Privacy Policy

Effective Date: September 17, 2025
Last Updated: September 17, 2025

This Privacy Policy applies to all services and digital platforms operated by Zenitar, including its business units BRANDX (marketing & design), MERIDIAN (software solutions), and affiliated services such as academy, web development, and consulting solutions (collectively referred to as “we,” “our,” or “the Company”).

We are committed to protecting your privacy and handling your data in compliance with applicable laws, regulations, and platform requirements, including but not limited to Meta, LinkedIn, YouTube, TikTok, Google, the General Data Protection Regulation (GDPR), the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), and the Lei Geral de Proteção de Dados (LGPD).

1. Information We Collect

   1. We may collect and process the following categories of personal data:
      1. Identification Data: Name, surname, job title, company name.
      2. Contact Data: Email address, phone number, social media handles.
      3. Business Data: Information you upload or enter into our systems, including files, procedures, and business records.
      4. Transaction Data: Payment information when applicable (processed securely via third-party providers).
      5. Technical Data: Device information, browser type, IP address, non-precise geolocation data (such as city or country level derived from your IP address), and usage patterns (via analytics and cookies).
      6. Content Data: Files, documents, or other information you choose to upload to our platforms.
      7. Special Categories of Personal Data: Our services are not designed to collect or process special categories of personal data as defined under GDPR (e.g., data revealing racial or ethnic origin, political opinions, religious beliefs, health, or biometric data). We request that you do not upload or provide such information through our platforms. If we become aware that we have inadvertently collected such data, we will take steps to securely delete it.

2. Legal Basis for Processing

   1. We process your personal data only when we have a valid legal basis to do so. The specific basis depends on the context of the processing activity:
      1. Contract: To deliver our services and manage our client relationships (e.g., consulting, software solutions).
      2. Consent: For marketing communications, targeted advertising, and the use of non-essential cookies. You may withdraw consent at any time.
      3. Legal Obligations: To comply with financial, regulatory, or other legal requirements.
      4. Legitimate Interests: To improve our services, ensure platform security, and market to existing clients about similar services, provided these interests do not override your rights and interests.

3. How We Use Your Data

   1. We process personal data strictly for business purposes, including:
      1. Delivering consulting, design, software, and academy services.
      2. Operating and improving workflows, intranets, and customer platforms.
      3. Communicating with clients regarding projects, updates, and marketing initiatives.
      4. Recruiting, onboarding, and managing business partners or collaborators.
      5. Conducting analytics, reporting, and marketing activities across digital platforms.
      6. Providing targeted advertising and remarketing on platforms such as Meta, LinkedIn, Google, TikTok, and YouTube.
      7. Complying with legal, regulatory, and contractual obligations.
      8. Marketing and Advertising
   2. With your explicit consent, we may use your contact and technical data to provide you with marketing communications or deliver targeted advertising. This may involve sharing limited data with advertising partners to create custom audiences or display relevant ads on their platforms. You may withdraw consent at any time by adjusting your cookie preferences or unsubscribing from our communications.
   3. We comply with all platform-specific data use policies and do not use collected data to create or infer sensitive characteristics for ad targeting.

4. Data Sharing

   1. We do not sell personal data. Data may be shared only in the following contexts with parties who are contractually obligated to protect it:
      1. Cloud Infrastructure & Hosting Providers: For secure storage and system operation.
      2. Analytics & Performance Tools: To understand how users interact with our services.
      3. CRM & Communication Platforms: To manage client relationships and communications.
      4. Advertising Partners: To conduct remarketing and targeted advertising based on your consent.
      5. Payment Processors: To securely handle financial transactions.
   2. Other Sharing Contexts:
      1. Legal Compliance: When required by law, regulation, or valid legal process.
      2. Business Continuity: In case of mergers, acquisitions, or restructuring of the Company.

