Privacy Policy
Last updated May 24, 2026.
Rosso Labs (‘we’) operates rossolabs.com.br and associated subdomains. This document explains which personal data we collect, why, and how you can exercise your rights under Brazil's General Data Protection Law (LGPD, Law 13.709/2018).
Controller
Rosso Labs (Filipe Rosso), Cachoeirinha — RS, Brazil. DPO contact: contato@rossolabs.com.br.
Data we collect
When you submit the contact form we collect: name, email, company (optional), service interest, budget range, timeline, and message. We also store a hash of your IP (not the raw IP) and submission timestamp to prevent abuse. We do not collect sensitive data.
Purpose
Data is used solely to reply to your contact, draft a commercial proposal, and follow up on the project. We do not sell, rent, or share data with third parties for marketing purposes.
Legal basis
Processing based on consent (LGPD art. 7º, I) and contract execution / pre-contractual measures (art. 7º, V).
Sharing
We use Supabase (storage), Telegram (internal notification), Cloudflare Turnstile (anti-bot), and Upstash Redis (rate limit). These operators process only the minimum required and maintain their own LGPD-compatible terms.
Retention
Lead data is retained for up to 24 months after the last contact. After that, it is anonymized or deleted. You may request earlier deletion.
Your rights
You may request access, correction, anonymization, portability, or deletion of your data, and withdraw consent at any time, by email at contato@rossolabs.com.br. We respond within 15 days.
Cookies
We use strictly necessary cookies for site operation and anonymized analytics cookies (no personal identification). You may block cookies in your browser without losing core navigation.
Security
We apply HTTPS, CSP, security headers, rate limiting, IP hashing, and anti-bot verification. No system is 100% secure, but we mitigate risks diligently.