Privacy Policy and Data Protection Notice

Controller: SATOSHI TECHNOLOGY LTDA, taxpayer ID 50.971.435/0001-51, registered office at [A PREENCHER — endereço completo do controlador].

Data Protection Officer (DPO), under Art. 41 LGPD and Art. 37 GDPR: dpo@frendi.app.

General privacy channel: privacidade@frendi.app. Security incidents: seguranca@frendi.app.

• "Personal data": any information relating to an identified or identifiable natural person.
• "Sensitive personal data": data on racial or ethnic origin, religious belief, political opinion, union membership, health, sex life, genetic or biometric data, when linked to a natural person.
• "Processing": any operation performed on personal data, such as collection, recording, use, access, transmission, storage, deletion, evaluation, modification, communication, transfer, diffusion or extraction.
• "Data Subject": natural person to whom the personal data refers.
• "Controller": entity that decides on the processing of personal data.
• "Processor": entity that processes personal data on behalf of the controller.
• "Consent": free, informed and unambiguous expression by which the data subject agrees to the processing of their personal data for a specific purpose.

We collect only the data needed to operate the Service:

(a) Data you provide directly:

(b) Data collected automatically:

(c) Data received from third parties:

• Registration data: name, email, phone (when you opt-in to WhatsApp/SMS channels), birthday (optional), preferred language, profile picture (optional).
• Payment data: tokenized payment instruments processed directly by Stripe, Apple and Google. We do not store full card numbers (PAN) on our servers.
• Conversation content (text, voice, video) exchanged with your AI presence across all enabled channels (chat, voice, video, WhatsApp), including transcripts.
• Voice samples you voluntarily provide to personalize your AI friend's voice (instant voice cloning via ElevenLabs).
• Facial videos and images you voluntarily provide to generate your AI friend's 2D avatar (Tavus).
• Aggregated financial data via Open Finance: balances, transactions, statements and investments made available by central-bank-authorized institutions, only upon revocable consent.
• Personal memory content: facts, dates, preferences, contexts and notes you share with the AI so it can remember.
• Device identifiers: device ID, model, OS, app version, language, time zone.
• Technical data: IP address, network provider, session ID, access logs, error reports.
• Usage telemetry: screens visited, features used, frequency and length of sessions, message counts, product events.
• Approximate location derived from IP (city/state), only for content localization, language detection and travel context.
• Social login (Apple, Google, email): public name, verified email, unique identifier.
• Data returned by partners you authorize (Open Finance providers, airlines, hotels, payment platforms).

Conversation content with the AI may reveal health, sex life, religious beliefs, political opinions, racial or ethnic origin. Your cloned voice and facial video constitute biometric data.

Such data are sensitive under Art. 5, II of the LGPD and Art. 9 GDPR. We process them only:

You may revoke consent at any time. Revocation does not affect lawfulness of processing already performed.

• With your specific, informed, free and highlighted consent, expressed by an affirmative act when enabling the corresponding feature (voice recording, facial capture, financial connection); or
• To perform the contract you enter into when using the Service (Art. 11, II, ‘a’ LGPD), when strictly required to deliver the contracted feature; or
• To protect life or physical integrity (Art. 11, II, ‘f’ LGPD) in serious emotional risk situations.

We process your data under the following LGPD Art. 7/11 (and, when applicable, GDPR Art. 6/9) bases:

We always observe the LGPD principles (Art. 6): purpose, adequacy, necessity, free access, data quality, transparency, security, prevention, non-discrimination and accountability.

• Performance of contract (Art. 7, V): account creation/operation, feature delivery, payment, support.
• Consent (Art. 7, I and Art. 11, I): voice cloning, facial capture for avatar, financial account linking, optional channels (WhatsApp/SMS), push notifications, direct marketing.
• Compliance with legal/regulatory obligation (Art. 7, II): tax retention, compliance with authority orders.
• Legitimate interest (Art. 7, IX): fraud prevention, information security, product improvement, aggregated telemetry, after balancing test (Art. 10 LGPD).
• Protection of life (Art. 7, IV and Art. 11, II, ‘f’): immediate referral to support resources in cases of emotional risk.
• Health protection (Art. 11, II, ‘g’): responsible referral to human professionals when the subject signals acute distress.

We do NOT use conversation content, voice or video to train third-party foundation models. We do not let subprocessors train their AI on user content, and we activate zero-retention/opt-out wherever the subprocessor offers it.

• Operate the emotional bond: remember facts, contexts, dates and preferences; keep coherent conversations over time; generate weekly summaries.
• Personalize the presence: apply chosen or cloned voice, selected or trained avatar, language, persona and tone.
• Concierge: search and propose flights, stays, experiences; schedule reminders; integrate finances when authorized.
• Security and anti-fraud: detect anomalous access, abuse, impersonation, prohibited content.
• Operational communication: confirmations, billing alerts, Terms changes.
• Direct marketing, only after explicit opt-in.
• Compliance with tax, accounting and regulatory obligations.

We share personal data only when indispensable:

We do not sell, rent or trade your personal data. We do not display third-party behavioral advertising inside the Service.

• Subprocessors that process on our behalf under a Data Processing Agreement with confidentiality, security and purpose-limitation clauses. The current list is below.
• Partner services you expressly request (airlines, hotels, experience platforms, Open Finance institutions).
• Public authorities, upon judicial order or legal obligation.
• Potential or actual acquirer in corporate transactions (merger, acquisition, reorganization), preserving the original purpose and the guarantees of this Policy.

