Privacy Policy
Last updated: May 14, 2026
This Privacy Policy explains how Clave de Som Desenvolvimento de Sistemas ("Clave de Som", "we") collects, uses, stores and protects personal data from BackStage website visitors and people who contact us. It is based on Brazil's General Personal Data Protection Law (Law No. 13,709/2018 — LGPD).
1. Who we are and privacy channel
Clave de Som Desenvolvimento de Sistemas is the controller of personal data collected through this website. Requests from data subjects, privacy questions, communications to the data protection contact or incident reports may be sent to contato@clavedesom.dev.br.
2. Data we collect
- Contact form: name, email, phone (optional), company (optional), subject (optional) and message.
- Demo request form: name, work email, company, role (optional), team size (optional), selected interests, phone and message (optional).
- Automatic technical data: IP address, date and time, accessed route, browser, operating system, language and technical events needed for security, audit and operation.
- Cookies and local storage: CSRF token, selected language, theme preference and record of acceptance/rejection of optional cookies. See section 8.
- Audience metrics: when enabled and accepted in the banner, we use Plausible for aggregated metrics, without tracking cookies or individual identification.
3. How we use data
- To respond to contact requests and commercial questions;
- To schedule, prepare and conduct product demos;
- To register and follow up leads in the administrative panel;
- To send operational communications related to the request submitted;
- To ensure security and prevent abuse, fraud, spam and unauthorized access;
- To comply with legal and regulatory obligations;
- To measure website audience in aggregated form when the visitor accepts this option.
4. Legal bases
- Pre-contractual steps or contract performance: to respond to commercial contacts, schedule demos and handle requests made by the data subject or by the company they represent.
- Legitimate interest: for security, abuse prevention, technical records, responding to received communications and organizing commercial relationships, while considering the data subject's expectations and rights.
- Consent: for optional audience metrics cookies/scripts, when configured and accepted by the visitor.
- Compliance with legal or regulatory obligation: when legal retention, response to competent authority or preservation of rights is required.
5. Sharing
We do not sell or rent personal data. We may share strictly necessary data with:
- Hosting, database and infrastructure providers to keep the site and backups running.
- Transactional email providers to send internal notifications and allow replies to received contacts.
- Automatic translation services only for editorial texts in the admin panel, when configured by an administrator.
- Audience analytics via Plausible, when configured and accepted in the banner, in aggregated form and without tracking cookies.
- Public authorities upon court order, valid legal request or need to preserve rights.
Processors must handle data according to our instructions and apply security measures compatible with the LGPD.
6. Retention
- Leads and demo requests: up to 24 months after the last commercial interaction, unless there is a contract, ongoing negotiation, applicable deletion request or legal retention obligation.
- Technical application and security logs: up to 6 months, unless needed for investigation, fraud prevention, exercise of rights or legal obligation.
- Session and security cookies: for the time needed for the session or request to function.
- Preferences and cookie consent: up to 1 year, or until the visitor changes/removes preferences in the browser.
7. Your rights
Under the LGPD, you may request confirmation of processing, access, correction, anonymization, blocking, deletion, portability, information on sharing, consent withdrawal, objection to legitimate-interest processing when applicable, and review of exclusively automated decisions if they ever exist.
To exercise rights, email contato@clavedesom.dev.br. We may request additional information to confirm your identity and protect your data. We will respond within a timeframe compatible with the LGPD and ANPD rules.
8. Cookies and similar technologies
- csrf_token: essential security cookie for CSRF protection. It lasts until the browser is closed.
- lang: stores the selected language. Duration: up to 1 year.
- cookie_consent: records acceptance or rejection of optional cookies. Duration: up to 1 year.
- backstage-theme: browser local storage for theme preference. It is not sent to the server.
If analytics is configured, it is loaded only after acceptance in the banner. We do not use advertising cookies or behavioral tracking.
9. Information security
We apply technical and organizational measures including HTTPS/TLS in production, bcrypt password hashing, administrative access control with authentication, CSRF, rate limits and session validation, upload restrictions, least-privilege database access, automated backups, reduced sensitive data in logs, security headers, HTML sanitization and SQL injection protections.
10. Children and teenagers
The website is intended for professionals and companies. We do not intentionally collect data from children or teenagers. If we identify inadvertent collection, we will delete the applicable data.
11. International transfers
Some infrastructure, email, analytics or translation providers may be located outside Brazil or process data in other countries. In such cases, we use providers and configurations compatible with data protection and security standards, observing LGPD requirements for international transfers.
12. Changes to this policy
This policy may be updated to reflect changes in the site, providers used or law. The last update date will remain indicated at the top.
13. Contact
- Email: contato@clavedesom.dev.br
- Company: Clave de Som Desenvolvimento de Sistemas