1
Introduction
DYNAMICA SOFT SISTEMAS LTDA ("Dynamica Soft", "we", "our", or "us"), registered under CNPJ 15.110.085/0001-38, operates the website dynamicasoft.site and provides custom software development, web systems, mobile applications, and related technology services to clients across Brazil and internationally.
This Privacy Policy describes how we collect, use, store, and protect personal information when you visit our website, submit inquiries through our contact forms, interact with our digital communications, or engage us as a service provider. It also describes the rights available to you under the Brazilian General Data Protection Law (Lei Geral de Proteção de Dados Pessoais — LGPD, Law No. 13.709/2018) and, where applicable to residents of the European Economic Area or United Kingdom, the General Data Protection Regulation (GDPR — Regulation (EU) 2016/679).
By continuing to use our website, you acknowledge that you have read and understood this policy. If you do not agree with any part of it, please discontinue use of our site and contact us directly to discuss alternatives.
We are not in the business of selling personal data. We collect only what we genuinely need to respond to enquiries, improve our services, and run our business. We do not engage in unsolicited email marketing to individuals who have not explicitly requested information from us.
2
Information We Collect
We collect personal information through two distinct channels: information you provide to us directly, and information gathered automatically when you visit our website. We describe each in detail below.
2.1 — Information you provide directly
When you fill out our contact form, request a quote, or reach out to us by email, we collect the following categories of data you choose to share:
- Full name: To address you appropriately in our correspondence.
- Email address: Our primary channel for responding to your enquiry.
- Phone number (optional): If you provide it, we may use it to schedule a discovery call at your request.
- Company or organisation name (optional): Helps us understand the context of your project.
- Project description and any attachments: The information you choose to share about your software or web development needs, including any uploaded files or links.
- Preferred budget range or timeline (optional): Provided voluntarily through our project intake form.
We only collect the minimum information required to respond meaningfully to your enquiry. Fields not marked as required are genuinely optional — leaving them blank will not prevent you from submitting the form.
2.2 — Information collected automatically
When you browse our website, certain technical information is collected automatically by our hosting infrastructure and analytics tools. This may include:
- IP address: Used for server security, fraud prevention, and approximate geographic analytics. We do not use IP addresses to identify individuals.
- Browser type and version, operating system, and device type: Helps us ensure our site renders correctly across devices.
- Pages visited, time spent, and navigation paths: Aggregated to understand how visitors interact with our content and which pages generate the most interest.
- Referring URL: The website or search engine that directed you to us.
- Date and time of visit: Standard server log data retained for security and performance monitoring.
- Cookie identifiers and similar tracking data: Described fully in Section 4 of this policy.
None of this automatically collected data is used to build individual profiles for commercial targeting. It is used exclusively in aggregate form to improve the website experience and measure the effectiveness of our content.
2.3 — Information from business enquiries and client engagements
If you become a client of Dynamica Soft, we will collect additional information necessary to deliver your project — such as billing details, legal entity information, and technical specifications. That information is governed by the service contract between us and falls within the scope of this policy. We do not use it for purposes beyond delivering the contracted services and complying with our legal obligations.
3
How We Use Your Information
We use personal information only for clear, specific purposes. Every use is grounded in one of the following legal bases: your consent, our legitimate interest in operating a commercial business, or compliance with a legal obligation. The table below maps our key processing activities to their purpose and legal basis.
- Responding to enquiries and project proposals: When you submit a contact form or email us, we use your name and contact details to reply and discuss your requirements. Legal basis: performance of a pre-contractual relationship (LGPD Art. 7, VI; GDPR Art. 6(1)(b)).
- Providing and managing our services: We process client data to design, build, test, and deliver software projects. Legal basis: performance of a contract (LGPD Art. 7, V; GDPR Art. 6(1)(b)).
- Issuing invoices and managing payments: Necessary for our legitimate commercial operation and compliance with Brazilian fiscal legislation. Legal basis: legal obligation (LGPD Art. 7, II; GDPR Art. 6(1)(c)).
- Website analytics and improvement: Aggregated, anonymised analytics help us understand which content is useful and where the user experience can be improved. Legal basis: legitimate interest (LGPD Art. 7, IX; GDPR Art. 6(1)(f)).
- Security monitoring and fraud prevention: Server logs and security tools help us detect and block malicious activity. Legal basis: legitimate interest and legal obligation.
- Compliance with legal and regulatory requirements: We may need to retain or disclose data to comply with Brazilian tax law, court orders, or regulatory investigations. Legal basis: legal obligation.
- Sending service updates or project communications: We communicate with active clients about their project status, delivery milestones, and support matters. Legal basis: contract performance.
We do not use your personal information for automated decision-making or profiling that produces legal or similarly significant effects. We do not sell, rent, or lease your personal data to third-party marketers.
4
Cookies & Tracking Technologies
Our website uses cookies and similar technologies. Cookies are small text files stored on your device when you visit a website. They allow us to recognise your browser across pages and visits, understand how the site is used, and ensure certain features work as expected.
