Tecnorise: Privacy policy for personal data of Tecnorise

Privacy Policy for Personal Data of Tecnorise / GEAR

Last updated: June 26, 2026

Hello! We are delighted to welcome you to our platform. We are a Brazilian company, holder of the rights to design, develop and commercialize, and directly responsible for the largest and most complete solution for call centers serving remote/virtual, on-site, and autonomous condominium gatehouses.

We are committed to safeguarding, protecting and preserving the privacy, security and confidentiality of all information — sensitive and non-sensitive — provided by our Clients, Partners, Users and Visitors of the platforms that use our technology daily.

This Policy describes how we process personal data across TECNORISE's applications and services, including the GEAR app (Resident App) and other applications available on the Google Play and App Store. We also recommend reading our Terms and Conditions of Use, which complement this document.

1. PURPOSE

This Privacy Policy for Personal Data (“Policy”) aims to establish rules and guidelines on the processing of personal data collected by Tecnorise, a legal entity registered under CNPJ No. 29.179.880/0001-97, headquartered at Avenida Santos Dumont, No. 2456, room 1301, Aldeota, ZIP code 60.150-161, Fortaleza/CE, Brazil (“TECNORISE”), in accordance with applicable regulations.

By consenting to this Policy, the data subject agrees to the terms described herein and to the processing of their personal data for the purposes set out here.

2. DEVELOPER IDENTIFICATION AND APPLICATIONS COVERED
  • Developer/Controller: Tecnorise — CNPJ 29.179.880/0001-97.
  • Applications covered: GEAR (Resident App) and other applications, websites, portals and forms of TECNORISE.
  • Data Protection Officer (DPO): Joaquim Victor Bezerra Magalhães.
  • Privacy contact: dpo@tecnorise.com.br
3. TERMS AND DEFINITIONS

For the understanding of this Policy, the following definitions apply:

Processing agents
the controller and the operator.

Anonymization
the use of reasonable technical means available at the time of processing through which data loses the possibility of association, directly or indirectly, with an individual.

ANPD (Brazilian National Data Protection Authority)
the public administration body responsible for ensuring, implementing and supervising compliance with the Brazilian General Data Protection Law (LGPD) throughout the national territory.

Database
a structured set of data, established in one or more locations, in electronic or physical form.

Blocking
temporary suspension of any processing operation, by keeping the personal data or the database.

Employees
people hired to be part of TECNORISE's staff.

Consent
free, informed and unambiguous expression by which the data subject agrees to the processing of their personal data for a specific purpose.

Controller
a natural or legal person responsible for decisions regarding the processing of personal data.

Cookies
files containing small pieces of data shared between a device and a web server, intended to make browsing more user-friendly.

Personal Data
information related to an identified or identifiable natural person.

Sensitive Personal Data
data on racial or ethnic origin, religious belief, political opinion, trade union membership, data concerning health or sexual life, genetic or biometric data, when linked to a natural person.

Deletion
removal of data or a set of data stored, regardless of the procedure used.

Data Protection Officer (DPO)
a person designated by the controller and operator to act as a communication channel between the controller, data subjects and the ANPD.

Purpose
the reason for which the data subject's personal data is processed.

LGPD
Brazilian Law No. 13,709/2018, which governs the processing of personal data.

Operator
a natural or legal person who processes personal data on behalf of the controller.

Opt-In / Opt-Out
prior and explicit expression of consent / revocation of previously given consent.

Site / Website
a virtual address composed of a set of electronic pages.

Data Subject / User
the natural person to whom the personal data being processed refers.

International Data Transfer
transfer of personal data to a foreign country or international organization.

Processing
any operation carried out with personal data (collection, use, access, storage, sharing, deletion, etc.).

4. DATA WE COLLECT AND APP PERMISSIONS

To deliver our services, the GEAR app may collect and access the data below. Each permission is requested at the time the corresponding feature is used (runtime), through an affirmative action by the user, and data is only accessed when the user uses the related feature.

Data / Permission What we use it for When it is requested
Contact information (first name, last name, date of birth, phone) Identifying and managing the resident's registration At registration
Camera and photo library Setting/changing the profile photo; attaching an image, video or PDF to notices and incident reports; GEAR's native facial recognition When using the feature
Facial biometric data (sensitive data) Identifying and authenticating the user/visitor and confirming transactions, aimed at fraud prevention (art. 11, “g”, LGPD) When enabling facial recognition
Location (GPS) Features that depend on location during use of the app When using the feature. Location is not collected when the service is not active or running.
Contact list Only when the user chooses to search contacts to create a guest list for an event. The invitation is sent through a shareable link via the app the user chooses When creating an invitation and opting to search contacts
Call log Recording and reading the history of received calls originating from the IP intercom, through the autonomous call function — a core communication feature between the gatehouse and the unit When using the autonomous call
Device storage / SD Card Inserting/attaching an image, video or PDF to notices and incident reports; setting the profile photo When using the feature
Notifications Sending event alerts, announcements and, upon consent, marketing campaigns On first launch / setup

Data is transmitted to the TECNORISE API at app.gear-tecnorise.com and chavevirtual.com, following the provisions of this Policy regarding storage, sharing and handling.

Forms of collection: data provided directly by the data subject; by legal guardians (with specific consent for children's data); by companies that contract TECNORISE solutions; by third parties and public databases; and through automatic collection (cookies and similar technologies).

