Hey! Welcome to the Koit electronic portal! When you use our online portal or our application, you are transmitting certain information and entrusting us with personal data. We take this trust very seriously and are committed to transparency with you!
Our privacy policy explains to you, in a clear and accessible way, what personal data may be collected, with whom it will be shared, and where it will be stored.
If you need to exercise certain data subject rights or revisit these terms, expressed in the General Data Protection Law (LGPD), you can access our LGPD Communication Channel. It is available on the Privacy & Transparency Portal (https://koitapp.com/en/privacy-and-transparency/), also accessible within your application via the “Privacy & Transparency” button.
By accessing and browsing our portal and/or application, you declare that you agree with our Privacy Policy, in full knowledge and agreement with the format of personal data processing.
Data Protection Officer (DPO): the Brazilian company DPOnet has been appointed as our Data Protection Officer, represented here by the natural person Renata Kelly Mercadante.
The DPO’s contact information is available at: https://koitapp.com/en/privacy-and-transparency/
To facilitate your understanding, please note that our Privacy Notice is organized as follows:
- About Personalization, Mathematical Models, and Artificial Intelligence
- Information Collected
- How We Use Your Data
- California Residents (CCPA - United States)
- Children’s Privacy (COPPA – United States)
- Data Sharing
- Rights of Data Subjects
- Protection of Your Information
- Updating Our Notice
- Applicable Law
1. ABOUT PERSONALIZATION, MATHEMATICAL MODELS, AND ARTIFICIAL INTELLIGENCE
The Koit application will soon use artificial intelligence for certain activities such as recommendations and summaries, subject to changes as per the Terms of Use.
We are committed to the ethical and responsible development of artificial intelligence. The responsible use of AI involves consent and proper storage of data, adoption of protection measures (“Guardrails”), and application exclusively to ethical challenges.
Therefore, you are aware that the platform may make available tools based on different categories of Artificial Intelligence in the coming months, and that your data may be processed by mathematical models (also known as “AI”).
In this way, you should know that all information processed will be used exclusively to improve your experience, such as new features that generate convenience, for example, and will not aim to sell data to third parties in any way.
However, if recommendations are generated by the application, Koit reserves the right to suggest activities (such as restaurants, cinemas, movies, tours, etc.) linked to Koit partner companies. In this scenario, no data is shared directly with these companies, okay?
If the data subject-user wants to ask questions or opt-out of AI based features, they can contact us through the ownership platform available on the Privacy & Transparency Portal, DPOnet’s “Privacy&You”. Also accessible via the LGPD Communication seal on the web portal.
2. INFORMATION COLLECTED:
Below, we present the main activities that involve the collection of your personal information, according to the main purposes, affected data subjects, legal bases, and categories of personal data collected for you to interact with us:
2.1 Information provided by you:
-
Registration data: when you register in our application, you provide us with the following information: name, telephone, age, email, and other information that you may include at the time of registration. In case of login with external services (such as social networks), the image linked to the account may also be shared.
-
Authentication information: in order to provide a safe browsing environment, we request the following identification and authentication information: email and telephone.
-
Interaction information:
- Interaction history: we store your requests (the so-called “logs” or “analytics”) to identify and resolve problems, update algorithms, improve application performance, enhance security, and develop new updates.
- Preferences and patterns: we may analyze your actions, choices, and behaviors, including in the form of anonymized and aggregated data distributed within the user base, to offer recommendations, improve your experience, work on improvements, and enhance the application.
- Implicit feedback: we interpret your reactions and interactions to understand the quality of the responses generated.
2.2 Automatically generated information:
-
Access logs: the organization automatically collects access logs to the application, which may include the IP address used to access our site, with date and time. This data is mandatory collection, as determined by Law No. 12,965/2014, also known as the Brazilian Internet Act, but will only be provided to third parties with your express authorization, or by reason of a court decision.
-
Communication with the organization: when you communicate with the organization, we collect information about your communication, including metadata such as: IP address, date, time, and content of communications, such as any information you choose to provide.
-
Website management: for this, we use cookies, that is, text files generated and stored in your browser or device, by sites, applications, and online ads, as explained in item 3.
