Linkana (“Linkana”, “we”, “us”, or “our”) is committed to protecting your privacy and your personal data.

This Privacy Policy explains how we collect, use, share and protect your personal data when you:

• visit our websites;

• use our platform and related services; or

• interact with us in the context of sales, marketing, support, or other business activities.

It also explains your privacy rights and how you can exercise them.

1. Who we are and how to contact us

Linkana Tecnologia Ltda. is the controller of your personal data when you interact with our websites and platform, unless stated otherwise.

Data Protection Officer (DPO) / Encarregado

• Leonardo de Azevedo Cavalcanti

• 📧 dpo@linkana.com

• 📞 +55 (11) 99281-2231

You can contact our DPO/Encarregado to ask questions about this policy or to exercise your privacy rights.

2. What this policy covers

This Privacy Policy applies to the processing of personal data in connection with:

• visitors to Linkana’s websites;

• users of Linkana’s platform and services;

• representatives and contacts of our customers, suppliers and partners;

• any other individuals whose personal data we process in the course of our business.

We process personal data in accordance with the laws that apply to us, including:

• the Brazilian General Data Protection Law (Lei Geral de Proteção de Dados Pessoais – LGPD);

• the EU General Data Protection Regulation (GDPR) and UK GDPR;

• the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA); and

• other relevant privacy laws in the jurisdictions where we operate.

When we say “personal data”, we mean any information that identifies or can be linked to an individual person.

3. Personal data we collect

The personal data we collect depends on how you interact with us.

3.1 Information you provide to us

We may collect:

• Identification and contact data

  • full name;

  • business email address;

  • company name and role;

  • phone number;

  • other contact information you provide.

• Account and profile data

  • login/email used to access the platform;

  • preferences and notification settings;

  • information you share with our support team.

• Business relationship data

  • information about your company’s relationship with Linkana;

  • records of communications with our sales, customer success and support teams;

  • contractual and billing information (for customer and supplier contacts).

3.2 Information we collect automatically

When you visit our websites or use our platform, we automatically collect:

• IP address and approximate location;

• browser type and version;

• device type and operating system;

• pages visited, links and buttons clicked, date and time of access;

• identifiers and events generated by analytics tools.

This information is collected using cookies and similar technologies. See section 6. Cookies and similar technologies.

3.3 Sensitive personal data

In limited situations, and only when necessary and lawful, we may collect and process sensitive personal data, such as:

• data relating to racial or ethnic origin;

• data relating to sexual orientation;

• data relating to health or special needs/disabilities.

These data are usually collected only:

• on a voluntary basis, for example in diversity and inclusion initiatives; or

• to provide accessibility and reasonable accommodations.

When we process sensitive data, we do so for specific and legitimate purposes and apply additional security and access controls, as required by the LGPD, GDPR/UK GDPR and other applicable laws.

We do not use sensitive personal data for profiling or targeted advertising.

4. How we use your personal data and legal bases

We use personal data for the following purposes and legal bases (the exact combination will depend on the law that applies and our relationship with you):

1. To provide and operate our services

   • create and manage user accounts;

   • give you access to the platform;

   • respond to support requests and technical issues.
     Legal basis: performance of a contract or pre-contractual measures; legitimate interest.

2. To manage our business relationship with you or your company

   • communicate about the use of the platform and services;

   • manage billing and invoicing;

   • handle contract-related matters.
     Legal basis: performance of a contract; legitimate interest; compliance with legal obligations.

3. To improve our websites and services

   • understand how users interact with our websites and platform;

   • analyze performance and usability;

   • develop new features and services.
     Legal basis: legitimate interest; in some cases, consent (for certain cookies/analytics, where required by law).

4. To communicate with you for marketing purposes

   • send information about news, events, features and content related to Linkana;

   • invite you to webinars, events or community initiatives.
     Legal basis: legitimate interest or consent, depending on local law.
     You can opt out of marketing emails at any time using the “unsubscribe” link in the message or by contacting us.