Updates to this list are published with at least 30 days' notice, except for emergency replacement for security reasons.

• Lovable Cloud (infraestrutura: banco de dados, autenticação, armazenamento, edge functions) — App hosting, authentication, relational database, file storage and serverless execution. Region: US / EU.
• ElevenLabs — Text-to-speech and instant voice cloning explicitly authorized by the data subject. Region: US.
• Tavus — Generation and operation of 2D facial avatar replicas under explicit consent. Region: US.
• Lovable AI Gateway (provedores: OpenAI, Anthropic, Google, xAI) — Language models for conversation, reasoning and content classification. Region: US.
• Stripe — Payment processing, subscription management and PCI-DSS Level 1 card vault. Region: US / Global.
• Apple In-App Purchase / Google Play Billing — Storefront billing when the user pays through iOS/Android. Region: Global.
• Duffel (voos), Booking.com (hospedagem), Viator (experiências) — Search, booking and ticketing of flights, hotels and experiences when the user requests. Region: Global.
• Twilio (WhatsApp Business API e SMS) — Delivery of WhatsApp and SMS messages when the channel is enabled by the user. Region: US / Global.
• Provedores de Open Finance (instituições financeiras autorizadas pelo Banco Central) — Aggregated read access to user balances, transactions and investments under consent revocable at any time. Region: BR.
• Cloudflare — CDN, DDoS mitigation, WAF and edge protection. Region: Global.

Some subprocessors are located outside Brazil (notably the US and EU). We perform international transfers under LGPD Art. 33 and, where applicable, GDPR Chapter V, using:

You may request a copy of the applicable safeguards from the DPO.

• Standard Contractual Clauses (SCC) approved by the European Commission.
• Internal equivalents to SCC where the destination is not covered by an adequacy decision.
• Specific safeguards required by ANPD once published.

After the retention period, data is securely deleted (cryptographic shredding and key revocation).

• Active account: while the account exists.
• Conversations, memory and live profile: while the account exists; deleted within 30 days after deletion request.
• Raw audio used for voice cloning: deleted within 30 days after training; the derived voice_id is kept while cloning is active and deleted within 30 days after revocation or account deletion.
• Raw facial videos used for avatar training: deleted within 30 days after the replica goes live; the replica itself is kept while the account is active.
• Technical and security logs: up to 12 months.
• Tax/accounting data: as required by law (currently up to 5 years from the end of the fiscal year — Brazilian Tax Code Art. 173).
• Backups: rotation up to 35 days, after which data is overwritten.

Under LGPD Art. 18 and GDPR Chapter III, you may at any time and free of charge:

To exercise any right, contact our DPO at dpo@frendi.app. We respond within 15 days under LGPD Art. 19. We may require reasonable identity proof to prevent fraud.

You also have the right to lodge a complaint with the Brazilian Data Protection Authority — www.gov.br/anpd.

• Confirm the existence of processing.
• Access your data.
• Correct incomplete, inaccurate or outdated data.
• Anonymize, block or delete unnecessary, excessive or unlawfully processed data.
• Request data portability to another service provider.
• Delete personal data processed on the basis of consent.
• Receive information on public and private entities with which the controller has shared your data.
• Be informed about the possibility of not granting consent and the consequences of refusal.
• Revoke consent, with confirmation of deletion of data processed under that basis, except in legally required retention.
• Obtain human review of automated decisions affecting your interests.
• Oppose processing carried out under a consent-exempt basis if the LGPD is breached.

We apply technical and administrative measures (LGPD Art. 46) including:

• Encryption in transit (TLS 1.2+) and at rest (AES-256).
• Tokenized payment credentials via PCI-DSS Level 1 partners.
• Row-Level Security in the database with per-subject isolation.
• Least privilege and environment segregation (prod/staging).
• Mandatory MFA for all administrative access.
• Audit logging of administrative access to personal data.
• Cryptographic key management with periodic rotation.
• 24/7 security monitoring and documented incident response.
• Vendor management program with security and privacy assessments.

If a security incident may cause risk or relevant damage, we will notify ANPD and affected data subjects within a reasonable period (LGPD Art. 48), describing the nature of affected data, subjects involved, applied measures, risks, reasons for any delay and mitigation actions.

To report a vulnerability or suspected incident, contact seguranca@frendi.app.

The Service is intended for users aged 13 or older. Between 13 and 18 years, use requires specific and prominent consent given by at least one parent or legal guardian, as per LGPD Art. 14. We do not knowingly process data of children under 13.

If you learn that a child has provided data without proper consent, please contact us immediately so we can remove it.

We use AI for conversational responses, content suggestions, emotional-context classification, voice synthesis and avatar rendering. These do not produce automated decisions with legal effects or significant impact on you (LGPD Art. 20).

You have the right to request human review of any decision taken solely on the basis of automated processing that affects your interests.

We acknowledge AI limits: responses may be inaccurate, incomplete or outdated (‘hallucinations’). The Service is NOT a substitute for professional medical, psychological, legal, financial or tax advice.

We use strictly necessary cookies (authentication, language, security) and, with your consent, product-telemetry cookies. See our Cookie Policy for the full list.

We may update this Policy. Material changes will be notified in-app and by email with reasonable notice when required by law. The version in force is always the one published on this page.

This Policy is governed by the laws of the Federative Republic of Brazil. The forum of [A PREENCHER — comarca e estado] is elected to settle disputes, without prejudice to consumer rights to sue in the forum of their domicile (Brazilian Consumer Code, Art. 101, I).