Privacy Policy
Last updated: May 17, 2026.
1. Who we are
Attendari is a SaaS product operated by Oligon Technology (Brazilian CNPJ 65.292.100/0001-84). Our Data Protection Officer (DPO) can be reached at [email protected].
2. Who this applies to
This policy applies to business owners (Attendari customers) who sign up to the app, and to end customers of those businesses whose WhatsApp messages are processed by our platform.
3. Data we collect
3.1 Business owners
- Email (authentication)
- Business name, address (optional)
- Payment-collection key (Pix or equivalent)
- WhatsApp Business identifiers (Phone Number ID, WABA ID)
- Subscription payment data (handled by Stripe โ we do not store card details)
3.2 End customers
- WhatsApp number and profile name (when provided by the WhatsApp profile)
- Content of messages exchanged with the Attendari AI
- Booking and payment history
4. Legal bases (LGPD Art. 7 / GDPR Art. 6)
- Contract performance: data necessary to deliver the service
- Legitimate interest: product improvement, fraud prevention
- Consent: marketing communications (opt-in)
- Legal obligation: tax retention, response to authorities
5. How we use data
- Operate the service: reply via AI, generate payment links, schedule
- Charge the monthly/annual subscription
- Technical support
- Aggregate analytics (no individual identification) to improve the product
6. Sharing with third parties
We share strictly operational data with:
- Anthropic PBC (Claude API) โ message content, no direct identifiers
- Meta Platforms (WhatsApp Business API) โ numbers and messages
- Mercado Pago โ data needed to collect Pix deposits
- Stripe โ data needed for subscription billing
- Cloudflare โ hosting, database, and edge processing
We do not sell personal data. We do not use one customer's data to train models shared across customers.
7. Retention
- Account data: while the subscription is active + 6 months
- WhatsApp messages: 12 months (or per the business's policy)
- Technical logs: 90 days
- Tax-related data: 5 years (legal requirement)
8. Your rights (LGPD Art. 18)
You may, at any time, request:
- Confirmation of processing
- Access to your data
- Correction of incomplete or outdated data
- Anonymization, blocking, or deletion
- Portability
- Deletion of data processed under consent
- Information about sharing
- Withdrawal of consent
To exercise any right, write to [email protected]. We respond within 15 days.
9. Security
- Encryption in transit (TLS 1.2+) and at rest
- Multi-factor authentication available
- Access logs for sensitive data
- Daily backups, 30-day retention
10. Cookies
attendari.com uses strictly functional cookies (login session). The dashboard uses an Attendari-issued session cookie (HttpOnly, Secure, SameSite=Lax). No advertising or third-party tracking cookies.
11. Changes
This policy may be updated. Material changes will be communicated 30 days in advance via email to registered business owners.
12. Contact
Questions? [email protected].