. Purposes and legal basis (arts. 7 and 11 of the LGPD)

PurposeLegal basis
Providing the service (tools)Legitimate interest
User authentication and accountContract execution
Paid plan billingContract execution
Aggregated usage statisticsLegitimate interest
Personalized advertisingConsent
Compliance with legal/tax obligationsLegal obligation
Security and fraud preventionLegitimate interest

4. Sharing with partners

We use the following data processors, each with its own privacy policy:

  • Supabase Inc., authentication and database (hosted in the USA). Policy
  • Vercel Inc., hosting and CDN. Policy
  • Stripe Inc., payments. Policy
  • Google LLC, Analytics, AdSense, Google sign-in. Policy
  • Cloudflare Inc., DNS and abuse protection. Policy
  • Brevo (Sendinblue), transactional email delivery. Policy
  • BrasilAPI, AwesomeAPI, CoinGecko, public APIs queried on demand. We do not send personal data to these APIs.

We do not sell personal data. We only share the minimum necessary to provide the service or comply with legal obligations.

5. International data transfer

Some partners (Supabase, Vercel, Stripe, Google, Cloudflare) process data outside Brazil, in countries with an adequate level of protection or under standard contractual clauses compatible with the LGPD (arts. 33 to 36).

6. Cookies and similar technologies

We use four categories of cookies:

  • Essential, login session, theme preferences. No consent required (art. 7, IX).
  • Analytical, Google Analytics 4. Let us measure audience and improve the service.
  • Advertising, Google AdSense. Serve relevant ads based on your profile.
  • Preferences, store your choice regarding this banner.

You may accept, refuse or configure cookies individually through the banner displayed on your first visit, or at any time by disabling them in your browser. Refusing non-essential cookies does not prevent the use of free tools.

7. Data retention

  • User accounts: while the account exists + 6 months after deletion.
  • Tax and payment records: 5 years (legal obligation).
  • Technical logs and rate-limit: 30 days.
  • Analytical cookies: up to 24 months (Google Analytics).
  • Advertising cookies: up to 13 months (Google AdSense).

8. Your rights (art. 18 of the LGPD)

You may, at any time:

  • Confirm the existence of processing of your data.
  • Access your data.
  • Correct incomplete, inaccurate or outdated data.
  • Request anonymization, blocking or deletion of unnecessary, excessive or unlawfully processed data.
  • Request portability to another provider.
  • Delete data processed based on consent.
  • Be informed about entities with whom we share data.
  • Revoke consent at any time.
  • Petition against the controller before the ANPD.

To exercise any right, send an email to privacidade@utilizaí.com with a copy of a document proving your identity.

9. Security

We apply technical and administrative measures proportionate to the risk: encryption in transit (HTTPS), encryption at rest in the database, multi-factor authentication where available, least privilege principle, access and audit logs, and IP hashing in rate-limit records.

In the event of a security incident with significant risk, we will notify data subjects and the ANPD as per art. 48 of the LGPD.

10. Minors

The services are not directed at children under 13. Minors between 13 and 18 may only use the service under supervision and with consent of parents or guardians, in compliance with art. 14 of the LGPD.

11. Changes to this policy

We may update this policy periodically. Material changes will be communicated at least 30 days in advance by email (if you have an account) or through a homepage notice.

12. Governing law and jurisdiction

This policy is governed by Brazilian law. The venue of the data subject's place of residence is elected to resolve any controversy, pursuant to art. 101, I, of the Consumer Protection Code.

See also the Terms of Use.