LEGAL DOCUMENTS

Privacy Policy

SEALBA APP TECNOLOGIA LTDA
Company ID (CNPJ): [pending registration]
Registered address: Nossa Senhora da Glória, Sergipe, Brazil
Data Protection Officer (DPO): dpo@sealbaapp.com
General contact: contato@sealbaapp.com
Last updated: [PUBLICATION DATE]

1. INTRODUCTION

SEALBA APP TECNOLOGIA LTDA ("SEALBA APP", "we", "us", "our") respects the privacy of visitors to sealba.com (the "Site"). This Privacy Policy describes how we collect, use, store, share and protect users' personal data, in compliance with the Brazilian General Data Protection Law (Lei nº 13.709/2018 — LGPD), the European Union General Data Protection Regulation (Regulation EU 2016/679 — GDPR), the California Consumer Privacy Act (CCPA), and other applicable laws.

By using our Site, you agree to the terms described in this Policy. If you do not agree, we recommend that you do not use the Site.

2. WHO WE ARE

SEALBA APP is a Brazilian technology company focused on the agribusiness of the Brazilian Northeast, primarily operating in the states of Sergipe, Alagoas and Bahia. We act as the data controller of personal data collected through this Site, under article 5, VI, of LGPD and article 4(7) of GDPR.

3. WHAT DATA WE COLLECT

3.1. Data you provide directly

We collect the following information when you voluntarily interact with the Site:

Identification: full name, tax ID (when applicable), date of birth
Contact: email address, phone/WhatsApp number, postal address
Professional: profession, company, position, rural property size, agricultural activity
Message content: text sent through contact forms, comments, suggestions
Preferences: interests in content, events, products and services

3.2. Data collected automatically

When you access the Site, we automatically collect:

Technical data: IP address, browser type and version, operating system, device used
Navigation data: pages visited, time spent, links clicked, traffic source
Cookies and similar technologies: as detailed in our Cookies Policy
Approximate geolocation data: based on IP address (city/state/country)

3.3. Third-party data

Occasionally we receive data from:

Social networks: when you interact with our official pages
Commercial partners: when authorized by you
Public sources: data from companies registered in official bodies

4. HOW WE USE YOUR DATA

We use your personal data for the following purposes, always based on legal grounds:

Purpose	Legal basis (LGPD / GDPR)
Respond to contact requests	Pre-contractual measures (LGPD art. 7, V / GDPR art. 6(1)(b))
Send newsletter and content	Consent (LGPD art. 7, I / GDPR art. 6(1)(a))
Notify about events and news	Consent (LGPD art. 7, I / GDPR art. 6(1)(a))
Conduct market and satisfaction research	Legitimate interest (LGPD art. 7, IX / GDPR art. 6(1)(f))
Comply with legal and regulatory obligations	Legal obligation (LGPD art. 7, II / GDPR art. 6(1)(c))
Prevent fraud and protect Site security	Legitimate interest
Statistical analysis and Site improvement	Legitimate interest
Content personalization	Consent

5. WHO WE SHARE YOUR DATA WITH

SEALBA APP does not sell personal data. We share your data only with:

Service providers (processors) that assist us technologically: cloud hosting, email marketing, analytics, payment processing — always under contracts with data protection clauses
Commercial partners expressly authorized by you
Public authorities when required by law, court order or competent authority request
In case of corporate reorganization (merger, acquisition, asset sale), with prior notification to data subjects

5.1. International data transfer

Some service providers we use are located abroad (United States, European Union). When there is international transfer, we ensure that the recipient offers an adequate level of personal data protection, in accordance with LGPD article 33 and GDPR articles 44-49.

For transfers to the European Union, we rely on: - Adequacy decisions from the European Commission - Standard Contractual Clauses (SCCs) - Binding Corporate Rules (BCRs) when applicable

6. HOW LONG WE STORE YOUR DATA

We retain your personal data for the period necessary to fulfill the purposes for which it was collected:

Registration/contact data: for the duration of the relationship, or up to 5 years after last contact
Marketing data (newsletter): until consent revocation
Access logs: minimum of 6 months (Brazilian Civil Rights Framework for the Internet, art. 15)
Data for legal obligation: for the applicable legal period (example: tax data for 5 years)

After these periods, data is securely deleted or anonymized.

