Privacy Policy

Last updated: May 9, 2026

This Privacy Policy describes how Clave de Som Desenvolvimento de Sistemas ("Clave de Som", "we", "us") collects, uses, stores and protects the personal data of visitors and users of the BackStage website and product. It has been drafted in compliance with the Brazilian General Data Protection Law (Law No. 13,709/2018 — LGPD).

1. Who we are

Clave de Som Desenvolvimento de Sistemas is the controller of the personal data collected through this website. For any questions or requests regarding personal data, contact us at comercial@backstage.local.

2. What data we collect

We only collect data strictly necessary for the services we provide:

• Contact form: name, email, phone (optional), company (optional), subject (optional) and message.
• Demo request form: name, business email, company, role (optional), team size (optional), interests indicated, phone and message (optional).
• Automatic technical data: IP address, browser type, operating system, language, accessed pages and access timestamp, recorded in server logs for security and operational purposes.
• Cookies and local storage: CSRF token (security), chosen language, theme preference (light/dark/system). Details in section 8.
• Aggregated and anonymous metrics: when active, we use a privacy-respecting analytics service (Plausible), without tracking cookies and without individual identification.

3. Why we use your data

The personal data collected is used strictly for:

• Responding to contact requests and commercial inquiries;
• Scheduling and conducting product demonstrations;
• Sending operational communications related to your declared interest;
• Complying with legal and regulatory obligations;
• Ensuring platform security and preventing fraud;
• Improving our services based on aggregated statistics.

4. Legal basis for processing

The processing of personal data is based on the following legal grounds set forth in the LGPD:

• Consent: by voluntarily filling in our forms, you consent to the processing of the information provided for the described purpose;
• Legitimate interest: for technical security records, fraud prevention and aggregated anonymous metrics;
• Compliance with legal obligation: when required by law.

5. With whom we share

We do not sell, rent or commercialize personal data. We may share strictly necessary data with:

• Infrastructure providers: cloud hosting and transactional email provider (only what is necessary for message delivery);
• Public authorities: upon court order or express legal requirement.

All operational partners are contractually bound to maintain confidentiality and apply security measures equivalent to ours.

6. How long we retain your data

• Form data (contact and demo): kept while there is a commercial relationship or declared interest, or for the minimum legal period applicable after the last contact.
• Technical logs: kept for up to 6 months for audit and security purposes.
• Session cookies: deleted upon ending the session; preference cookies may remain for up to 1 year.

After these purposes are fulfilled, data is anonymized or deleted, except when there is a legal duty to retain.

7. Your rights as a data subject

Under the LGPD, you can exercise the following rights over your personal data at any time:

• Confirmation of the existence of processing;
• Access to data;
• Correction of incomplete, inaccurate or outdated data;
• Anonymization, blocking or deletion of unnecessary data;
• Portability to another service provider;
• Deletion of data processed based on consent;
• Information about entities with whom we share your data;
• Revocation of consent.

To exercise any of these rights, send an email to comercial@backstage.local. We will respond within a maximum of 15 days.

8. Cookies and similar technologies

We use a minimal set of cookies, all essential for the operation of the site:

• csrf_token: protection against cross-site request forgery (CSRF) attacks. Validity: until the browser is closed.
• lang: stores the chosen language. Validity: 1 year.
• backstage-theme: stored locally (not sent to the server) to remember the theme preference (light/dark/system).

We do not use advertising or third-party cookies for individual tracking.

9. Information security

We adopt appropriate technical and organizational measures to protect your data, including:

• HTTPS/TLS encrypted traffic in production;
• Storage of administrative passwords with cryptographic hash (bcrypt);
• Least-privilege policy for database access;
• Automated daily backups;
• Sanitized logs (no sensitive personal data in clear text);
• Monitoring of unauthorized access attempts with rate-limit on the admin panel.

10. Children and adolescents

BackStage services are intended for professionals and businesses. We do not intentionally collect data from children or adolescents. Should we become aware of inadvertent collection, we will delete the data immediately.

11. International transfers

Should infrastructure or service providers be located outside Brazil, we ensure that such transfers comply with LGPD requirements (articles 33 to 36) and that these providers offer a level of protection equivalent to that provided by Brazilian law.

12. Changes to this policy

This policy may be updated periodically to reflect changes in our services or in applicable legislation. The date of last update is always indicated at the top of the document. We recommend periodic review.

13. Contact

For any questions regarding this policy, exercise of rights or reporting of a security incident, please contact:

• Email: comercial@backstage.local
• Company: Clave de Som Desenvolvimento de Sistemas