3. WHY AND HOW DO WE USE YOUR DATA?
We greatly value your privacy, and that is why all data and information about you are treated with the utmost confidentiality, being used only for the purposes described herein, and known and authorized by you:
| PURPOSE | AFFECTED DATA SUBJECTS | LEGAL BASIS | CATEGORY OF PERSONAL DATA |
|---|---|---|---|
| Allow you to access and use all the features of our portal | Data subjects and their legal representatives | Legitimate interest (art. 7, item IX) | Registration and identification data |
| Fulfill legal obligations (responding to requests for the exercise of rights) | Data subjects and their legal representatives | Compliance with legal obligation (art. 7, item II) | Registration and identification data; Information about data subject’s interaction with processing agents |
| Send messages, alerts, notifications, and updates regarding support or service provided, products, services, promotions, news, updates, events, and other subjects that you may be interested in | Data subjects and their legal representatives | Legitimate interest (art. 7, item IX) | Registration and identification data |
| Detection and prevention of fraud, spam, and security incidents | Data subjects and their legal representatives | Compliance with legal obligation (art. 7, item II) | Registration and identification data |
| Verify or authenticate the information provided by you, including comparing it to data collected from other sources | Data subjects and their legal representatives | Execution of contracts (art. 7, item V) | Registration and identification data |
| For any purpose that you authorize, at the time of data collection | Data subjects and their legal representatives | Consent (art. 7, item I) | Registration, identification, and interaction with AI data |
We may, eventually, use data for purposes other than those provided for in this Privacy Notice, but all of them will be within your legitimate expectations. The eventual use of your data for purposes that do not comply with this prerogative will be done with your prior authorization.
3.01 California Residents (United States)
We do not sell or share personal information as those terms are defined under the California Consumer Privacy Act (CCPA/CPRA).
The application may display ads or sponsored content, clearly identified as such. Our advertising partner is Google AdMob, which may use an advertising ID to improve the ads shown to users. You can disable ad personalization at any time; when disabled, we show only Non-Personalized Ads (NPA).
You have the right to opt out of this option during the initial setup in the Koit App, or at any time by going to your device settings, selecting the installed app, and disabling tracking permissions.
You can always request the deletion of your data within the Koit App settings, in accordance with our Terms of Use. If you would like to access a copy of your personal data, please contact us via our website or by email at legal@koitapp.com.
Under the CPRA, California residents have the right to request the correction of inaccurate personal information maintained by us.
3.02 Children’s Privacy (COPPA – United States)
Koit is intended exclusively for individuals aged 18 and older. During registration, we request age confirmation. Accounts identified as belonging to minors of will be closed and their data deleted.
The Koit App is not directed to children under the age of 13 in the United States, and we do not knowingly collect personal information from children under 13. We employ multiple barriers including non-visibility to minors on app stores and date of birth verification during sign-up.
If we become aware that we have inadvertently collected personal information from a child under 13, we will delete such information immediately and take steps to prevent its further collection.
If you believe we may have collected information from a child, please contact us at legal@koitapp.com or through our website at https://koitapp.com/en/privacy-and-transparency/.
3.1 Storage of personal data:
We store your personal data securely, according to security standards applicable to the case, and in a way that favors the means for the exercise of your rights provided for in the LGPD.
We use cloud computing services, storage, database, and other information technology tools provided by Google Cloud Platform, with extensive security safeguards applied.
We may store and process data in data centers located outside of Brazil, such as the United States or Europe. We adopt appropriate contractual and technical safeguards (such as standard contractual clauses, where applicable) to protect your data in accordance with the LGPD and other relevant laws.
Also, user accounts that are without interactions during the period of 12 (twelve) months from registration may be deactivated and even permanently deleted. We may retain certain data to comply with legal obligations to identify customers, or under the determination of a competent authority, for example.
3.2 Deletion of personal data:
All personal data collected will be deleted from our servers upon your request, by free and facilitated procedure, or when they are no longer necessary or relevant for the provision of our services, unless there is any other reason for their maintenance, such as eventual legal obligation of data retention or need to preserve them for the protection of rights of the organization, under the terms of articles 15 and 16 of the LGPD.
You can also request deletion directly through the application in the “Profile” tab and looking for the “Delete Account” option. This procedure starts a period of regret of up to 30 days. Think carefully before requesting deletion, okay?
As a good practice in the protection of personal data, an obligation of controllers before the LGPD, we perform recurring backups of the databases that serve the application. This is a common market practice carried out by all companies in the world.
Therefore, in case of data deletion, we perform the deletion of your data in the current version of the database (and future backups), but it is impossible to change the backups made in the past retroactively. These backups will eventually be deleted to free up space for new ones.
3.3 WHY AND HOW DO WE PROCESS COOKIES ON OUR INSTITUTIONAL SITE?
To improve your experience on our website and provide personalized services, we use cookies.
We use necessary cookies, based on the legal basis of legitimate interest, which cannot be deactivated in our systems. These cookies allow essential features for the provision of services, such as security, consent verification, and network management. Although they are necessary, you can block these cookies directly in your browser, but this may compromise your experience and impair the functioning of the website.
We also use analytical or performance cookies, which allow us to collect data and information about how users use our site, which pages they visited most frequently on our site, the occurrence of errors, or information about the performance of the site itself.