5. To comply with legal and regulatory obligations

   • meet tax, accounting and regulatory requirements;

   • respond to requests from authorities, regulators or courts;

   • maintain records as required by law.
     Legal basis: compliance with legal or regulatory obligations.

6. To ensure security, prevent fraud and protect rights

   • protect the platform and our infrastructure;

   • prevent abuse, fraud and security incidents;

   • exercise or defend legal claims.
     Legal basis: legitimate interest; compliance with legal obligations; in some cases, protection of life or physical safety.

7. To run diversity, inclusion and accessibility initiatives (sensitive data)

   • analyze anonymized or aggregated data to promote diversity and inclusion;

   • provide accessibility and accommodations.
     Legal basis: explicit consent or other legal bases allowed by LGPD and GDPR/UK GDPR for sensitive data.

Where we rely on consent, you can withdraw it at any time by contacting us. This will not affect the lawfulness of processing done before the withdrawal.

5. How we share personal data

We may share personal data with:

• Service providers (processors)
  Companies that help us operate our business and provide our services, for example:

  • cloud hosting and infrastructure;

  • analytics, monitoring and security tools;

  • communication and customer support platforms;

  • financial, accounting and legal service providers.
    These providers only process personal data under our instructions and are bound by confidentiality and data protection obligations.

• Business partners and customers
  In B2B contexts, we may share data with our customers and partners when necessary to provide the services, in accordance with contracts and applicable law.

• Authorities and regulators
  When required by law, we may share data with public authorities, courts and regulators (including the Brazilian National Data Protection Authority – ANPD and European/UK supervisory authorities).

• Corporate transactions
  In the event of a merger, acquisition, restructuring or sale of assets, personal data may be transferred as part of the transaction, subject to appropriate safeguards.

We do not sell personal data in a way that constitutes a “sale” under the CCPA/CPRA without providing the legally required notices and opt-out options.

6. Cookies and similar technologies

We use cookies and similar technologies on our websites and platform to:

• make the site and platform work properly and securely (strictly necessary cookies);

• measure and improve performance and usability (analytics/performance cookies);

• support marketing and advertising campaigns, where permitted by law (targeting/advertising cookies);

• remember your preferences and improve your experience (functionality cookies).

Where required by law (including LGPD and EU/UK law):

• we only place non-essential cookies (such as analytics and advertising cookies) with your consent;

• a cookie banner or preference center will allow you to accept or reject categories of cookies;

• you can change your cookie preferences at any time via the cookie settings on our site or browser settings.

Please note: strictly necessary cookies are essential for the functioning of our site and platform and cannot be disabled in our systems. You can still delete or block them in your browser, but some parts of the site may not work properly.

We may publish a separate Cookie Policy with more detailed information about the cookies we use, their providers and retention periods.

7. International transfers

We may store and process personal data in countries other than the one where you are located, for example when we use cloud providers or service providers based outside your country.

When we transfer personal data internationally, we take steps to ensure an adequate level of protection, including:

• complying with LGPD rules on international data transfers;

• using mechanisms such as adequacy decisions and Standard Contractual Clauses under GDPR/UK GDPR;

• entering into contracts with service providers and partners that include data protection obligations.

8. How long we keep personal data

We keep personal data only for as long as necessary to:

• provide our services;

• manage our relationship with you or your company;

• comply with legal and regulatory obligations;

• resolve disputes and exercise or defend legal claims.

When personal data is no longer needed, we will delete it or anonymize it, unless we are legally required or permitted to keep it for a longer period.

9. How we protect personal data

We use technical and organizational measures to protect personal data against unauthorized access, loss, misuse, alteration or destruction. These include, as appropriate:

• encryption of data in transit and at rest;

• access controls and least-privilege principles;

• network and application security controls;

• logging, monitoring and incident detection;

• secure development and vulnerability management practices;

• regular training and awareness for employees on security and privacy.

If a personal data breach occurs that may create risk or relevant harm to individuals, we will follow our incident response process and notify authorities and affected individuals when required by law.

10. Your privacy rights

Your rights depend on where you live and which laws apply. Below we summarize the main rights that may be available to you.

