Privacy Policy
Last updated: April 2026
Privacy Policy
proposito.app.br · Last updated: April 2026
Your privacy is taken seriously here. This policy explains clearly what we collect, why, how we use it, and what your rights are — without unnecessary legalese.
1. Who we are
proposito.app.br is operated by Leonardo Araújo, CPF [to fill], based in Gurupi, Tocantins, Brazil. For privacy questions: privacidade@proposito.app.br
2. What we collect
2.1 Data you provide
- Account: name (optional), email and password (stored with bcrypt hash — never in plain text)
- Content: notes, titles, summaries, tags, collections and areas you create
- Private link fields: login, password and notes — stored encrypted with AES-256-GCM. Only you can decrypt them
2.2 Automatically collected data
- Access logs: IP address, date/time, action performed — retained for 30 days for security purposes
- Device information: browser type and operating system — for bug diagnosis
- Usage data: which features you use, review frequency — aggregated and anonymized, to improve the product
2.3 What we don't collect
- We don't use tracking cookies
- We don't install third-party pixels
- We don't collect precise location data
- We don't read the content of your notes for commercial or advertising purposes
3. How we use your data
| Purpose | Legal basis | |---|---| | Create and maintain your account | Contract performance | | Sync your notes across devices | Contract performance | | Send transactional emails (confirmation, password reset) | Contract performance | | Detect and prevent unauthorized access | Legitimate interest | | Improve the product with aggregated, anonymized data | Legitimate interest | | Notify you about changes to the terms | Legal obligation |
We don't use your data for advertising, we don't sell your data, and we don't share it with third parties for commercial purposes.
4. Encryption of sensitive data
Fields marked as "private" in links (login, password, notes) are encrypted on the server with AES-256-GCM before being persisted. The encryption key is derived from your account password via PBKDF2. This means:
- Even with access to the database, these fields cannot be read
- If you lose your password and cannot recover it, this data will be permanently inaccessible
- There is no "backdoor" — not even we can access your private data
5. Data sharing
Your data is shared only with:
- Infrastructure providers: hosting and database services necessary to operate the platform, under contractual confidentiality clauses
- Authorities: only when required by valid court order under Brazilian law
We don't sell, rent or trade your data with anyone.
6. Data retention
- Account and content data: kept while your account is active
- Access logs: 30 days
- Backups: deleted within 60 days after account termination
- After termination: all your data is permanently deleted within 30 days
7. Your rights (LGPD)
Under the Brazilian General Data Protection Law (Law 13.709/2018), you have the right to:
- Access: know what data we have about you
- Correction: correct incomplete or incorrect data
- Portability: export your data in readable format (JSON or Markdown)
- Deletion: request the removal of all your data
- Consent withdrawal: revoke previously given consents
- Information: know with whom your data is shared
To exercise any right, contact: privacidade@proposito.app.br. We will respond within 15 business days.
8. Security
We adopt the following security measures:
- Passwords stored with bcrypt hash (cost 12)
- Communication via HTTPS/TLS 1.3
- Sensitive data encrypted with AES-256-GCM
- Regular backups with encryption at rest
- Database access restricted by IP and rotating credentials
9. Cookies
We use only strictly necessary cookies to maintain your authenticated session. We don't use analytics, marketing or third-party tracking cookies. A cookie banner is not required for essential session cookies, per ANPD guidance.
10. Minors
We don't intentionally collect data from minors under 13. If we learn that an account belongs to a minor in this age range, we will delete the data immediately.
11. Changes to this policy
Material changes will be communicated by email at least 15 days in advance. The "last updated" date at the top of this page always indicates the current version.
12. Contact and DPO
For privacy questions: privacidade@proposito.app.br For general questions: contato@proposito.app.br