Privacy policy

Introduction

This Privacy Policy applies to all visitors and users of the websites, applications, and services offered by Perpetuus Growth Ventures (legal name Luis Felipe Santos Crespi LTDA, CNPJ 52.199.729/0001-32), registered at Rua Projetada 4, 247 Buritis, Sinop, MT, Brazil, ZIP 78559379 ("Perpetuus," "we," or "us").

By accessing or using any part of our websites or services, you acknowledge that you have been informed of and consent to our practices regarding your personal information, as described in this document.

Data protection

Information security and privacy oversight are handled with defined internal responsibility. To request access, correction, deletion, or clarification about personal data we may process, or to report security concerns, contact us at contato@perpetuus.com.br with the subject line "Privacy."

Information we collect and why

Website visitor information: like most website operators, we collect potentially identifying information made available by browsers and servers — browser type, language, referring site, and date/time of each request — to understand how the site is used, improve the experience, and monitor security. We may also collect IP addresses for performance, content, and security, without using them to individually track anonymous visitors to the marketing site.

Information you provide voluntarily: when you create an account, request a demo, use forms, a contact widget, or support channels, we collect the data you choose to share (for example, name, email, company, and message). The amount and type depend on how you interact with us.

Service usage data: when you use the Perpetuus platform, we process registration, authentication, usage logs, settings, and content stored in your account as needed to perform the contract. Data about our customers’ end users (for example, CRM contacts or support conversations) is processed on the customer’s behalf as a processor under contract and LGPD rules.

Aggregated statistics: we may publish aggregated, anonymized statistics about website or product usage without identifying individuals.

Information we do not intentionally collect

We do not intentionally request sensitive personal data such as racial or ethnic origin, religious beliefs, genetic, biometric, or health data, except where strictly necessary and supported by an appropriate legal basis.

We recognize that customers may store sensitive information on the platform while running their business processes. In those cases, the customer is responsible for lawful collection and notice to data subjects; we process data only to provide the contracted Service.

The Service is not directed to anyone under 18. If we learn of an account created by a minor without proper legal authorization, we may close the account.

Legal bases for processing

The bases below apply to personal data in general. Google user data obtained through Google OAuth and Google APIs is not processed under these generic purposes, except as expressly permitted in the "Data accessed via Google" section.

Contract performance: we use data when necessary to enter into, perform, or administer contracts with you or the organization you represent — for example, provisioning accounts, billing, support, and contracted features.

Legitimate interests: we use data to improve the Service, ensure security, prevent fraud, communicate relevant product updates, and protect rights in disputes, with appropriate balancing against your rights. This basis does not authorize using Google user data for marketing, website analytics, or product improvements unrelated to the Google features you enable.

Consent: where required for specific purposes — such as certain marketing communications — we will request clear consent, which you may withdraw at any time using the channels indicated in the message or by email. Marketing communications do not use data obtained via Google.

Legal obligation: we may process and retain data to comply with laws, regulations, court orders, or competent authority requests.

Artificial intelligence: features that use AI or machine learning, when available, process data entered or generated in Perpetuus CRM only for functionality enabled by the customer. We do not use customer data to train generalized third-party models without contractual basis and explicit configuration. Google user data (including Calendar, Meet, or meeting attachment content) is not used for AI training, analytics, or marketing; when a CRM feature displays or summarizes Google meeting artifacts, that occurs only for the user-requested functionality, as described in the "Data accessed via Google" section.

Data accessed via Google

This section describes how Perpetuus CRM accesses, uses, stores, shares, and deletes user data obtained through Google APIs and Google authentication, according to the scopes you authorize on Google's consent screen and in line with Google's API Services User Data Policy (Limited Use).

Limited Use compliance statement: The use and transfer of raw or derived user data received from Google Workspace APIs by Perpetuus CRM adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Data we collect or access: • Name, email, and profile photo, for authentication and identification of the connected user. • Google Calendar events and availability, when authorized, to check free/busy times and to create, edit, list, or display meetings and appointments linked in the CRM. • Google Meet meeting data created or linked by Perpetuus CRM, including video conference links associated with cards, leads, companies, or opportunities. • Meeting attachments made available through Google Calendar or Google Meet (recordings, transcripts, and meeting documents), only when authorized and exclusively in the context of CRM-connected meetings. The app does not request broad Google Drive access and does not access, list, modify, or delete files outside that meeting context.

Limited Use: We use Google user data only to provide or improve user-facing features of Perpetuus CRM that you explicitly request or enable (for example, connecting a Google account, scheduling a meeting, checking availability, linking an event to a card, or displaying meeting artifacts). We do not use Google user data for any other purpose described elsewhere in this policy — including marketing, promotional communications, website analytics, profiling, advertising, retargeting, selling or renting data, data brokers, credit-worthiness, lending, commercial databases unrelated to the Service, or training generalized AI models.