10.1 Common rights

In many jurisdictions, you may have the right to:

• Access – obtain confirmation whether we process your personal data and access to that data.

• Correction (Rectification) – request correction of incomplete, inaccurate or outdated data.

• Deletion (Erasure) – request deletion of your personal data in cases allowed by law.

• Restriction / Anonymization / Blocking – request that processing be restricted or data anonymized or blocked in certain situations.

• Portability – request transfer of your data to another service provider, where technically feasible and legally required.

• Information about sharing – ask with whom we share your personal data.

• Objection to processing – object to certain processing activities, especially those based on legitimate interest or for direct marketing.

• Withdrawal of consent – withdraw your consent at any time where processing is based on consent.

• Automated decisions – request information about automated decision-making that produces legal or similarly significant effects for you, and, in some cases, request human review.

10.2 Additional rights under the LGPD (Brazil)

If the LGPD applies to you (for example, you are in Brazil or the processing is subject to Brazilian law), you have, among others, the following rights:

• confirmation of the existence of processing;

• access to data;

• correction of incomplete, inaccurate or outdated data;

• anonymization, blocking or deletion of unnecessary, excessive or unlawfully processed data;

• data portability to another service or product provider, in accordance with ANPD regulations;

• deletion of personal data processed based on consent, except where retention is allowed or required by law;

• information about public and private entities with which we share your data;

• information about the possibility of not providing consent and the consequences of refusal;

• withdrawal of consent at any time.

Requests under LGPD are free of charge and subject to identity verification.

10.3 Additional rights under GDPR / UK GDPR (EEA and UK)

If the GDPR or UK GDPR applies to you, you may also have:

• the right to restriction of processing in specific circumstances;

• the right to data portability in a structured, commonly used and machine-readable format;

• the right to object to processing, including profiling and direct marketing;

• the right to lodge a complaint with a supervisory authority in the EEA or the UK.

10.4 Additional rights under CCPA/CPRA and other US state laws

If you are a resident of California or another US state with specific privacy laws, you may have, among others, the right to:

• know the categories and specific pieces of personal information we collected about you;

• know the categories of sources and purposes of collection;

• know the categories of third parties with whom we share personal information;

• request deletion of your personal information, subject to legal exceptions;

• opt out of the sale or sharing of your personal information, where applicable;

• limit the use and disclosure of sensitive personal information, where applicable;

• not be discriminated against for exercising your privacy rights.

When required, we will provide a “Do Not Sell or Share My Personal Information” link or equivalent mechanism on our sites and apps for California residents.

11. How to exercise your rights

You can exercise your privacy rights or ask questions about this Privacy Policy by contacting us at:

📧 dpo@linkana.com

To help us respond, please:

• tell us which right(s) you want to exercise;

• provide enough information to verify your identity (or that you are authorized to act on someone else’s behalf);

• provide details of your request (for example, which data or processing you are referring to).

We will respond within the time limits set by applicable laws (for example: LGPD, GDPR/UK GDPR, CCPA/CPRA). If we need more time in permitted situations, we will inform you and explain the reason.

Any personal data we collect to handle your request will be used only for that purpose and kept only as long as necessary to comply with our legal obligations.

If you are not satisfied with our response, you may also have the right to contact the relevant data protection authority or consumer protection body (for example, the ANPD in Brazil or a supervisory authority in the EU/UK).

12. “Do Not Sell or Share My Personal Information”

If and when Linkana engages in activities that qualify as a “sale” or “sharing” of personal information under the CCPA/CPRA, we will:

• provide a clear and visible “Do Not Sell or Share My Personal Information” link or equivalent mechanism;

• describe how you can opt out of such sale or sharing;

• respect your opt-out choices as required by law.

At the time of this version, Linkana does not sell personal information in exchange for money. If our practices change, this Privacy Policy will be updated and additional notices will be provided as required.

13. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect:

• changes in our services;

• changes in applicable laws;

• improvements to our privacy practices.

When we make material changes, we will update the “Last updated” date at the top of this page and, where appropriate, provide additional notice (for example, via the platform or by email to customers).

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal data.