Facilwork.app

Privacy Policy

Last updated: 15 May 2026

Informative translation

This is an English translation of our legal documents provided for convenience. The Portuguese version prevails in any dispute.

This Privacy Policy describes how Facil Work Software Ltda. ("Facilwork", "we") processes personal data in the context of the facilwork.app platform, in compliance with the Brazilian General Data Protection Law (Law 13.709/2018 — LGPD).

1. Data controller

Controller of the data processed through use of the platform:

  • Legal name: Facil Work Software Ltda.
  • Company registration (CNPJ): 47.963.902/0001-97
  • Address: Rua Theotônio de Araújo, 457, Vila Casa Branca, Botucatu/SP, CEP 18.608-330
  • Contact channel: privacidade@facilwork.app

2. Data Protection Officer

As a small-scale processing agent (ANPD Resolution 2/2022), Facilwork is exempt from formally appointing a Data Protection Officer. As good practice, we maintain a dedicated privacy channel: privacidade@facilwork.app.

3. Categories of data collected

We process the following categories of data:

  • Customer (tenant) account data: company registration, legal name, name, email and phone of the account holder.
  • Platform usage data: access logs, IP addresses, usage metrics and audit records.
  • Tenant end-customer data: name, address, tax ID and order details — for this data Facilwork acts as processor and the tenant is the controller.
  • OAuth authentication tokens for connected marketplace accounts.
  • Tax data: A1 digital certificate (stored encrypted) and issued invoices.

4. Legal bases and purposes

  • Performance of a contract (art. 7, V): account creation, operation and maintenance of the ERP.
  • Compliance with a legal obligation (art. 7, II): issuance of invoices and retention of tax documents.
  • Legitimate interest (art. 7, IX): information security, fraud prevention and aggregated analytics.
  • Consent (art. 7, I): non-essential cookies and marketing communications.

5. Sharing with processors

We share data only with processors necessary to provide the service, as listed below. The up-to-date list is available on the Subprocessors page.

ProcessorCountryPurpose
Amazon Web Services (AWS)USA / IrelandDatabase and file hosting (RDS, S3)
Mercado LivreBrazilCatalogue, inventory and order integration
TikTok ShopIreland / SingaporeCatalogue, inventory and order integration
ShopeeSingaporeCatalogue, inventory and order integration
Amazon MarketplaceUSACatalogue, inventory and order integration
AsaasBrazilBilling and subscription processing
AnthropicUSAAI-assisted product description generation
ResendUSATransactional email delivery
SEFAZBrazilIssuance and authorisation of electronic invoices

6. Data retention

  • Account data: kept for the entire term of the contract.
  • After account closure: data kept for 30 days for possible reactivation.
  • Backups: retained for up to 90 additional days.
  • Invoices and tax documents: retained for 5 years due to a legal obligation.

7. Data subject rights

Under art. 18 of the LGPD, the data subject may request:

  • Confirmation that processing exists and access to the data.
  • Correction of incomplete, inaccurate or outdated data.
  • Anonymisation, blocking or deletion of unnecessary or non-compliant data.
  • Portability of data to another provider.
  • Information about data sharing.
  • Withdrawal of consent.

Requests should be sent to privacidade@facilwork.app and will be answered within 15 business days.

8. International data transfers

Part of the infrastructure (AWS) and the AI service (Anthropic) may process data in regions outside Brazil (USA and European Union). These transfers are covered by the Standard Contractual Clauses approved by the ANPD (ANPD Resolution 19/2024), incorporated into the contracts with those processors.

9. Information security

  • Traffic protected by HTTPS/TLS.
  • Encryption at rest in the database and dedicated encryption of digital certificate passwords.
  • Role-based access control (RBAC) and per-tenant data isolation.
  • Audit logging of changes and optional multi-factor authentication (MFA).

10. Cookies

The use of cookies and similar technologies is detailed in our Cookie Policy.

11. Updates to this policy

This policy may be updated at any time. The date of the last revision is shown at the top of the page. Material changes will be communicated to customers by email.

12. Governing law and jurisdiction

This policy is governed by Brazilian law. Any disputes shall be settled in the comarca de Botucatu/SP.