5. Data Retention

   1. We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.
   2. Client Files & Project Data: Up to 5 years following project completion.
   3. Contact Data (for marketing): Until consent is withdrawn or the data is no longer required.
   4. Technical & Analytics Data: Up to 24 months, unless anonymized earlier.
   5. Minimum Retention: 6 months to meet operational and legal requirements.
   6. Data is anonymized or securely deleted after the applicable retention period.

6. Data Security

   1. We implement administrative, technical, and physical safeguards to protect personal data against unauthorized access, loss, misuse, or disclosure, including but not limited to:
      1. Encryption in transit and at rest (where applicable).
      2. Access controls, authentication, and monitoring.
      3. Secure storage on trusted cloud providers.
      4. Internal policies for employee and partner access.
   2. Despite these measures, no system can be guaranteed 100% secure.

7. Data Breach Notification

   1. In the event of a data breach affecting personal data, we will notify affected users and regulators in line with applicable laws (e.g., within 72 hours where feasible under GDPR) within the required timeframes.

8. User Rights

   1. Depending on your jurisdiction, you may have the right to:
      1. Access, correct, or delete your personal data.
      2. Restrict or object to the processing of your data.
      3. Withdraw consent for data processing (when applicable).
      4. Request data portability to another provider.
      5. File a complaint with a supervisory authority.
      6. Requests can be submitted to the contact details provided in Section 14.
      7. Rights of California Residents (CCPA/CPRA)
   2. If you are a California resident, you have the following rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act:
      1. Right to Know: The right to request information about the categories and specific pieces of personal information we have collected about you.
      2. Right to Delete: The right to request the deletion of your personal information.
      3. Right to Correct: The right to request the correction of inaccurate personal information.
      4. Right to Opt-Out of Sale/Sharing: We may use advertising services that could be considered “selling” or “sharing” under CPRA (e.g., cross-context behavioral advertising). You have the right to opt out by clicking the “Do Not Sell or Share My Personal Information” link in our website footer or by enabling a Global Privacy Control (GPC) signal.
      5. Right to Limit Use of Sensitive Personal Information: We do not use sensitive personal information for purposes beyond what is reasonably necessary to perform our services, unless you provide consent.
      6. Right to Non-Discrimination: You will not be discriminated against for exercising your privacy rights.

9. Cookies and Consent

   1. Our websites and platforms use cookies and similar technologies for functionality, analytics, and marketing. For detailed information on the cookies we use, their purposes, and how you can manage your preferences, please see our [Link to Cookie Policy].
   2. Where required by law (e.g., GDPR, LGPD), we do not deploy non-essential cookies without your affirmative consent, which you can manage through our cookie consent banner. Marketing communications always include opt-out links for unsubscribing.

10. International Data Transfers

    1. Data may be transferred and processed across North, Central, and South America, and other jurisdictions where our partners or providers operate. We ensure that all transfers comply with applicable data protection laws through recognized safeguards such as Standard Contractual Clauses (SCCs), Transfer Impact Assessments (TIAs), adequacy decisions, or equivalent legal mechanisms.

11. Automated Processing and AI

    1. We may use automated systems, including AI-driven analytics, to support decision-making in marketing, operations, and consulting.
    2. No automated decision produces legal or similarly significant effects on individuals without human review and oversight.
    3. You have the right to request information about how automated systems are used in relation to your personal data.

12. Children’s Privacy

    1. Our services are not directed to children under 13 years old in the United States (or under the age of digital consent in other jurisdictions, which may range between 13 and 16 in the European Union, and 18 in Brazil unless a legal guardian provides consent). We do not knowingly collect personal data from minors.

13. Updates to This Policy

    1. We may update this Privacy Policy from time to time to reflect operational, legal, or regulatory changes. Updates will be posted with the “Last Updated” date. Continued use of our services constitutes acceptance of the revised Policy.

14. Contact

    1. For questions, concerns, or to exercise your rights under this Policy, please contact our Privacy Team / Data Protection Officer at:
       1.  [Insert Privacy Contact Email]
       2.  [Insert Full, Valid Business Address]