Back to home Sparsum · Privacy notice

Privacy policy

Effective: April 2026 · Last updated: 26 April 2026

This Privacy Policy explains how Sparsum Tecnologia collects, uses, stores, and protects personal data processed through sparsum.com. The English-language version follows a GDPR-baseline international privacy posture while acknowledging that Sparsum is a Brazilian company subject to local legal obligations as well.

1. Controller

The controller for personal data collected through this website is Sparsum Tecnologia, with office at Al. Ministro Rocha Azevedo, 834 — Jardins, São Paulo · SP, CEP 01410-002, Brazil.

For any privacy question, please write to contato@sparsum.com.br.

2. Data we collect

We collect only the information you choose to submit through our contact forms:

  • Name
  • Company
  • Role (optional)
  • Employee range (optional)
  • Work email address
  • Phone / WhatsApp (optional)
  • Area of interest (optional)
  • Message (optional)

When you browse the site, Google Analytics 4 may also collect aggregated usage data such as visited pages, traffic source, device type, browser language, and session duration. We use that information for aggregated statistics and website improvement rather than for individual profiling.

We do not use advertising pixels, retargeting networks, or individual behavioural profiling tools on this website. Limited technical records may also be generated by infrastructure and anti-abuse services, including the source IP used for a form submission and challenge-validation data used to block spam or automated abuse.

3. Why we process this data

The information you provide is used only to:

  • respond to your message or request;
  • understand your company context for an initial technical conversation;
  • share next steps, proposals, or material related to the demand you presented;
  • protect the website and contact channels against automated abuse.

We do not use these form submissions for unrelated recurring marketing campaigns.

4. Legal basis

For English-language visitors we apply a GDPR-baseline approach. Depending on the context, processing may rely on one or more of the following grounds:

  • steps taken at your request prior to entering into a contract;
  • our legitimate interests in responding to inbound enquiries, protecting the site, and developing business relationships, provided that those interests do not override your rights and freedoms;
  • compliance with applicable legal or regulatory obligations;
  • consent where a specific activity requires it.

Because Sparsum is established in Brazil, certain processing may also be assessed under the Brazilian LGPD where applicable. This notice does not designate a separate EU representative.

5. Service providers and sharing

We do not sell or rent your personal data. We use a limited set of processors to operate the website and receive messages, each acting only on our instructions:

  • Vercel — website hosting and execution of serverless back-end functions;
  • Resend — transactional delivery of the email generated from the contact form to Sparsum’s corporate inbox;
  • Cloudflare Turnstile — human-verification checks used to prevent spam and automated abuse;
  • Google Analytics 4 — aggregated website analytics used to understand traffic and improve the site.

These providers may process data internationally using infrastructure outside your country. Where this happens, Sparsum relies on the contractual and organisational safeguards offered within those services and applies a necessity-and-minimisation approach to the data shared with them.

6. Retention

We keep contact data for as long as necessary to handle the relationship initiated by your request, taking into account legal retention duties and operational necessity. If the interaction does not progress, the records are deleted or anonymised within a reasonable period.

7. Your rights

Depending on the law that applies to your situation, you may request:

  • confirmation that we process your data;
  • access to the data we hold about you;
  • correction of incomplete, inaccurate, or outdated information;
  • erasure, restriction, or objection where legally available;
  • data portability where applicable;
  • withdrawal of consent for consent-based processing;
  • information about the processors or third parties involved in the processing.

To exercise any of these rights, please contact contato@sparsum.com.br. We respond within a reasonable timeframe and in line with the applicable legal framework.

8. Data Protection Officer (DPO)

The official contact point for privacy and data-protection matters is contato@sparsum.com.br. Messages sent to this address are directed to the responsible privacy contact and handled through Sparsum’s internal process.

9. Security

We apply reasonable technical and organisational measures to protect personal data against unauthorised access, loss, alteration, or destruction. These measures include encrypted connections, access controls, and engineering practices aligned with references such as OWASP.

No system is completely invulnerable. If we identify a security incident that creates a relevant risk to data subjects, we will respond in line with the obligations that apply to us under the relevant legal framework.

10. International transfers

Because Sparsum operates from Brazil and uses international infrastructure providers, personal data may be processed outside your jurisdiction. We limit those transfers to what is needed to operate the website, receive messages, protect the forms against abuse, and maintain the service.

11. Updates to this policy

This Privacy Policy may be updated to reflect changes in our practices, the service providers we use, or applicable legal requirements. The version in force is always the one published on this page, together with the update date shown at the top of the document.

© 2026 Sparsum Tecnologia sparsum.com/en/