7. YOUR RIGHTS AS A DATA SUBJECT

7.1. Under LGPD (Brazil)

In accordance with article 18 of LGPD, you have the following rights:

Confirmation of the existence of processing
Access to the data
Correction of incomplete, inaccurate or outdated data
Anonymization, blocking or deletion of unnecessary or non-compliant data
Portability to another service or product provider
Deletion of data processed based on consent
Information about public and private entities with whom data is shared
Information about the possibility of not providing consent
Revocation of consent

7.2. Under GDPR (European Union)

If you are in the European Economic Area (EEA), you additionally have:

Right of access (art. 15)
Right to rectification (art. 16)
Right to erasure / "right to be forgotten" (art. 17)
Right to restriction of processing (art. 18)
Right to data portability (art. 20)
Right to object (art. 21)
Rights related to automated decision-making and profiling (art. 22)
Right to lodge a complaint with a supervisory authority

7.3. Under CCPA (California, USA)

If you are a California resident, you additionally have:

Right to know what personal information is collected, used, shared or sold
Right to delete personal information held about you
Right to opt-out of the sale of personal information (we do not sell data)
Right to non-discrimination for exercising your CCPA rights

7.4. How to exercise your rights

To exercise any of these rights:

Email: dpo@sealbaapp.com Subject: "Data subject rights request" Include: full name, registered email and clear description of the request

We will respond within 15 business days (LGPD) or 1 month (GDPR).

8. DATA SECURITY

We adopt technical and administrative measures to protect your data against unauthorized access, accidental or unlawful destruction, loss, alteration, communication or dissemination:

Encryption of sensitive data in transit and at rest (TLS 1.3, AES-256)
Role-based access controls (least privilege)
Continuous security monitoring
Regular backups
Periodic team training
Contracts with data protection clauses with third parties

In case of a security incident that may pose risk or significant damage to data subjects, we will notify the relevant authority (ANPD in Brazil, the supervisory authority in EU) and affected subjects within reasonable time, as required by law (72 hours under GDPR).

9. COOKIES

We use cookies and similar technologies to improve your experience. Full details in our Cookies Policy.

You can manage your cookie preferences at any time through the banner displayed on first visit or in your browser settings.

10. CHILDREN AND MINORS

The Site is not directed to minors under 18 years of age. We do not knowingly collect data from children and adolescents. If we identify accidental collection, we will delete the data immediately.

For users in the EEA: in accordance with GDPR article 8, the minimum age for consent is 16, or the age established by the laws of the user's country.

If you are a legal guardian and identified improper collection, contact dpo@sealbaapp.com.

11. CHANGES TO THIS POLICY

This Policy may be updated periodically. The most recent version will always be available at sealba.com/privacy-policy, with the date of last update.

Significant changes will be communicated by email (to registered users) or prominent notice on the Site.

12. DATA PROTECTION OFFICER (DPO)

In accordance with LGPD article 41 and GDPR article 37, we have designated a Data Protection Officer:

Name: [TO BE DEFINED] Email: dpo@sealbaapp.com Role: Receive communications from data protection authorities and data subjects, advise SEALBA APP employees and contractors on data protection best practices.

13. SUPERVISORY AUTHORITIES

You have the right to lodge complaints directly with:

Brazil — ANPD (Autoridade Nacional de Proteção de Dados) Website: gov.br/anpd Email: comunicacao@anpd.gov.br

European Union: the supervisory authority of your country of residence List: edpb.europa.eu/about-edpb/about-edpb/members_en

California: California Privacy Protection Agency Website: cppa.ca.gov

14. APPLICABLE LAW AND JURISDICTION

This Policy is governed by the laws of the Federative Republic of Brazil. The Court of Aracaju, State of Sergipe, is elected as competent jurisdiction to resolve any disputes, except where mandatory consumer protection rules of the user's country of residence apply.

15. CONTACT

For questions about this Policy:

SEALBA APP TECNOLOGIA LTDA Email: contato@sealbaapp.com DPO: dpo@sealbaapp.com Website: sealba.com