PRIVACY POLICY - CONNECTSTORE

1. INTRODUCTION

ConnectStore respects your privacy and protects your personal data. This Privacy Policy explains how we collect, use, share, and protect your information, in accordance with local and international regulations:

• Brazil: General Data Protection Law (Lei Geral de Proteção de Dados – LGPD)
• Spain/European Union: General Data Protection Regulation (GDPR)
• United States:
  • California Consumer Privacy Act (CCPA)
  • California Online Privacy Protection Act (CalOPPA)
  • Virginia Consumer Data Protection Act (VCDPA)
  • Gramm-Leach-Bliley Act (GLBA)

ConnectStore is a platform designed exclusively for businesses and self-employed professionals. The service is not intended for use by end consumers or individuals for personal purposes.

It is not intended for minors under 18 years old, and we do not intentionally collect data from children or adolescents. If we become aware that a minor has provided personal data, we will take steps to delete it immediately.

2. DATA CONTROLLER

ConnectStore is operated by ACSN group entities located in Brazil and the United States. We are responsible for processing your personal data in accordance with applicable laws.

For privacy inquiries or concerns, please contact our Data Protection Officer (DPO) at dpo@connectstore.app.

3. DATA COLLECTED AND LEGAL BASIS

We collect the following data to provide and improve our services, in accordance with the applicable legal bases:

Legal Basis: Performance of a Contract

• Registration Data: Nickname (Trade name), email, location (required to create your account).
• Support Data: Information submitted when you contact us.
• Payment Data: To securely process payments, we use Stripe, a payment processing company that operates in accordance with the highest security standards. ConnectStore does not store payment information, as these data are collected directly by Stripe.
• Unique Identifiers: Model, operating system, and app version.
• Cookies: Essential information for functionality and security.

Legal Basis: Consent

• Location (GPS): Required to process payments and validate transactions.
• Camera/Gallery: For barcode scanning and image selection.
• End Consumer Email: Optionally collected only when the consumer wishes to receive an electronic transaction receipt or payment link. This data is not stored for other purposes nor shared with third parties.

Legal Basis: Legitimate Interest

• Your Business Data: Logo, company name, phone, email, website, and address.
• Sales Data: Information about sales, including items, amounts, date/time, and payment method.
• Transaction Data: Information on payment transactions of sales, including items, amounts, date/time, and details.

Data Classification (CCPA):

• Common Personal Data: Name, email, phone, location, and registration data.
• Sensitive Data: Location (GPS) and camera access.

4. HOW WE USE YOUR DATA

Your data is used to:

• Provide and personalize your experience in the app.
• Improve our services and customer support.
• Process payments and ensure security in transactions.
• Prevent fraud and ensure system integrity.
• Send relevant information about the app, updates, and promotional offers, with your permission.
• Fulfill legal and regulatory obligations.

5. INFORMATION SHARING

• Third Parties: We do not share personally identifiable information with third-party service providers except when necessary to provide the service or comply with legal obligations.
• Partners: We may share non-personal data with partners for analysis and service improvements. We do not sell, rent, or share your personal data with third parties except as described in this Privacy Policy.
• Service Providers: We may share your information with third-party service providers, such as payment processors (Stripe). These providers are required to protect your information and use it only for the specific purposes agreed upon.
• Legal Compliance: We may disclose your personal data if we believe such disclosure is necessary to comply with a legal obligation.

6. USE OF THIRD-PARTY TECHNOLOGIES

ConnectStore integrates third-party services to enhance functionalities, ensure security in transactions, and improve the user experience. All engaged third parties operate in compliance with applicable data protection laws, including the LGPD (Brazil), GDPR (European Union), and CCPA (California, USA).

Currently, we use the following third-party services:

• OpenAI: Used to generate product descriptions based on provided images. This process is automated and does not involve storing or analyzing personal data.
  
  • When a user opts to use the automatic description generation feature, the product image is shared with OpenAI exclusively for that purpose. OpenAI does not store or use these images for any other purposes.
• Stripe: Responsible for processing payments, operating under the highest security standards, including PCI-DSS (Payment Card Industry Data Security Standard), ensuring the confidentiality and integrity of financial data.

Opt-out and User Control: You may choose not to use functionalities that involve third-party services, such as AI-generated product descriptions. This choice will not affect the core functionality of ConnectStore, but may limit some features.

