Privacy policy
Last updated: April 13, 2026
1. Processing roles (controller and processor)
WiseData NPS is a product operated by WiseData Business LTDA, registered under CNPJ 53.182.850/0001-14, headquartered in Goiânia, GO, Brasil. For the purposes of Brazil's General Data Protection Law (LGPD — Law 13,709/2018), WiseData Business holds two distinct roles: (a) it acts as controller of the data of platform users — clients who contract the service, including registration data, access, browsing on www.wisedatanps.com, and platform usage; (b) it acts as processor of the data of contacts imported by users — survey recipients — processing such data exclusively in accordance with user instructions and only to the extent necessary to provide the contracted services. The User is solely responsible for the collection, legality, accuracy, and legitimacy of the personal data of imported contacts, including obtaining consent or an adequate legal basis under the LGPD.
2. Data we collect
We collect: (a) registration data — name, email, phone number, CNPJ/CPF, company name; (b) usage data — access logs, platform actions, surveys created and sent, responses collected; (c) contact data imported by you — names, emails, phone numbers of survey recipients; (d) technical data — IP address, User-Agent, cookies, approximate geolocation, and device data; (e) payment data — processed directly by Stripe; we do not store card numbers; (f) browsing data — pages visited, time on site, traffic source, clicks, conversions, collected by analytics tools and tracking pixels.
3. Purposes of processing
We use your data to: operate and provide the platform; send surveys through contracted channels (Email, WhatsApp, Embed); process payments and issue invoices; provide technical support; analyze sentiment and categorize responses using AI; improve the product based on aggregated and anonymized data; prevent fraud and abuse; comply with legal and regulatory obligations; send marketing communications and newsletters (with consent); measure the effectiveness of advertising campaigns; create audiences for remarketing on advertising platforms. AI-based analysis may involve automated processing of survey comments, but does not involve automated decisions with legal effects or significant impacts on data subjects, under article 20 of the LGPD.
4. Legal bases (LGPD)
We process data based on: (a) contract execution — to provide the contracted services to platform users; (b) consent — for sending marketing communications, newsletters, use of non-essential cookies, and activation of tracking pixels; (c) legitimate interest — for product improvement, fraud prevention, platform security, protection of shared sending reputation, and aggregated usage analysis; in such cases, we balance the legitimate interests of WiseData Business against the rights of data subjects, always adopting adequate safeguards; (d) legal obligation — for tax and regulatory retention. The sending of satisfaction surveys (NPS, CSAT, CES, and similar) to imported contacts is performed under the User's responsibility, with a legal basis defined by the User, which may include prior consent (opt-in) or legitimate interest, as applicable to their context and duly documented by the User.
5. Cookies, pixels, and tracking technologies
We use cookies and similar technologies on the website www.wisedatanps.com and on platform pages. The categories are: (a) Essential — session, authentication, language preference; these cannot be disabled. (b) Analytics — Google Analytics (via Google Tag Manager) to measure traffic, pages visited, time on site, and traffic sources, in an aggregated manner. (c) Advertising pixels — Meta Pixel (Facebook/Instagram) to measure conversions, create Custom Audiences, and remarketing; LinkedIn Insight Tag for conversion attribution and professional audience targeting. (d) Marketing automation — Mautic for website visitor tracking, lead scoring, behavioral segmentation, and automated email delivery. All non-essential cookies and pixels — including those used for remarketing on Meta (Facebook/Instagram) and LinkedIn platforms — are only activated after the user's explicit consent in the cookie banner. You can change your preferences at any time and remarketing is stopped immediately upon consent revocation.
6. Marketing communications and email
We may send email communications, including: newsletters with product updates; feature launch campaigns; educational content about NPS and customer experience; onboarding emails for new users; communications about upgrades, promotions, and events. All marketing communications are sent only with prior consent (opt-in). Each email includes an unsubscribe link (opt-out) that is processed immediately. We use Mautic as our marketing automation platform, which records opens, clicks, and interactions to personalize communications. You can revoke your consent at any time via the unsubscribe link or by contacting dpo.nps@wisedatabusiness.com.
7. Data sharing
We share data with the following providers, exclusively for the purposes described: SendGrid (Twilio) — transactional and survey email delivery; Meta Platforms — WhatsApp message delivery and conversion pixel (Facebook/Instagram); AWS — hosting, storage, and CDN; Stripe — payment processing; MillionVerifier — email validation; OpenAI — AI-powered sentiment analysis (anonymized data); Google — Google Analytics and Google Tag Manager for website usage metrics; LinkedIn — LinkedIn Insight Tag for conversion attribution; Mautic (self-hosted) — marketing automation and newsletter delivery. All third-party providers operate under data processing agreements (DPA) or terms of service that include data protection clauses in compliance with the LGPD. We never sell, rent, or transfer your data to third parties for their own commercial purposes.
