Privacy Policy

Effective Date: December 11, 2025

1. Overview

Ignio is committed to protecting your privacy. We process your data (messages, receipts, events) strictly for delivering the personal assistant experience, improving extraction accuracy, and maintaining system reliability.

This policy follows:

• LGPD (Brazil's General Data Protection Law)
• GDPR (EU General Data Protection Regulation)
• CCPA/CPRA (US state privacy laws)
• Privacy by Design principles

2. Data We Collect

2.1 User-provided data

• Text messages sent via WhatsApp
• Audio notes
• Receipt images and documents
• Calendar-related inputs
• Queries and commands
• Optional user preferences and categories

2.2 Automatically-collected metadata

• Timestamps
• Webhook metadata (message ID, sender ID)
• Delivery receipts
• System logs (minimal PII)

2.3 Generated data (AI pipeline)

• Parsed structured items
• Vendor aliases and mappings
• Confidence scores
• Categorization metadata

Important: We do not use user data to train external LLMs (OpenAI/Anthropic policies already forbid this for API usage).

3. Legal Bases for Processing

LGPD (Brazil)

• Consent (Art. 7, I) for processing messages, receipts, and personal financial data
• Execution of contract (Art. 7, V) to operate the assistant

GDPR (EU)

• Consent (Art. 6.1.a) — explicit opt-in for data processing
• Legitimate Interest (Art. 6.1.f) — for service analytics & security
• Contractual necessity (Art. 6.1.b) — to deliver the requested features

4. Data Retention Policy

Ignio stores data only for the period necessary to provide the service.

4.1 Messages and webhook payloads

Retained for: 30-90 days

Used for debugging, reprocessing, and audit trails. Automatically deleted after retention period.

4.2 Attachments (images, audio, PDFs)

Retained for: 30-90 days

After structured data extraction, original files can be deleted earlier if the user desires.

4.3 Structured items (expenses, events, notes)

Retained until: user deletes account or specific items

These are the core value of the assistant.

4.4 Logs and metrics

Retained for: 7-30 days

Logs are anonymized when possible.

5. Your Rights

You can request:

• Access — see all data stored in Ignio
• Correction — fix incorrectly parsed items
• Deletion — wipe account and all data
• Portability — export data as CSV/JSON
• Consent withdrawal — stop processing at any time

Ignio will respond within:

• 15 days (LGPD - Brazil)
• 30 days (GDPR - EU)
• 45 days (CCPA - US)

6. Data Locations & Transfers

Ignio may process data in:

• Brazil
• US (cloud services)
• EU (future hosting expansion)

Protection measures:

• All data in transit → TLS 1.2+
• All data at rest → AES-256 encryption
• User tokens and OAuth credentials → encrypted using secret management
• Processor agreements (DPAs) with cloud providers

7. Security Measures

• HTTPS everywhere
• Sensitive tokens stored in encrypted secrets
• Media files stored with presigned URLs (limited time)
• Role-based access controls
• Daily backups + restoration tests
• API rate limits to prevent abuse

8. Data Deletion Policy

When you delete your account:

• User profile deleted
• All items deleted
• All attachments deleted
• Events deleted (or anonymized if needed)
• Cache entries/Redis jobs cleaned
• Within ~7 days, old backups age out automatically

9. Data Sharing

Ignio does not:

• Sell data
• Share data with advertisers
• Train external AI models using user data

Ignio may share data only with:

• Cloud providers (for infrastructure)
• OCR/ASR providers (Google Vision, Whisper)
• Optional integrations (Google Calendar) — only when user authorizes

10. Children's Data

Ignio is not intended for users under 16 and does not knowingly process minors' data.

11. Cookies and Analytics

We use Google Analytics to understand how users interact with our website:

• IP addresses are anonymized before processing
• No personally identifiable information (PII) is transmitted
• You can decline analytics at any time

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by email or through the app.

13. Contact Us

If you have questions about this Privacy Policy or your data, please contact us at app+ignio@leocardz.com.