More Information About Third Parties: To learn more about how these services handle data, please refer to their privacy policies:

• Stripe Privacy Policy
• OpenAI Privacy Policy

7. DATA RETENTION

We retain your personal data only for as long as necessary to fulfill our legal obligations or for the purpose for which it was collected. The retention period may vary depending on the type of data and regulatory requirements, including:

• Registration and Business Data: Retained while the account is active and for a reasonable period after its closure to comply with legal obligations.
• Financial Data: Retained as required by tax and regulatory laws.
• Location and Camera Data: Processed only during app usage and not stored.

When the data is no longer necessary, it will be securely anonymized.

8. DATA SECURITY

The security of your information is a priority for ConnectStore. We adopt rigorous technical and organizational measures to protect your data against:

• Unauthorized access;
• Misuse;
• Unauthorized disclosure.

To that end, we use advanced technologies, including end-to-end encryption, strict access controls, and continuous server monitoring. We implement practices in line with the highest security standards, including LGPD (Brazil), GDPR (Europe), and CCPA (USA), ensuring the integrity and confidentiality of the information processed on our platform.

If you have any questions about how we protect your data, please contact our Data Protection Officer (DPO) at dpo@connectstore.app.

9. USE OF COOKIES AND SIMILAR TECHNOLOGIES

ConnectStore uses cookies and similar technologies exclusively for essential functionalities, ensuring the proper operation of the app.

These cookies are necessary for:

• Authentication: To keep your session active and facilitate login.
• Security: To prevent unauthorized access and ensure platform integrity.
• App Operation: To store technical settings for proper functioning.

ConnectStore uses only essential cookies, without tracking behavior or for advertising purposes. Since these cookies are strictly necessary for providing the services, it is not possible to disable them without compromising ConnectStore’s functionality. The app does not use optional or third-party cookies for marketing or advertising purposes.

10. USER RIGHTS

ConnectStore ensures that you have control over your data, as provided under LGPD (Brazil), GDPR (Europe), and CCPA (USA). You have the following rights:

• Access: Request a copy of your stored data.
• Correction: Edit your registration data directly through the app or contact us if you find an error that cannot be corrected.
• Account Anonymization: The user can request account deactivation, at which point your personal data will be anonymized, becoming irreversible and non-identifiable. After anonymization, the account cannot be recovered.
• Withdrawal of Consent: Withdraw your permission for the use of data collected based on consent.
• Portability: Request the transfer of your data to another service.
• Objection to Processing: Object to the use of your data in certain situations.

How to exercise your rights?

To anonymize your account (deactivation), use the options available in the app or website. Alternatively, contact us at dpo@connectstore.app.

We will respond to your request within 15 days for users in Brazil (LGPD), and within 30 days for users in other countries (GDPR, CCPA).

If the request is complex, the deadline may be extended, and you will be informed. For other requests, such as access, correction, or withdrawal of consent, please contact our Data Protection Officer (DPO) at dpo@connectstore.app.

11. REGION-SPECIFIC RIGHTS AND REQUIREMENTS

Brazil (LGPD):

Brazilian users have the right to access, correct, and anonymize their data, request portability, and withdraw consent, in accordance with Law No. 13.709/2018.

European Union/European Economic Area (GDPR):

European users have additional rights, including the right to object to processing and restrict the use of personal data.

USA (CCPA/CalOPPA/VCDPA/GLBA):

Residents of the USA can request details about the data we collect, ask for the anonymization of their information, and opt not to have their data sold. Additionally, for financial information, we follow the guidelines of the Gramm-Leach-Bliley Act (GLBA), ensuring the protection of data related to transactions and payments.

ConnectStore does not sell, rent, or share users' personal data with third parties for commercial purposes. Should this policy change in the future, we will provide an opt-out mechanism as required by the CCPA.

Note: If you access the service from another country after creating your account, the rules applicable to your account's country of origin will remain valid.

12. CHANGES TO THE PRIVACY POLICY

ConnectStore may update this Privacy Policy periodically. Whenever there is a significant change that substantially affects the rights or obligations of the user, explicit consent will be requested before the new rules are applied.

For minor changes that do not alter the fundamental rights of users, notification will be provided via the official website, email, and/or within the app. Continued use of ConnectStore after such notification will be considered acceptance of the new terms.

The updated versions of the Privacy Policy will take effect immediately upon publication, unless otherwise stated. Continued use of ConnectStore after such notification will be considered acceptance of the new terms.

13. CONTACT

For any questions or requests regarding your data, please contact us at dpo@connectstore.app. We will respond to your request according to the timeframes established in this Policy.

By using ConnectStore, you agree to this Privacy Policy.