8. International transfer
Some of our infrastructure providers operate outside Brazil, including AWS (USA), SendGrid (USA), Stripe (USA), Meta (USA), Google (USA), LinkedIn (USA), and OpenAI (USA). In such cases, we adopt standard contractual clauses and verify that the recipient offers an adequate level of protection, as required by the LGPD. Data is transferred only to the extent necessary for the provision of services.
9. Data retention
Account data and survey history are retained while your account is active. After cancellation, the account enters read-only mode for 30 days for data export, after which data is anonymized within 1 hour. Anonymization is an irreversible process and technically distinct from deletion: anonymized data loses its link to the data subject and may be retained for statistical purposes and product improvement, in accordance with article 12 of the LGPD, but no longer allows identification of the data subject. Tax data (invoices, tax receipts) is retained for 5 years in accordance with tax legislation. Security logs and audit records (access, administrative actions, sending events) are retained for 6 months for incident investigation and compliance with regulatory obligations. Marketing data (email interactions, Mautic browsing history) is retained for 24 months or until consent is revoked, whichever comes first. Pixel data (Meta, LinkedIn) follows the retention policies of each respective platform.
10. Your rights (LGPD)
Under the LGPD, you have the right to: confirmation of the existence of processing; access to your data; correction of incomplete or outdated data; anonymization, blocking, or deletion of unnecessary data; data portability to another provider; deletion of data processed based on consent; information about sharing with third parties; revocation of consent at any time, including for marketing and cookies.
11. How to exercise your rights
Send your request to dpo.nps@wisedatabusiness.com with the subject line 'LGPD — WiseData NPS', including your full name, registration email and a description of the request. We will respond within a reasonable timeframe, generally within 15 business days, which may be extended for complex cases or those requiring additional verification, with notice to the data subject. To delete your data, you may also use the 'Delete account' feature directly from the platform dashboard. To unsubscribe from marketing, use the link included in each email or contact the DPO. To disable cookies and pixels, use the preferences banner on the website.
12. Security
We adopt technical and organizational measures to protect your data, including: encryption in transit (TLS 1.3) and at rest; role-based access control (RBAC); two-factor authentication (2FA) available; access and anomaly monitoring; audit logs of administrative actions and critical events for incident investigation; regular backups with limited retention; tenant data isolation; email and WhatsApp number validation before sending; brute-force attack protection and rate limiting.
13. Sensitive personal data
The platform is not designed for the processing of sensitive personal data (racial or ethnic origin, religious belief, political opinion, trade union membership or membership in a religious, philosophical, or political organization, health data, sex life, genetic or biometric data). The User undertakes not to collect sensitive personal data via surveys, except when strictly necessary and supported by a specific legal basis under article 11 of the LGPD, and the User is fully responsible for such processing, including obtaining specific and prominent consent when applicable.
14. Embed and public response pages
Public survey response pages (accessed via unique link) and embed widgets installed on User websites may collect technical data from visitors/respondents, including: IP address, User-Agent, device identifiers (fingerprint via third-party library), interaction time, browser language, and basic screen data. Collection has the sole purpose of: preventing duplicate responses, identifying bots and fraud, ensuring response integrity, and protecting the Platform's shared sending reputation. This data is stored in aggregated or pseudonymized form, linked to the invitation or response, and retained for the survey's retention period. The fingerprint is not used for advertising profiling nor shared with third parties for marketing purposes.
15. Children's data
The platform is not intended for individuals under 18 years of age. We do not intentionally collect data from minors. If we identify data from minors, it will be deleted immediately.
16. Do Not Track (DNT)
We respect the Do Not Track (DNT) signal sent by your browser. When we detect an active DNT signal, we do not activate analytics cookies or advertising pixels, regardless of consent given in the cookie banner.
17. Changes to this policy
We may update this policy periodically. Material changes will be communicated by email with at least 30 days' notice. Continued use of the platform after the new version takes effect constitutes acceptance.
18. Data Protection Officer (DPO) contact
Data Protection Officer: dpo.nps@wisedatabusiness.com. When contacting us, use the subject line 'LGPD — WiseData NPS' so your request is routed correctly. WiseData Business LTDA, Goiânia, GO, Brasil.