Privacy Policy

The data controller is 1001 DIGITAL LTDA, CNPJ 58.097.838/0001-25.

To exercise LGPD rights or clarify doubts about this Policy, use the official contact channel published on the platform.

User-provided data: destination wallet address; optionally, email and WhatsApp number.

Transaction-generated data: BRL amount, crypto asset, network, order ID, on-chain transaction hash.

PIX payment data (received from gateway): payer name, CPF/CNPJ, bank, branch, account, payment date/time and end-to-end identifier.

Technical data: IP address, device type, browser, access logs.

Data is used to: (i) execute the requested purchase/sale; (ii) prevent fraud, money laundering and terrorism financing; (iii) comply with legal and regulatory obligations; (iv) communicate order status; (v) provide customer support.

Processing is based on: contract execution (LGPD art. 7, V), legal obligation (art. 7, II), regular exercise of rights (art. 7, VI) and legitimate interest (art. 7, IX) for fraud prevention.

We share strictly necessary data with: (i) PIX payment processor (financial gateway authorized by the Central Bank of Brazil); (ii) cloud infrastructure providers; (iii) public authorities (Federal Revenue Service, Central Bank, COAF, Judiciary) when required by law.

We do not sell, rent or make personal data available for third-party marketing.

Transaction data is retained for a minimum of 5 years from the operation's conclusion, in compliance with tax and AML/CFT requirements (Brazilian Laws 9,613/1998 and 14,478/2022).

After this period, data is anonymized or deleted, except in legal cases of extended retention.

You may at any time request: (i) confirmation of processing; (ii) access to data; (iii) correction of incomplete or outdated data; (iv) anonymization, blocking or deletion of unnecessary data; (v) portability; (vi) information about sharing; (vii) consent withdrawal.

To exercise these rights, contact us through the official channel. We will respond within 15 days, per LGPD art. 19.

We adopt technical and organizational measures to protect data: in-transit encryption (TLS), access control, environment segregation, monitoring and log auditing.

Despite the efforts, no system is fully invulnerable. In the event of a security incident involving personal data, we will notify affected subjects and the Brazilian Data Protection Authority (ANPD) within legal deadlines.

We use essential cookies for platform operation (session, language preferences). We do not use third-party advertising tracking cookies.

Any international data transfers occur only to countries with adequate protection levels or under standard contractual clauses, per LGPD art. 33.

This Policy may be updated periodically. The date of the last update is shown at the beginning of the document. Regular review is recommended.