AlphametricsBack to Home

Privacy Policy

Last updated: February 11, 2026 — Effective date: October 29, 2025

1. Introduction

AlphaMetrics Inteligência de Dados e Informática Ltda. (“AlphaMetrics”, “we”, “us”, or “our”), registered under CNPJ 63.414.435/0001-00, headquartered at Al. Rio Negro, 503, Sala 2011, Alphaville, Barueri – SP, 06454-000, Brazil, is committed to protecting the privacy and security of personal data entrusted to us by our clients, their customers, and visitors to our website.

This Privacy Policy explains how we collect, use, store, share, and protect personal data when you use our services, including our marketplace integration platform, analytics dashboards, and related tools. It applies to all data subjects whose information we process on behalf of our clients or directly.

We comply with the Brazilian General Data Protection Law (Lei Geral de Proteção de Dados – LGPD, Law No. 13,709/2018) and adopt best practices aligned with international standards such as the GDPR where applicable.

2. Data Controller & Data Protection Officer

Data Controller: AlphaMetrics Inteligência de Dados e Informática Ltda.

Data Protection Officer (DPO): Atilio Amaral
Email: atilio@alphametrics.com.br

If you have any questions about this policy or wish to exercise your data rights, please contact our DPO at the email above.

3. Data We Collect

We process the following categories of personal data:

  • Client account data: Name, email address, company name, phone number, and billing information provided during registration.
  • Marketplace integration data: OAuth tokens, seller IDs, shop IDs, product listings, order details, pricing, commissions, and shipping information obtained from connected marketplace APIs (e.g., Mercado Livre, Shopee, TikTok Shop) on behalf of our clients.
  • End-customer order data: Buyer names, shipping addresses, phone numbers, and order contents received through marketplace APIs for order management purposes.
  • Usage data: IP addresses, browser type, pages visited, and access timestamps collected automatically when you interact with our platform.
  • Communication data: Messages exchanged through our WhatsApp integration service for automated reporting.

4. How We Use Personal Data

We process personal data for the following purposes:

  • Service delivery: To synchronize marketplace data, generate analytics reports, and provide dashboards to our clients.
  • Order management: To consolidate orders across marketplaces, calculate profitability, and manage shipping labels on behalf of our clients.
  • Authentication: To manage OAuth tokens for secure marketplace API access.
  • Communication: To send automated reports, notifications, and alerts via WhatsApp or email as configured by our clients.
  • Security and fraud prevention: To monitor and protect our systems against unauthorized access.
  • Legal compliance: To comply with applicable laws, regulations, and legal processes.

5. Legal Basis for Processing

Under the LGPD (and GDPR where applicable), we process personal data based on:

  • Performance of a contract: Processing necessary to provide our services as agreed with our clients.
  • Legitimate interest: For analytics, security monitoring, and service improvements.
  • Legal obligation: When required by Brazilian law or regulation.
  • Consent: When specifically required and obtained for optional processing activities.

6. Data Sharing & Third Parties

We may share personal data with:

  • Marketplace platforms: Mercado Livre, Shopee, TikTok Shop, and other connected marketplaces as required by their APIs to provide our services.
  • Cloud infrastructure providers: Supabase (database hosting, United States), Contabo (application server, Germany), and Vercel (frontend hosting, United States).
  • ERP integrations: Bling, Tiny, and other ERP platforms as configured by our clients.
  • Communication services: WhatsApp (via Evolution API) for automated report delivery.

We do not sell personal data to third parties. We only share data as necessary to fulfill our contractual obligations or as required by law.

7. International Data Transfers

Personal data may be stored and processed in the following countries:

  • United States: Database (Supabase/AWS) and frontend hosting (Vercel).
  • Germany: Backend application server (Contabo VPS).
  • Brazil: Company headquarters and primary operations.

All international transfers are conducted with appropriate safeguards, including encryption in transit (TLS 1.2+) and at rest, and contractual clauses with our service providers.

8. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes described in this policy:

  • Client account data: Retained for the duration of the service agreement plus 5 years for legal compliance.
  • Marketplace data: Retained for the duration of the service agreement. Deleted upon client request or contract termination.
  • Usage logs: Retained for up to 12 months.
  • OAuth tokens: Automatically refreshed and overwritten; expired tokens are deleted.

Upon termination of a client relationship, all client data is deleted within 30 days unless legal retention requirements apply.

9. Data Security

We implement technical and organizational measures to protect personal data, including:

  • Encryption of data in transit using HTTPS/TLS across all services.
  • Encryption of data at rest in our database (Supabase managed encryption).
  • Multi-factor authentication (MFA) on all critical systems (GitHub, Supabase, cloud providers).
  • Firewall protection (UFW) with default-deny policy on our servers.
  • Role-based access control with least-privilege principles.
  • Regular security updates and vulnerability patching.

For full details, see our Information Security Policy.

10. Your Rights

Under the LGPD (and GDPR where applicable), you have the following rights regarding your personal data:

  • Access: Request confirmation of whether we process your data and obtain a copy.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your personal data, subject to legal retention obligations.
  • Portability: Request transfer of your data to another service provider.
  • Restriction: Request restriction of processing in certain circumstances.
  • Objection: Object to processing based on legitimate interest.
  • Revocation of consent: Withdraw consent at any time, where processing is based on consent.

To exercise any of these rights, contact our DPO at atilio@alphametrics.com.br. We will respond within 15 business days.

11. Marketplace-Specific Provisions

As a marketplace integration platform, we adhere to the data protection requirements of each connected marketplace:

  • We only access marketplace data explicitly authorized by the seller through OAuth consent flows.
  • We comply with data deletion requests from marketplace platforms (e.g., TikTok Shop, Mercado Livre, Shopee).
  • We do not use marketplace data for purposes other than those disclosed to the seller at the time of authorization.
  • Upon marketplace or seller request, we will delete, update, or provide all stored data within the timeframe specified by the platform's policies.

12. Cookies & Tracking

Our website uses essential cookies for authentication and session management. We do not use third-party advertising or tracking cookies. Analytics, when used, are privacy-respecting and do not track individual users across websites.

13. Children's Privacy

Our services are designed for business use and are not directed at individuals under the age of 18. We do not knowingly collect personal data from children.

14. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or through our platform. The “Last updated” date at the top of this page indicates when the policy was last revised.

15. Contact Information

AlphaMetrics Inteligência de Dados e Informática Ltda.
CNPJ: 63.414.435/0001-00
Al. Rio Negro, 503, Sala 2011
Alphaville, Barueri – SP, 06454-000, Brazil
Email: atilio@alphametrics.com.br