Essential collection rules:

  • We collect only the information that is essential to the stated purposes;
  • We request authorization or notify the data subject before collecting new data, with the proper justification;
  • Collected data is used only to fulfill the purposes informed to the data subject.
5. PURPOSES AND LEGAL BASES FOR PROCESSING

We process personal data based on the following legal bases of the LGPD, according to the data subject's relationship with TECNORISE:

  • Compliance with a legal obligation (art. 7, II and art. 11, “a”);
  • Performance of a contract and provision of applications (art. 7, V and art. 11, “d”);
  • Regular exercise of rights in judicial, administrative or arbitration proceedings (art. 7, VI and art. 11, “d”);
  • Protection of life or physical safety of the data subject or a third party (art. 7, VII and art. 11, “e”);
  • Fraud prevention and data subject security in identification and authentication processes (art. 11, “g”) — the basis for processing facial biometric data;
  • Consent of the data subject (art. 7, I).
6. DATA SHARING WITH THIRD PARTIES

Personal data may be shared:

  • For TECNORISE's purposes: strictly what is necessary to provide or fulfill our corporate purpose;
  • For strategic/operational reasons: with partners and service providers that assist us (data analysis, information security, auditing, legal and accounting advice, quality assurance), always contractually bound to process data in accordance with this Policy;
  • For legal and regulatory reasons: to comply with legal obligations, judicial/administrative proceedings, protect rights, prevent fraud or cooperate with authorities;
  • With providers of infrastructure and services essential to the operation of the app, such as cloud services, push notification services (e.g., Google Firebase Cloud Messaging) and Google and Apple platform services required for the distribution and operation of the application.

TECNORISE does not sell users' personal or sensitive data to third parties, and does not share such data for third-party targeted advertising purposes.

No personal data will be disclosed or shared, unless expressly authorized by the user, for the performance of contracted services, by court order or legal determination.

7. DATA RETENTION AND DELETION

Data is stored only for the time necessary to fulfill the purposes for which it was collected or to comply with legal and regulatory obligations. Specifically:

  • Registration and biometric data: kept while the relationship between the data subject and TECNORISE is in effect;
  • Images, media and incident reports: for the period necessary for the feature's purpose and any legal obligations;
  • Call logs and logs: for the applicable legal period.

Once the retention period ends, or when requested by the data subject in applicable cases, data is securely deleted.

8. ACCOUNT AND DATA DELETION

The data subject may request, at any time, the deletion of their account and the associated personal data, through any of the channels below:

  1. Within the app itself: go to Menu → Profile/Settings → Delete account and confirm the request;
  2. Via the web, without installing the app: visit the deletion request page at https://tecnorise.com/exclusao-de-conta/;
  3. By email: send the request to dpo@tecnorise.com.br.

Upon receiving the request, TECNORISE will delete the account and the associated personal data, except for data whose retention is required by legal, regulatory, security or fraud-prevention obligations — in which case such data will be kept only for the period and to the extent necessary, and then securely deleted. Merely deactivating the account temporarily does not constitute deletion.

The data subject acknowledges that deleting information essential to managing their registration may result in the termination of their contractual/business relationship with TECNORISE.

9. DATA SUBJECTS' RIGHTS

In accordance with the LGPD, we ensure the data subject: confirmation of the existence of processing; access to the data; correction of incomplete, inaccurate or outdated data; anonymization, blocking or deletion of unnecessary data or data processed in non-compliance; portability; deletion of data processed with consent; information about data sharing; information about the possibility of not consenting and its consequences; revocation of consent; and review of automated decisions.

Rights may be exercised through the privacy channels or directly with the DPO (dpo@tecnorise.com.br). TECNORISE will make reasonable efforts to meet requests as soon as possible, and a request may be legally refused on formal grounds (e.g., inability to verify identity) or legal grounds — in which case the applicable justifications will be presented.

10. PROCESSING OF CHILDREN'S AND ADOLESCENTS' DATA

The processing of children's and adolescents' data is carried out only with the specific and prominent consent of one of the parents or the legal guardian, in the best interest of the minor.

11. SECURITY

Data held by TECNORISE is stored under strict security standards, including: protection against unauthorized access; transmission over encrypted channels (HTTPS); access restricted to authorized employees only; and confidentiality commitments with employees, service providers and suppliers. We maintain a constantly updated governance and privacy program. In the event of a security incident, TECNORISE will make efforts to remedy the consequences and will provide due transparency to the data subject and to the ANPD, where applicable.

12. INTERNATIONAL DATA TRANSFER

When infrastructure services or providers are located outside Brazil, international transfers will observe the guarantees and safeguards required by the LGPD.

13. LINKS TO OTHER SITES

TECNORISE may provide links to third-party sites, which have their own privacy policies. We are not responsible for the practices of these third parties and recommend reading their policies.

14. EMAIL MARKETING

By opting to receive marketing communications, the user agrees to receive personalized content. Cancellation can be done at any time through the opt-out link in the emails or through the channels of this Policy.

15. APPLICABLE LAW AND GENERAL PROVISIONS

This document is based on the applicable regulations (the Brazilian Federal Constitution, the Consumer Protection Code, the Civil Code, the Marco Civil da Internet — Law No. 12,965/2014 and Decree No. 8,771/2016, the LGPD — Law No. 13,709/2018, and sectoral norms). It will be interpreted under Brazilian law, in Portuguese, electing the Central Forum of the Court of Fortaleza/CE. This document was prepared in Portuguese and English; in case of any discrepancy between the versions, the Portuguese version shall prevail. The invalidity of one clause does not affect the others.

16. CONTACT US

For privacy questions, contact the Data Protection Officer (DPO), Joaquim Victor Bezerra Magalhães, by email at dpo@tecnorise.com.br.

17. UPDATES TO THIS POLICY

This is the most up-to-date version of the document (June 26, 2026). TECNORISE may update it at any time to improve security, enhance services or comply with legal obligations. We recommend periodic review. If you do not agree with this Policy, you should not access or use TECNORISE's platforms.

See also: Terms and Conditions of Use · Account Deletion Request.