Privacy Policy

This Privacy Policy contains information about the collection, use, storage, processing, and protection of personal data of users and visitors of the eAgenda platform and the websites eagenda.com.br, eagendas.com, and minhaagendavirtual.com.br, as well as the eAgenda mobile application for Android, in order to demonstrate absolute transparency on the subject and clarify to all interested parties about the types of data collected, the reasons for collection, and how users can manage or delete their personal information.

This Privacy Policy applies to all users and visitors of the eAgenda platform and was prepared in compliance with the Brazilian General Data Protection Law (Law 13,709/18 — LGPD), the Brazilian Internet Civil Framework (Law 12,965/14), and EU Regulation No. 2016/679 (GDPR). It may be updated due to any regulatory changes, and users are invited to periodically consult this section.

The data controller is MUPI SYSTEMS LTDA, registered under CNPJ No. 26.882.608/0001-80, referred to in this document as the "Controller".

User and visitor personal data is collected by the platform as follows:

• When the user creates an account/profile on the eAgenda platform: this data consists of basic identification information such as full name, email, date of birth, phone number, and address. From this data, we can identify the user, ensuring greater security and meeting their needs. Users are aware that their profile on the platform will be accessible to other users of the eAgenda platform.
• When a user or visitor accesses eAgenda platform pages: interaction and access information is collected by the company to ensure a better experience for the user and visitor. This data may include keywords used in searches, sharing of specific documents, comments, page views, profiles, the URL from which the user and visitor came, the browser they use, and their access IPs, among others that may be stored and retained.

The personal data collected from users and visitors includes:

• Account/profile creation data: full name, email, date of birth, phone number, and address.
• Navigation optimization data: page access, keywords used in searches, recommendations, comments, interaction with other profiles and users, followed profiles, IP address.
• Transaction data: payment and transaction data such as credit card number and other card information, as well as payments made.
• Newsletter: email.
• Mobile app data: authentication data, organization information, appointment details, participant names and contacts, device technical data.

Personal data collected and stored by the eAgenda platform serves the following purposes:

• User well-being: improve the product and/or service offered, facilitate and fulfill commitments established between the user and the company, enhance user experience, and provide specific functionalities based on user characteristics.
• Platform improvements: understand how the user uses the platform's services to help with business and technical development.
• User profiling: automated processing of personal data to evaluate platform usage.
• Registration data: to allow user access to certain platform content exclusive to registered users.
• Contractual data: to provide legal security to the parties and ad targeting.
• Commercial: data is used to personalize offered content and generate general statistics for the company.

Processing of personal data for purposes not foreseen in this Privacy Policy will only occur upon prior communication to the user, so that the rights and obligations herein provided remain applicable.

User and visitor personal data is stored by the platform for the period necessary to provide the service or fulfill the purposes set forth in this document, in accordance with Article 15, item I, of Law 13,709/18.

Data may be removed or anonymized at the user's request, except in cases where the law provides otherwise.

Furthermore, users' personal data may only be retained after the end of processing in the following cases provided for in Article 16 of the aforementioned law:

• Compliance with a legal or regulatory obligation by the controller;
• Study by a research body, ensuring, whenever possible, the anonymization of personal data;
• Transfer to a third party, provided the data processing requirements set forth in this Law are respected;
• Exclusive use by the controller, with access by third parties prohibited, and provided the data is anonymized.

Retention periods:

• Personal registration data: 5 years after account cancellation;
• Digital identification data: 6 months, in accordance with applicable legislation.

The platform commits to applying appropriate technical and organizational measures to protect personal data from unauthorized access and situations of destruction, loss, alteration, communication, or dissemination of such data.

The platform commits to notifying the user in case of any security breach of their personal data.

Stored personal data is treated with confidentiality, within legal limits. However, we may disclose your personal information if required by law or if you violate our Terms of Service.

Security measures:

• TLS 1.2 or higher encryption for data in transit;
• Passwords protected via bcrypt/Argon2;
• Storage in ISO 27001 certified data centers located in the USA, United Kingdom, Germany, or Brazil.

Cookies are small text files sent by the platform to your computer and stored on it, containing information related to browsing. We use the following cookies:

• Google Analytics: for traffic analysis and user behavior on the site;
• Google AdWords: for conversion tracking and remarketing;
• DoubleClick: for behavioral advertising.

Users can disable cookies in their browser settings. Disabling cookies may affect some website functionalities.

Platform users have the following rights, granted by the Data Protection Law and the GDPR:

• Confirmation of the existence of processing;
• Access to data;
• Correction of incomplete, inaccurate, or outdated data;
• Anonymization, blocking, or deletion of unnecessary or excessive data;
• Data portability to another service or product provider;
• Deletion of personal data processed with the data subject's consent;
• Information about the possibility of not providing consent and the consequences of refusal;
• Revocation of consent.

Withdrawal of consent for essential services may affect platform functionality. Withdrawal of consent for optional services maintains service availability.

To exercise your rights or clarify any questions about this Privacy Policy, please contact us:

• Email: contato@mupisystems.com.br
• Response time: 15 business days, extendable by an equal period, in accordance with Article 18 of the LGPD.