How we store it: OAuth access tokens, linked Google account identifiers, calendar/meeting metadata, and references required for the integration are stored on servers operated or contracted by Perpetuus and tied to your account and organization. We apply encryption in transit, access controls, monitoring, and other measures described in the "Use, sharing, and protection" section of this policy.

Who we share or transfer it with: We do not sell Google user data. We share or transfer it only with employees and subprocessors who need to process it to operate Perpetuus CRM on our behalf (for example, infrastructure, hosting, security, and support), under contractual confidentiality and protection obligations, and only as needed to provide the application features described above. We do not transfer Google user data to third parties for advertising, cross-site profiling, data resale, or purposes outside operating the application.

Retention and deletion: We retain tokens and data tied to the Google integration while the connection is active and needed for authorized features, or as required by law. When you disconnect the integration in Perpetuus CRM or revoke access in your Google Account, we stop new collection via Google, invalidate access tokens, and delete or anonymize integration-related data within a reasonable period, except copies in technical backups that expire on a routine schedule. You may request additional information or deletion through the channels listed under "Privacy contact."

Revocation and changes: You may revoke access at https://myaccount.google.com/permissions or by disconnecting the integration in Perpetuus CRM settings. If we materially change how we use Google user data, we will publish an updated version on this page and update the date at the top of this policy; material changes may also be communicated by email or in-product notice.

Use, sharing, and protection

Sharing: we disclose personal data only to employees, contractors, and subprocessors who need to know it to operate the Service on our behalf and who are bound by confidentiality and protection obligations. We use infrastructure, communication, payment, and essential tooling providers under agreements that require appropriate security.

We do not rent or sell personal data. We may disclose information when required by law or when we believe in good faith that disclosure is necessary to protect the rights, safety, and integrity of Perpetuus, users, or the public.

Data entered on the platform by a customer may be accessible to authorized users of that customer, according to configured permissions.

Security measures: we adopt reasonable safeguards, including encryption in transit, access controls, security reviews, and monitoring, according to the nature of the data and associated risk.

International transfers: when we use providers located outside Brazil, we adopt LGPD safeguards such as standard contractual clauses or equivalent mechanisms, and we will inform you when a transfer requires specific consent.

Cookies and tracking technologies

Cookies are small files stored on your device that your browser sends back on later visits. We use cookies and similar technologies to remember preferences (such as language), measure audience, and improve performance and security. You may refuse non-essential cookies in your browser settings; some features may be limited.

We may use third-party analytics that collect aggregated technical information (browser, pages visited, timestamps) without linking it to your platform username, except when you are authenticated and the tool is configured accordingly. Google user data obtained through Google OAuth or Google APIs is not used for analytics, marketing cookies, or audience measurement.

We do not track your browsing on third-party sites over time. Because we do not share cross-site browsing data with third parties for profiling, we do not change processing based on your browser’s "Do Not Track" setting.

Global practices and your rights (LGPD)

Regardless of country, we aim to: obtain informed consent when required; collect only the minimum data adequate for the purpose; offer means of access, correction, and deletion, except where retention is required by law or contractual record integrity; and maintain transparency about purposes and sharing.

Under Brazil’s LGPD, you may request: confirmation of processing; access; correction of incomplete or inaccurate data; anonymization, blocking, or deletion of unnecessary data; portability; information about sharing; withdrawal of consent; and objection to processing based on legitimate interests, where applicable.

We respond to requests within a reasonable period, generally up to 15 days, extendable depending on complexity and law. Manifestly unfounded or repetitive requests may be refused or subject to proportional administrative cost, as permitted by the ANPD.

You may also file a complaint with Brazil’s National Data Protection Authority (ANPD).

Retention and deletion

We retain personal data while your account is active, while necessary to provide the Service, comply with legal obligations, resolve disputes, or enforce agreements. For data obtained via Google, the timelines and procedures in the "Data accessed via Google" section also apply.

After account closure, we delete or anonymize data when there is no legal obligation or legitimate interest to retain it. Backups may persist for a limited technical period before routine expiration.

Information voluntarily published in community channels or marketing materials may remain visible even after account deletion when removal would compromise the integrity of records already made public.

Privacy contact

Questions, data subject requests, or privacy concerns: contato@perpetuus.com.br (subject "Privacy") or perpetuuscrm@gmail.com.

Perpetuus Growth Ventures (Luis Felipe Santos Crespi LTDA) CNPJ 52.199.729/0001-32 Rua Projetada 4, 247 Buritis, Sinop, MT, Brazil, ZIP 78559379

Changes to this policy

We may update this Privacy Policy from time to time. We will publish the revised version on this page and indicate the last updated date at the top. Material changes may be communicated by email to registered users or by a prominent notice in the Service. Continued use after publication constitutes acceptance, to the extent permitted by applicable law.