4.1 — Types of cookies we use
| Category |
Purpose |
Examples |
Duration |
| Strictly Necessary |
Enable core website functionality such as form submission and session security. The site cannot function without these. |
Session ID, CSRF token |
Session |
| Analytics & Performance |
Collect aggregated, anonymised data about how visitors navigate the site — pages visited, time on page, traffic sources — so we can improve content and usability. |
Google Analytics (_ga, _gid) |
Up to 2 years |
| Advertising & Measurement |
Help measure the effectiveness of advertising campaigns (e.g. Google Ads conversions). No data is shared for audience targeting without your consent. |
_gcl_au (Google Ads) |
90 days |
| Preference |
Remember choices you have made on the site (e.g. cookie consent status) so you are not asked repeatedly. |
consent_prefs |
12 months |
4.2 — Managing your cookie preferences
Strictly necessary cookies do not require your consent because they are essential for the website to operate. For all other cookie categories, we obtain your consent via our cookie banner when you first visit the site. You can update your preferences at any time by clicking "Cookie Settings" in our site footer.
You may also manage or delete cookies directly through your browser settings. Disabling certain cookies may affect some functionality, such as the ability to submit forms or benefit from a pre-populated contact form. Major browsers provide clear instructions for managing cookies:
- Google Chrome: Settings → Privacy and Security → Cookies and other site data
- Mozilla Firefox: Options → Privacy & Security → Cookies and Site Data
- Apple Safari: Preferences → Privacy → Manage Website Data
- Microsoft Edge: Settings → Cookies and site permissions
4.3 — Google Analytics and Google Ads
We use Google Analytics 4 (operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) to analyse website traffic. We have enabled IP anonymisation, which means your full IP address is never stored by Google. Data is processed on the basis of your consent and our legitimate interest in understanding site performance. You can opt out globally via the Google Analytics Opt-out Browser Add-on.
We may run campaigns through Google Ads and use conversion tracking to measure whether visitors who clicked an advertisement took a meaningful action on our site (such as submitting a contact form). This involves a cookie placed on your device only after you click our advertisement. We do not use remarketing audiences based on sensitive data categories.
5
Sharing With Third Parties
We do not sell, trade, or transfer your personal data to outside parties for their own commercial purposes. We share data only in the limited circumstances below, and always with appropriate safeguards in place.
-
Service providers acting as data processors: We engage trusted technology partners to help operate our website and business — including hosting providers (such as cloud infrastructure in Brazil or the EU), email delivery services, and analytics platforms. These providers are contractually bound to process your data only on our instructions and may not use it for any other purpose.
-
Google LLC (Analytics and Ads): As described in Section 4. Google may transfer data outside Brazil or the EU under its Standard Contractual Clauses. You can review Google's privacy practices at policies.google.com/privacy.
-
Legal authorities: We may disclose personal data to courts, regulatory bodies, law enforcement agencies, or tax authorities when required to do so by Brazilian law (including the Marco Civil da Internet, Law No. 12.965/2014), a valid court order, or equivalent legislation applicable to data subjects in other jurisdictions.
-
Professional advisors: Our legal counsel, accountants, and auditors may have access to personal data strictly as needed to provide their services. They are bound by professional confidentiality obligations.
-
Business transfers: In the event that Dynamica Soft undergoes a merger, acquisition, or sale of assets, personal data may be transferred to the successor entity. We will notify affected data subjects via the email address on record before any such transfer takes effect, and we will ensure the acquiring entity honours this policy or obtains fresh consent.
Whenever data is transferred outside Brazil to countries that do not offer an equivalent level of data protection, we ensure appropriate safeguards are in place — such as Standard Contractual Clauses (approved by the European Commission) or equivalent mechanisms recognised by Brazil's National Data Protection Authority (ANPD).
6
Data Retention
We retain personal information only for as long as necessary to fulfil the purpose for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements. The following retention periods apply as a general guide:
- Contact form submissions that do not result in a contract: Retained for up to 12 months from the date of submission, after which they are securely deleted. This period allows us to follow up on proposals and maintain a record of communications.
- Client project records (contracts, deliverables, invoices): Retained for a minimum of 5 years after project completion, in accordance with Brazilian Civil Code (Art. 206) and tax legislation requirements.
- Fiscal and accounting records: Retained for at least 5 years as required by Brazilian tax law (Lei 9.430/1996 and related regulations).
- Server access logs (IP addresses and timestamps): Retained for 6 months in compliance with Brazil's Marco Civil da Internet (Art. 15), unless extended by a court order or security investigation.
- Analytics data (Google Analytics): Configured to a 14-month retention window within Google Analytics, after which data is automatically deleted from Google's servers.
- Cookie consent records: Retained for 12 months so we can demonstrate your consent was properly obtained.
When retention periods expire, we delete data using secure methods appropriate to the medium — for digital records, this means cryptographic erasure or overwriting; for any physical documents, shredding. If you request deletion of your data before a retention period has expired, we will comply unless we are required by law to retain it, in which case we will explain the limitation and scope it as narrowly as possible.
7
Data Security
We implement technical and organisational measures designed to protect your personal information against accidental loss, unauthorised access, alteration, or disclosure. Because Dynamica Soft is itself a technology company, security is not an afterthought — it is part of how we build and operate systems for ourselves and our clients.
