Privacy Policy

Last updated: April 9, 2026

ProTerapia ("we", "our", or "Company"), operating at proterapia.com.br, is committed to protecting the privacy and personal data of our users, in compliance with Brazil's General Data Protection Law (LGPD — Law No. 13,709/2018) and other applicable regulations.

This Privacy Policy describes how we collect, use, store, share, and protect your personal information when you use our clinic management platform for integrative therapists.

1. Personal Data We Collect

We collect the following personal data:

• Registration data: full name, email address, phone number, tax ID (CPF/CNPJ), professional address.
• Access data: authentication credentials (managed via Auth0), IP address, browser type, operating system.
• Professional data: therapeutic specialties, professional registration number (when applicable), practice information.
• Usage data: pages visited, features used, access times, platform interactions.
• Financial data: payment information processed exclusively by Stripe (we do not store complete credit card data).
• Patient data: information entered by therapists about their patients, including name, contact details, session history, and clinical notes.

2. Purpose of Data Processing

We use your personal data for the following purposes:

• Providing and maintaining the ProTerapia platform services;
• Creating and managing user accounts;
• Processing payments and managing subscriptions;
• Service communications, updates, and technical support;
• Continuous platform improvement and development of new features;
• Compliance with legal and regulatory obligations;
• Fraud prevention and platform security;
• Generating aggregated and anonymized analytics about platform usage.

3. Legal Basis for Processing

ProTerapia processes personal data based on the following legal bases under the LGPD:

• Contract performance: to provide the contracted services (Art. 7, V);
• Consent: when applicable, for marketing communications and optional features (Art. 7, I);
• Legitimate interest: for service improvement and fraud prevention (Art. 7, IX);
• Legal obligation: to comply with tax and regulatory requirements (Art. 7, II).

4. Storage and Security

Your data is stored on secure servers with the following protective measures:

• Encryption in transit (TLS/SSL) and at rest;
• Role-Based Access Control (RBAC) and Row-Level Security (RLS);
• Regular backups and data redundancy;
• Continuous security monitoring;
• Multi-factor authentication available for all accounts.

Each clinic operates in an isolated environment (multi-tenant), ensuring that one clinic's data is not accessible by another.

5. Data Sharing

Your personal data may be shared with:

• Stripe: for payment processing;
• Auth0: for authentication and identity management;
• Infrastructure providers: hosting and database services for platform operation;
• Competent authorities: when required by law or court order.

We do not sell, rent, or trade your personal data with third parties for marketing purposes.

6. Your Rights (LGPD)

Under the LGPD, you have the following rights:

• Confirmation and access: know whether we process your data and access it;
• Correction: request correction of incomplete, inaccurate, or outdated data;
• Anonymization, blocking, or deletion: of unnecessary, excessive, or non-compliant data;
• Portability: request transfer of your data to another provider;
• Deletion: request deletion of data processed based on consent;
• Information: know which entities your data is shared with;
• Consent withdrawal: revoke consent at any time;
• Opposition: object to processing based on grounds other than consent, in case of LGPD non-compliance.

To exercise any of these rights, contact us at contato@proterapia.com.br.

7. Cookies and Tracking Technologies

We use cookies and similar technologies for:

• Essential cookies: necessary for platform operation (authentication, session);
• Performance cookies: to understand how users interact with the platform;
• Functionality cookies: to remember user preferences.

You can manage your cookie preferences through your browser settings. Disabling essential cookies may affect platform functionality.

8. Data Retention

Your personal data is retained for as long as necessary to:

• Maintain your active account and provide contracted services;
• Comply with legal, tax, and regulatory obligations (minimum 5 years for tax data);
• Resolve disputes and enforce our agreements.

After account cancellation, your data will be retained for up to 30 days to allow reactivation. After this period, data will be anonymized or deleted, except where legal retention obligations apply.

9. Patient Data

Therapists using ProTerapia are the data controllers of their patients' data. ProTerapia acts as a data processor, processing such data exclusively according to the therapist's instructions and for the provision of contracted services.

It is the therapist's responsibility to obtain appropriate consent from their patients and to comply with their own obligations under the LGPD and their professional council regulations.

10. Data Protection Officer (DPO)

For questions regarding personal data protection, contact our DPO:

• Email: contato@proterapia.com.br

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes via email or through a notice on the platform. Continued use after changes constitutes acceptance of the updated policy.

12. Analytics and Statistics

We use two distinct tools to understand how our marketing site and product application are used:

• Plausible Analytics (plausible.io) — used on the marketing site proterapia.com.br. It is a cookieless analytics tool that does not collect personal data (PII). Data is hosted in the European Union and is used only to generate aggregate, anonymous statistics about visits, traffic sources, and the conversion funnel. Because no identifiable personal data is involved, it runs without requiring consent.
• PostHog (us.i.posthog.com) — used in the application at app.proterapia.com.br, only for authenticated users who have accepted analytics consent. Hosted in the United States (PostHog Cloud US). May include session recordings with sensitive fields masked (patient names, phone numbers, emails, clinical notes, and financial amounts are never recorded). You can revoke consent at any time under Profile → Privacy within the application.

International data transfer: by accepting product analytics, you consent to the transfer of anonymous usage data to the United States, performed under Standard Contractual Clauses signed with PostHog Inc., which acts as data processor under the LGPD. ProTerapia remains the data controller. Revoking consent under Profile → Privacy stops the transmission of new events at any time.

13. Contact

For questions, suggestions, or requests related to this Privacy Policy, contact us:

• Email: contato@proterapia.com.br
• Website: proterapia.com.br