Legal document

Privacy Policy

Last updated: February 18, 2026

1. Who controls the data

This Policy describes how Genne processes personal data from users, customers, partners, and visitors in its digital channels.

Genne Credtech LTDA
CNPJ: 63.491.978/0001-13
Legal Name: Genne Credtech LTDA

2. Data we may collect

Depending on your interaction with our services, we may collect:

  • registration and contact data (name, email, phone, company);
  • usage and browsing data (device, IP, logs, and accessed pages);
  • data required for analysis, fraud prevention, compliance, and security;
  • information provided through support channels, forms, or integrations;
  • data collected with app permissions, such as camera and media files, when you use features that require image capture or upload.

3. Purposes of processing

We use personal data for legitimate purposes, including:

  • registration, authentication, and account management;
  • provision and improvement of platform services;
  • handling requests and communicating with data subjects;
  • execution of app features that depend on the camera, such as capturing evidence, documents, or images linked to operational flows;
  • compliance with legal and regulatory obligations;
  • prevention of fraud, abuse, and security incidents.

4. Legal bases (LGPD)

Personal data processing is based on the legal bases set forth in the Brazilian General Data Protection Law (Law No. 13.709/2018), such as contract performance, compliance with legal or regulatory obligations, legitimate interest, and, when applicable, consent.

5. Data sharing

We may share personal data with:

We always seek to share only the minimum necessary for each purpose.

  • vendors and processors that support our operation;
  • business partners strictly necessary for the service;
  • public authorities, when there is a legal obligation or valid order.

6. Storage and retention

Data is stored for the time necessary to fulfill the purposes of this Policy, observing applicable legal and regulatory periods. After this period, data may be anonymized or deleted, according to the law.

7. Information security

We adopt reasonable technical and administrative measures to protect personal data against unauthorized access, loss, destruction, alteration, or improper processing.

8. Cookies and similar technologies

We may use cookies and similar technologies for authentication, security, metrics, and browsing experience improvement. You can manage cookies in your browser settings, noting that certain features may be affected.

9. App permissions, including camera

The app may request device permissions for specific features. For the android.permission.CAMERA permission, access occurs only when you trigger a feature that requires image capture in the app.

  • the camera is not used secretly, continuously, or in the background;
  • captured images are processed only for the purpose of the feature requested by you;
  • when applicable, images may be stored and shared with processors and partners strictly necessary for service provision, fraud prevention, support, and compliance;
  • the retention period follows Section 6 of this Policy and applicable legal requirements.

10. Data subject rights

Under LGPD, you may exercise, when applicable, the rights to:

In some situations, fulfillment may be limited by legal or regulatory obligations, fraud prevention, security, and protection of third-party rights.

  • confirm the existence of processing and access personal data;
  • correct incomplete, inaccurate, or outdated data;
  • anonymize, block, or delete unnecessary, excessive, or unlawfully processed data;
  • data portability, subject to trade and industrial secrets;
  • information about data sharing;
  • withdraw consent and object to processing, when applicable;
  • request review of automated decisions, when applicable.

11. Personal data deletion

You may request deletion of your personal data through the channels indicated in this Policy. After identity and request validation, Genne will take the applicable measures to delete or anonymize the data, according to the nature of the information and applicable legal basis.

To request account and data deletion in the same flow, access Request data deletion.

  • data without a legal retention obligation may be deleted or anonymized;
  • data required to comply with legal or regulatory obligations may be kept for the period required by law;
  • minimum records may be preserved for fraud prevention, security, and regular exercise of rights in administrative, arbitration, or judicial proceedings.

12. How to exercise your rights and privacy contact

To exercise rights related to personal data, request deletion, or ask questions about this Policy, send your request to contato@genne.co, with the subject "Privacy / LGPD".

This is the official channel to contact the team responsible for privacy and data protection at Genne.

If you understand that your request was not properly handled, you may also seek the channels of the Brazilian National Data Protection Authority (ANPD), under applicable law.

13. Updates to this policy

This Policy may be updated to reflect legal, technical, or operational changes. The current version will always be available on this page, with the last updated date.