Skip to content
Guardline
Schedule a Demo
Privacy

Privacy Policy. How we handle your data.

This policy describes, in plain terms, what data Guardline processes, why we process it, and what rights you have as a data subject.

Last updated: May 26, 2026

Guardline Tecnologia Ltda. ("Guardline", "we") provides SaaS platforms for fraud prevention, compliance, and identity management to financial institutions across Latin America. Protecting personal data is a core part of both our product and our operations.

This Privacy Policy explains how we collect, use, share, store, and protect personal data when you visit our website, request a demo, or otherwise interact with any Guardline channel. Data we process on behalf of corporate customers is governed by a separate Data Processing Agreement, under which we act as a data processor.

This document follows the general principles of modern data protection frameworks — including transparency, purpose limitation, data minimization, and accountability — and is informed by Brazil’s LGPD (Law 13.709/2018), Argentina’s Personal Data Protection Law (25.326), the EU GDPR (Regulation 2016/679), and other applicable data protection laws.

1. Data controller

The controller for personal data collected through this website is Guardline Tecnologia Ltda., a Brazilian company registered under CNPJ No. 65.644.855/0001-09, with headquarters at Alameda Vicente Pinzon, 54, Vila Olímpia, São Paulo, SP, CEP 04547-130, Brazil.

When we act as a processor — processing data on behalf of a corporate customer using our FPP, AML, ONP, or CMP platforms — the customer is the controller. In those cases, requests about the processing should first be directed to the controller.

2. Data we collect

  • Identification data you provide voluntarily: name, business email, phone number, job title, and company, submitted via contact forms, demo requests, or newsletter signups.
  • Navigation data: IP address, device identifiers, operating system, browser, pages visited, time on page, and referrer, collected automatically through cookies and similar technologies.
  • Transactional metadata for evaluations: during a proof of concept, we may receive anonymized or synthetic data samples, used exclusively for technical demonstration.
  • Communications: records of emails, form submissions, sales calls, and interactions on corporate social channels.

3. Why we use your data

  • To execute contracts and respond to commercial requests, including demos, proposals, and pre-sales support.
  • To comply with legal and regulatory obligations, including record-keeping required by applicable data protection and financial-sector rules.
  • To pursue legitimate interests: improving our products, protecting platform security, preventing fraud, and analyzing aggregate site usage.
  • To send marketing communications, only with prior consent that can be withdrawn at any time.

4. Legal basis for processing

Where data protection laws require a specific legal basis, Guardline relies on one or more of the following — consistent with GDPR Article 6 and equivalent provisions in LGPD Article 7 and Law 25.326: performance of a contract, compliance with a legal obligation, legitimate interests pursued by Guardline or a third party, and the data subject’s consent.

Special categories of data are processed only where strictly necessary for a project with a financial-sector customer, and always with reinforced technical and contractual safeguards.

5. Who we share data with

Guardline does not sell personal data. We share data only with: (i) cloud infrastructure and software service providers that support our operations, under confidentiality and data processing agreements; (ii) public authorities and regulators when required by law or court order; (iii) contracting corporate customers, in the context of projects they authorize.

All third parties processing data on our behalf are contractually required to meet standards equivalent to those described in this policy.

6. International transfers

Parts of Guardline’s infrastructure run on global cloud providers, which may involve international transfers of personal data to countries with different data protection regimes.

We only carry out such transfers with appropriate safeguards in place — including standard contractual clauses, recognized certifications, and technical measures such as encryption in transit and at rest.

7. Retention periods

We keep personal data only for as long as necessary to fulfill the purposes for which it was collected, subject to applicable legal retention periods.

Records related to financial transactions and anti-money-laundering are retained for at least 10 years, in line with AML/CFT regulations in the jurisdictions where our customers operate. Navigation logs are retained for 6 months. Once purposes and legal periods are met, data is deleted or anonymized.

8. Security measures

  • Encryption in transit (TLS 1.2+) and at rest (AES-256) across all production environments.
  • Role-based access control, multi-factor authentication, and least-privilege access to internal systems.
  • Ongoing information security program aligned with ISO/IEC 27001 and AICPA SOC 2.
  • Continuous monitoring, log auditing, and periodic penetration tests performed by both internal teams and independent third parties.

9. Your rights

Subject to applicable data protection laws — including LGPD Article 18, Law 25.326 Article 14, and GDPR Articles 15–22 — you may request that Guardline:

  • Confirm whether we process your data and provide access to it.
  • Correct incomplete, inaccurate, or outdated data.
  • Anonymize, block, or delete data that is unnecessary or processed in breach of applicable law.
  • Provide your data in a portable, machine-readable format.
  • Delete data processed on the basis of consent.
  • Inform you of public or private entities with which your data has been shared.
  • Withdraw consent at any time, where consent is the legal basis for processing.

10. Cookies and similar technologies

We use essential cookies (required for the site to function), analytics cookies (to understand aggregate usage and improve content), and functional cookies (to remember preferences such as language).

You can manage or disable non-essential cookies through your browser settings. Disabling analytics cookies does not affect your functional experience on the site.

11. Data Protection Officer

Guardline has appointed a Data Protection Officer responsible for handling communications from data subjects and supervisory authorities.

You can reach the DPO at dpo@guardline.com.br. Requests are answered within the timelines set by applicable law — typically within 15 calendar days.

12. Children and minors

Our services are intended for companies and professionals aged 18 and over. Guardline does not knowingly collect personal data from minors.

If we discover that data from a minor has been collected inadvertently, we will delete those records promptly. Parents or guardians who become aware of such a situation may contact us through the DPO address.

13. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our services, applicable law, or industry best practices.

Material changes will be highlighted on the website and, where appropriate, communicated by email to data subjects with active accounts. The date of the most recent update is shown at the top of this document.