Privacy Policy

This Privacy Policy describes how Pedro Kyun Maschio Shin Consultoria em Tecnologia Ltda ("RachaAI", "we", "us", or "our") collects, uses, and shares your personal information when you use our WhatsApp-based AI assistant for event organization and expense management.

We are committed to protecting your privacy and ensuring the security of your personal data in compliance with the Brazilian General Data Protection Law (Lei Geral de Proteção de Dados - LGPD - Law 13.709/2018) and other applicable data protection regulations.

2.1 Information You Provide

• WhatsApp Account Information: Phone number, profile name, and WhatsApp user identifier
• Message Content: Text messages, audio recordings, images, and other content you send through WhatsApp
• Event Data: Information about events, participants, invitations, and related details you choose to manage through our platform
• Event Information: Details about events you create or manage, including dates, locations, attendees, and RSVP responses
• Financial Data: Expense information, settlement details, and payment tracking data related to events and activities
• Guest Lists: Names, contact information, and attendance status of event participants

2.2 Automatically Collected Information

• Conversation History: Complete chat logs and interaction history with the AI agent
• Technical Data: Timestamps, message delivery status, and interaction patterns
• Usage Analytics: Information about how you use our services, including features accessed and frequency of use
• Device Information: Through WhatsApp, we may receive device type and operating system information

2.3 Information from Third Parties

• WhatsApp Platform: We receive data from Meta Platforms (WhatsApp Business API) necessary to provide our services
• Authentication Providers: When you sign in using Google, we receive basic profile information (name, email, profile picture)

We use your personal information for the following purposes:

3.1 Service Delivery

• Providing AI-powered conversational assistance via WhatsApp
• Managing events, guests, and related information
• Organizing and tracking events, expenses, and settlements
• Processing and responding to your messages and commands
• Transcribing audio messages and processing images
• Sending notifications and interactive messages through WhatsApp

3.2 Service Improvement

• Analyzing usage patterns to improve our AI models
• Training and refining natural language processing capabilities
• Developing new features and functionalities
• Testing and evaluating service performance

3.3 Security and Compliance

• Preventing fraud and unauthorized access
• Ensuring platform security and data integrity
• Complying with legal obligations and regulations
• Responding to legal requests and preventing harm

3.4 Communication

• Sending service updates and important notifications
• Responding to your inquiries and support requests
• Providing information about new features

Legal Basis (LGPD): We process your data based on:

• Your consent (Article 7, I)
• Performance of a contract (Article 7, V)
• Legitimate interests (Article 7, IX)
• Legal obligations (Article 7, II)

We may share your personal information with the following parties:

4.1 Service Providers

• Supabase: Database hosting and authentication services
• Meta Platforms (WhatsApp): Message delivery and WhatsApp Business API services
• Anthropic (Claude AI): AI language model processing for conversation understanding
• LangSmith: AI agent monitoring and tracing services
• Google Cloud Platform: Authentication and cloud infrastructure
• AWS App Runner: Application hosting and deployment services
• Stripe: Payment processing and subscription billing services
• OpenAI (Whisper): Audio transcription for voice messages sent via WhatsApp

4.2 Legal Requirements

We may disclose your information if required by law, legal process, or government request, or when we believe disclosure is necessary to:

• Comply with legal obligations
• Protect our rights and property
• Prevent fraud or security issues
• Protect the safety of our users or the public

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, subject to the same privacy protections.

Important: We do not sell your personal data to third parties for marketing purposes.

Some of our service providers are located outside Brazil, including in the United States. When we transfer your data internationally, we ensure appropriate safeguards are in place, such as:

• Standard contractual clauses approved by data protection authorities
• Privacy Shield or equivalent frameworks
• Ensuring the recipient country has adequate data protection laws

In accordance with LGPD Article 33, we ensure that international transfers comply with Brazilian data protection standards.

We retain your personal information for as long as necessary to:

• Provide our services to you
• Comply with legal obligations
• Resolve disputes and enforce our agreements
• Improve our AI models and service quality

Specific retention periods:

• Conversation History: Retained while your account is active and for up to 5 years after account closure for AI training and legal compliance
• Event Data: Retained while your account is active and for 6 months after deletion request
• Financial Records: Retained for 5 years as required by Brazilian tax and accounting regulations
• Technical Logs: Retained for 6 months for security and troubleshooting purposes

You may request deletion of your data at any time, subject to our legal retention obligations.