- Encryption in transit: All data transmitted between your browser and our web server is encrypted using TLS 1.2 or higher (HTTPS). We enforce HTTPS across the entire domain and reject insecure connections.
- Encryption at rest: Data stored on our servers and cloud infrastructure is encrypted at rest using industry-standard AES-256 encryption.
- Access controls: Access to systems that process personal data is restricted to authorised team members on a need-to-know basis. We use strong authentication, including multi-factor authentication, for all administrative access.
- Vendor security assessments: Third-party providers who handle personal data on our behalf are evaluated for their security practices and required to maintain appropriate safeguards as a condition of engagement.
- Secure development practices: As a software development company, we apply secure coding standards (OWASP guidelines) to our own infrastructure, including input validation, protection against SQL injection, cross-site scripting, and cross-site request forgery.
- Regular backups: Website and database backups are performed regularly and stored in geographically separate locations to ensure resilience.
Despite these measures, no method of transmission over the internet or electronic storage is 100% secure. If you have reason to believe that your interaction with us is no longer secure — for example, if you feel your account has been compromised — please notify us immediately at contato@dynamicasoft.site.
In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant authorities and affected individuals within the timeframe required by applicable law (72 hours under GDPR; "reasonable time" as defined by ANPD guidelines under LGPD).
8
Your Rights
Depending on your country of residence, you are entitled to a number of rights regarding your personal data. We are committed to honouring these rights promptly and without unnecessary friction. Brazilian residents are covered by the LGPD (Art. 18); residents of the EU/EEA are covered by GDPR (Art. 15–22).
Right of Access
Request a copy of the personal data we hold about you, including information on how it is being used and with whom it has been shared.
Right to Correction
Ask us to update or correct any inaccurate or incomplete personal data we hold about you.
Right to Deletion
Request that we delete your personal data where it is no longer necessary for the purposes for which it was collected, or where you withdraw consent. Subject to our legal retention obligations.
Right to Object
Object to the processing of your data where we rely on legitimate interest as our legal basis. We will stop processing unless we can demonstrate compelling grounds that override your interests.
Right to Restriction
Request that we restrict processing of your data — for example, while we investigate the accuracy of the data or the validity of your objection.
Right to Portability
Receive your personal data in a structured, commonly used, machine-readable format (such as CSV or JSON) and, where technically feasible, request its transfer to another controller.
Right to Withdraw Consent
Where processing is based on your consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.
Right to Complain
Lodge a complaint with Brazil's ANPD (anpd.gov.br) or your local EU supervisory authority if you believe your rights have not been respected.
How to exercise your rights
To exercise any of the rights listed above, please send a written request to contato@dynamicasoft.site with the subject line "Data Rights Request". Include your full name and, where applicable, the email address you used when contacting us, so we can verify your identity before processing the request. We will not charge a fee for reasonable requests.
We aim to respond to all legitimate requests within 15 business days. In complex cases, we may extend this by a further 30 days, in which case we will notify you and explain the reason for the delay. If we are unable to comply with a request — for example, because legal retention obligations prevent deletion — we will explain our reasoning clearly.
Brazilian residents also have the right to know whether we make automated decisions and to request human review of any automated decision that significantly affects them. At present, we do not engage in any automated decision-making of this nature.
9
Children's Privacy
Our website and services are directed exclusively at business professionals and are not intended for children under the age of 18. We do not knowingly collect personal information from minors.
If you are a parent or guardian and believe that a minor has submitted personal information to us without your consent, please contact us immediately at contato@dynamicasoft.site. We will promptly investigate and, if confirmed, delete any such data from our systems.
Under the LGPD (Art. 14), the processing of personal data belonging to children requires the consent of a parent or legal guardian and must be conducted in the child's best interest. We have no systems or processes designed to solicit information from individuals under 18, and our website does not feature any content directed at that demographic.
10
Changes to This Policy
We review this Privacy Policy periodically and may update it to reflect changes in our data practices, new legal requirements, or feedback from users and regulators. When we make material changes — meaning changes that meaningfully alter your rights or how your data is handled — we will take reasonable steps to notify you.
Notification methods may include posting a prominent notice on our homepage, updating the "Last updated" date at the top of this page, or, where we have your email address and the change is significant, sending a direct notification.
We encourage you to revisit this page periodically so you remain informed of how we handle your information. Archived versions of previous policies are available upon request by emailing contato@dynamicasoft.site.
Continued use of our website following the posting of an updated policy constitutes your acknowledgement of the updated terms. If you disagree with any revised version of this policy, please discontinue use of the website and contact us to discuss your situation.
11
Contact Us
If you have any questions about this Privacy Policy, wish to exercise your data rights, or want to report a concern about how your personal information has been handled, please reach out to us using the details below. We take privacy enquiries seriously and are committed to resolving them promptly and transparently.
If you are based in the European Union or EEA and are unsatisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority. A full list of EU supervisory authorities is available at edpb.europa.eu. Brazilian residents may contact the Autoridade Nacional de Proteção de Dados (ANPD) at www.gov.br/anpd.