Privacy Policy

This Privacy Policy describes how FazMercado ("we," "our," or "us") collects, uses, and protects your personal information when you use Sentinel, our OSINT monitoring service. We are committed to protecting your privacy and ensuring compliance with the Brazilian General Data Protection Law (LGPD - Lei Geral de Proteção de Dados) and the European General Data Protection Regulation (GDPR).

Data Controller

FazMercado
Email: contact@fazmercado.com
Telegram: @FazMercado_SentinelBot

Data We Collect

We collect the following types of personal data:

Account and Identification Data

• Telegram Chat ID (unique identifier from Telegram)
• Email address (verified during onboarding)
• IP address (when available, for audit purposes)

Service Configuration Data

• Sector selection (Food or Energy)
• Subsegment configuration
• Regions monitored
• Critical dependencies
• Alert sensitivity settings
• Alert channel preferences (Telegram, WhatsApp, Email)

Usage and Interaction Data

• Terms acceptance records (timestamp, user ID, IP)
• Email verification codes and timestamps
• Alert delivery logs
• System interaction logs (for debugging and improvement)

Data We Do NOT Collect

• Payment information (handled by third-party payment processors)
• Sensitive personal data (race, religion, political opinions, health data)
• Location data beyond declared monitoring regions
• Content of private messages (only system commands are processed)

Purpose of Data Processing

We process your personal data for the following purposes:

• Service Delivery: To provide OSINT monitoring services according to your configuration
• Alert Delivery: To send alerts via your preferred channels (Telegram, WhatsApp, Email)
• Account Management: To manage your account, subscriptions, and service configuration
• Legal Compliance: To maintain audit logs of terms acceptance and data processing activities
• Service Improvement: To improve system performance, reliability, and user experience
• Security: To detect and prevent fraud, abuse, and unauthorized access

Legal Basis for Processing

We process your personal data based on the following legal grounds:

• Contract Performance: Processing necessary to provide the services you have requested
• Legitimate Interest: Processing for service improvement, security, and fraud prevention
• Legal Obligation: Processing required to comply with legal and regulatory requirements
• Consent: Where you have provided explicit consent (e.g., terms acceptance, email verification)

Data Sharing and Disclosure

We do not sell, rent, or trade your personal data. We may share your data only in the following circumstances:

Service Providers

We may share data with essential service providers who assist in operating Sentinel:

• Telegram (for bot messaging services)
• Email service providers (for alert delivery and verification)
• Cloud infrastructure providers (for hosting and data storage)
• Database and analytics services (for system monitoring)

All service providers are contractually obligated to protect your data and use it only for specified purposes.

Legal Requirements

We may disclose your data if required by law, court order, or government regulation, or to:

• Comply with legal obligations
• Protect our rights and property
• Prevent fraud or abuse
• Protect the safety of users or the public

Data Retention

We retain your personal data according to the following schedule:

Account Data

• Active Accounts: Retained while your account is active
• Deleted Accounts: Soft-deleted data retained for 90 days, then permanently deleted
• Audit Logs: Retained for 5 years for legal compliance

Service Data

• Events with Alerts: Retained for 90 days
• Events without Alerts: Retained for 30 days
• CRITICAL Alerts: Retained for 365 days
• RISK Alerts: Retained for 180 days
• INFO Alerts: Retained for 90 days

After retention periods expire, data is automatically purged from our systems. You may request earlier deletion of your data (subject to legal requirements).

Your Rights (LGPD/GDPR)

Under LGPD and GDPR, you have the following rights regarding your personal data:

To exercise any of these rights, contact us at contact@fazmercado.com or via Telegram bot. We will respond within 30 days.

Data Security

We implement appropriate technical and organizational measures to protect your personal data:

• Encryption of data in transit (TLS/SSL)
• Encryption of sensitive data at rest
• Access controls and authentication
• Regular security audits and assessments
• Secure backup and disaster recovery procedures
• Employee training on data protection

However, no method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence. We ensure appropriate safeguards are in place for such transfers:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Compliance with LGPD requirements for international transfers
• Data processing agreements with service providers

Cookies and Tracking Technologies

Sentinel is primarily a chat-based service. Our web pages may use minimal cookies for:

• Essential functionality (session management)
• Analytics (to improve website performance)

We do not use cookies for advertising or third-party tracking. You can control cookies through your browser settings.

Children's Privacy

Sentinel is not intended for users under 18 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

• Posting the updated policy on this page
• Updating the "Last updated" date
• Sending notification via Telegram or email for material changes

Your continued use of Sentinel after changes constitutes acceptance of the updated policy.