Under the LGPD, you have the following rights regarding your personal data:

• Confirmation and Access (Article 18, I, II): Confirm whether we process your data and access your data
• Correction (Article 18, III): Request correction of incomplete, inaccurate, or outdated data
• Anonymization, Blocking, or Deletion (Article 18, IV): Request anonymization, blocking, or deletion of unnecessary or excessive data
• Portability (Article 18, V): Request to port your data to another service provider
• Deletion of Consent-Based Data (Article 18, VI): Delete data processed based on your consent
• Information (Article 18, VII): Receive information about entities with which we share your data
• Information About Consent (Article 18, VIII): Be informed about the possibility and consequences of not providing consent
• Revocation of Consent (Article 18, IX): Revoke your consent at any time
• Opposition to Processing (Article 18, § 2º): Object to processing based on legitimate interest

To exercise any of these rights, please contact us at privacy@racha.ia.br or through your WhatsApp conversation with our AI agent. We will respond to your request within 15 days as required by LGPD.

We implement appropriate technical and organizational security measures to protect your personal data, including:

• Encryption: Data encryption in transit (TLS) and at rest
• Access Controls: Role-based access controls and authentication requirements
• Monitoring: Continuous monitoring for security threats and anomalies
• Regular Audits: Security assessments and vulnerability testing
• Data Minimization: Collection of only necessary data
• Secure Infrastructure: Use of reputable cloud providers with strong security practices

While we strive to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security but will notify you of any data breaches as required by law.

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@racha.ia.br, and we will take steps to delete such information.

In accordance with LGPD Article 14, any processing of personal data of children and adolescents must be in their best interest and with specific consent from at least one parent or legal guardian.

Our web dashboard uses cookies and similar technologies to:

• Maintain your login session
• Remember your preferences (theme, language)
• Analyze usage patterns through analytics services
• Improve user experience

Types of cookies we use:

• Essential Cookies: Required for the platform to function
• Functional Cookies: Remember your preferences
• Analytics Cookies: Help us understand how you use our services

You can control cookies through your browser settings. Note that disabling certain cookies may limit functionality.

Our service integrates with WhatsApp through the WhatsApp Business API. Important considerations:

• End-to-End Encryption: WhatsApp messages are end-to-end encrypted during transmission. However, to provide our AI services, messages are decrypted and processed on our servers
• WhatsApp's Privacy Policy: Your use of WhatsApp is also governed by WhatsApp's Privacy Policy
• Message Metadata: We receive metadata about messages (timestamps, delivery status) from WhatsApp
• Media Processing: Audio and image files sent through WhatsApp are downloaded and processed by our AI systems

By using our WhatsApp service, you acknowledge that your messages will be processed by our AI systems to provide the service.

RachaAI uses external artificial intelligence services to provide its core functionality. By using our services, you acknowledge and consent to the sharing of your data with the following AI providers:

• Anthropic (Claude AI): Your text messages and conversation context are sent to Anthropic's Claude API for natural language understanding, event management, and expense tracking. Data shared includes: message text, event details, expense information, and user preferences.
• OpenAI (Whisper): Audio messages sent via WhatsApp are transmitted to OpenAI's Whisper API for speech-to-text transcription. Data shared includes: audio recordings only.
• LangSmith (LangChain): Anonymized interaction traces are sent to LangSmith for AI agent monitoring, debugging, and performance optimization. Data shared includes: interaction metadata and anonymized conversation traces.

You may withdraw your consent to AI data sharing at any time by contacting us at privacy@racha.ia.br. Please note that withdrawing consent will prevent us from providing the AI-powered features of our service.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the "Last Updated" date at the top of this policy
• Notify you via WhatsApp message
• Post the updated policy on our website
• For significant changes, request your renewed consent where required by law

We encourage you to review this Privacy Policy periodically. Your continued use of our services after changes constitutes acceptance of the updated policy.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

ANPD (Brazilian Data Protection Authority):

If you are not satisfied with our response, you have the right to lodge a complaint with the Autoridade Nacional de Proteção de Dados (ANPD) at www.gov.br/anpd.