floranima
← início
Last updated: 2026-06-04

Privacy Policy

How we care for your data at Floranima

This policy explains how we collect, use, share and protect your personal data. We adopt the Brazilian LGPD (Law nº 13.709/2018) and GDPR principles as our baseline.

This document is under legal review. It is a preliminary draft and not binding until final publication.

1. Data controller

Floranima is the controller of personal data processed on this platform. We act as controller for account, navigation and payment data; and as processor for clinical data under the healthcare professional's direction.

2. Data we collect

We collect only the categories strictly necessary to deliver the service:

  • Account data: name, email, phone, date of birth.
  • Authentication: hashed password, session tokens.
  • Clinical data (only professionals and linked patients): mood, notes, progress, consents.
  • Payments: tokens from the processor (Stripe). We do NOT store card numbers.
  • AI consents: explicit records for use of AI features (Anela).
  • Usage telemetry: pages visited, device, language, timezone.

3. Purposes

We process your data to:

  • Operate the platform and its features.
  • Comply with legal and regulatory obligations.
  • Prevent fraud and secure your account.
  • Improve the experience via aggregated, anonymised analytics.
  • Communicate relevant service updates.

4. Sharing with third parties

We share data only with processors essential to the service, all bound by data-processing agreements:

  • Supabase · database and authentication.
  • Stripe · payment processing.
  • AI providers · only with explicit consent of the data subject.
  • Transactional email providers.
  • Public authorities · only upon legal request.

5. Data subject rights

You have the right, free of charge, to:

  • Confirm processing exists.
  • Access your data.
  • Rectify incomplete, inaccurate or outdated data.
  • Anonymise, block or erase unnecessary data.
  • Data portability to another provider.
  • Erase data processed on the basis of consent.
  • Withdraw consent at any time.

To exercise any right, write to the DPO at the address below. We reply within 15 business days.

6. Data retention

We keep your data for the time required by the purposes and legal obligations. After account deletion, clinical data is retained for the minimum period required by professional ethics regulations.

7. Security

We adopt technical and administrative safeguards: in-transit encryption (TLS), at-rest encryption, role-based access control (RLS), audit logging and continuous monitoring.

8. Data Protection Officer

For questions, rights requests or incident reports:

dpo@floranima.com.br

9. Updates to this policy

This policy may be updated. Material changes will be communicated by email and/or in-app notification.