We collect functionality cookies, which allow us to memorize your preferences and choices (such as your username or language).
With the exception of the necessary cookies, the installation of the other types of cookies is subject to your consent! Therefore, you can review your permissions, being able to accept, change, or cancel them at any time with the cookie banner in the lower right corner of the page.
Our site automatically collects cookies. However, you are not required to authorize the use of all of them. However, please note that our site may not function properly if all cookies are disabled. For this reason, if you want to have a complete experience of our online platform, we suggest that you authorize the collection of all cookies.
Note: this section about cookies applies to our website. In the mobile app, we use SDKs and device identifiers (such as Advertising ID) for similar purposes (analytics, security, and ads).
4. SHARING OF INFORMATION:
We may share your personal data with public or private organizations, respecting the provisions of the LGPD, in particular the principle of necessity, and always in a manner compatible with the purpose for which they were collected. For example, the database can be accessed by database and development specialists hired by Koit and with a current NDA during some moment of their activities.
When we share your personal data with data operators, we will require that your data be treated according to our instructions, which includes secure storage, its retention only for the instructed period, and the subsequent non-sharing with other organizations without our prior and express authorization.
All the information we store about you may be considered assets in the event of negotiations or proposals to acquire our company. In this sense, we reserve the right to, for example, include the company’s databases among the assets of the company to be transferred if it is sold, acquired, or merged with another. Through this Privacy Notice, you are aware of this possibility.
In any scenario like the one mentioned above, you will be notified to decide what to do with your data under Koit’s control, but your prior authorization will not be mandatory for the completion of negotiations, according to the Terms of Use.
Please remember: You have the right to request the deletion of your personal data as a data subject at any time while we are your data controller.
The organization must also provide your data and information if required by means of a court decision.
5. RIGHTS OF DATA SUBJECTS:
The LGPD establishes that the data subject has the right to obtain from the controller, in relation to their personal information processed by him, at any time and upon request:
- Confirmation of the existence of processing;
- Access to data;
- Correction of incomplete, inaccurate, or outdated data;
- Anonymization, blocking, or elimination of unnecessary data or data processed in violation of the Law;
- Data portability;
- Elimination of personal data processed with your consent;
- Information of public and private entities with which the controller made shared use of data;
- Information about the possibility of not providing your consent and the consequences of denial;
- Revocation of consent.
If the data subject wishes to exercise any of their rights expressed in the Law, as well as ask questions regarding this documentation, simply visit the Koit Transparency & Privacy Portal (https://koitapp.com/en/privacy-and-transparency/) or click on the “LGPD Communication Channel” Seal on our website and fill out the “Data Subject Service Form”.
Through the Seal, any interested party is directed to the Privacy&You Portal, provided by the third-party platform DPOnet, and can verify the authenticity of the company’s adequacy to the LGPD, including, being able to verify: the last review of its control mechanisms with the display of the date and time the review was made; the company’s privacy policies; the means of contact for data subjects; and the contact channel of the ANPD.
For California residents (CPRA), we also provide the right to request the correction of inaccurate personal information.
6. INFORMATION SECURITY:
All your data is confidential and only authorized persons will have access to it. We make every reasonable market effort to ensure the security of our systems and your data. Our servers are located in different locations to ensure stability and security, and can only be accessed through previously authorized communication channels.
All your information will, whenever possible, be encrypted, if it does not make its use by the platform unfeasible. At any time, you can request a copy of your data stored in our systems. We will keep the data and information only until they are necessary or relevant for the purposes described in this Privacy Notice, or in case of periods pre-determined by Law, or until they are necessary for the maintenance of legitimate interests of the organization.
It is important to clarify that we cannot guarantee that all your data on our platform will be free from unauthorized access, especially if there is undue sharing of the credentials necessary to access our application.
We take measures and technological barriers to mitigate risks, such as the requirement and obligation of all users to have two-factor authentication based on cell phones for every registration and every login.
Therefore, we recommend that you keep your access password secure, and it is not advisable to share it with third parties. You agree to notify the organization, immediately, through a secure means, regarding any unauthorized use of your account, as well as unauthorized access by third parties to it.
7. UPDATES TO OUR PRIVACY NOTICE:
We reserve the right to update our Privacy Notice as many times as necessary in order to provide you with more secure information and to further improve your experience.
8. APPLICABLE LAW:
This document is governed by and must be interpreted in accordance with the laws and normative acts that make up the Brazilian legal system. The Forum of the District of São Paulo, SP, is elected as the competent to resolve any issues arising from this document, with express waiver of any other. The preferred method of conflict resolution remains mediation, according to the Terms of Use.

