Privacy Policy

1. About this document

This Privacy Policy describes how IA Technology Software LTDA (hereinafter "IA Technology", "GoSoft" or "the Company") collects, uses, stores and protects the personal information of users of the gosoft.app platform and its associated subdomains (e.g., cliente.gosoft.app).

By using our services, the user accepts the practices described in this document. If the user does not agree with any of its provisions, we recommend not to use the platform.

This document complies with the Brazilian General Data Protection Law (LGPD — Law No. 13.709/2018) and, where applicable, with the European Union General Data Protection Regulation (GDPR).

2. Identification of the controller

The data controller is the legal entity identified below, duly registered with the Brazilian Federal Revenue Service:

3. Data we collect

We collect only the data necessary to deliver the service:

• Registration data: full name, email address, phone number and job title.
• Access data: IP address, browser, operating system and access logs.
• Usage data: interactions within the platform, contract records, documents and real-estate operations.
• Google account data (optional): when the user authorizes Google sign-in or Google Drive integration — described in detail in Section 4.

We do not collect sensitive data such as racial origin, religious convictions, biometric data or health information, except when expressly provided by the user for contractual documentation purposes.

4. Google Drive integration

GoSoft offers an optional feature to create and organize folders for contractual documents directly in the user's Google Drive. This integration uses the official OAuth 2.0 protocol from Google and requires the user's express authorization.

Official tutorial — how to link your Google account and create project folders from GoSoft · Watch on YouTube

GoSoft does not store the user's Google password. Access is granted exclusively through OAuth tokens, revocable at any time from the Google account.

The scopes that GoSoft requests from the user's Google account are:

With these permissions, GoSoft performs only the following actions:

• Create a folder named after the real-estate project in the user's Google Drive.
• Upload documents generated by the system (contracts, payment plans, PDF receipts) to that folder.
• Internally store only the folder ID for future uploads.

GoSoft does not read, access, modify or delete any existing file in the user's Google Drive beyond the files created by the application itself. This is technically guaranteed because the drive.file scope is the most restrictive in the Google Drive scope family.

The user may revoke access at any time at: myaccount.google.com/permissions.

5. How we use data

The collected data is used exclusively to:

• Provide and maintain the GoSoft platform services.
• Process real-estate contracts, payment plans and documentation generated by the system.
• Send operational notifications (due-date alerts, contract status changes, receipts).
• Improve the platform based on aggregated and anonymized usage patterns.
• Comply with legal obligations and respond to requests from competent authorities.

We do not use user data for advertising purposes, we do not sell it nor do we transfer it to commercial partners.

6. Data sharing

Data may be shared only in the following situations:

• Service providers: hosting infrastructure, database and email services, all bound by confidentiality agreements.
• Google LLC: when the user authorizes sign-in or Google Drive integration (Section 4).
• Legal obligation: when required by law, court order or competent authority.
• Business transfer: in case of merger, acquisition or sale of assets, with prior notice to users.

We never share personal data with third parties for marketing purposes without the user's express consent.

7. Public visibility of project information

The user (client of GoSoft) acknowledges and accepts that, as part of the platform's operation, the following information may be displayed in public areas of the system, accessible without authentication:

• Public client map: a map of the world available at realty.gosoft.app/admin-sys-getproyectosmapa/... and similar URLs that displays the geographic location of GoSoft client companies and their real-estate projects, including the company's commercial name. The map does not display sensitive data of end-customers and is intended only for commercial and reference purposes.
• Public client portals: each GoSoft client may optionally enable public pages within its own subdomain (e.g., cliente.gosoft.app) showing the catalog of available properties — including locations on a plan, prices, property numbers and descriptive characteristics. Sold or reserved properties may also be displayed in a different status. These pages do not reveal personal data of the buyers (name, ID, contracts, payments).
• Public commercial documents: when a client of GoSoft generates individual links to PDF documents (sale proposals, payment plans), those links may be opened by anyone who has the URL. The client is responsible for managing and sharing these links.

GoSoft does not display in any public area: full names of buyers, identification documents, signed contracts, payment history, telephone numbers or private email addresses of end-customers.

A client of GoSoft who wishes to disable the public visibility of a particular project or property may request the change at any time through the support channels listed in Section 12.

8. Storage and security

Data is stored on secure servers with the following protective measures:

• Encrypted communication via HTTPS/TLS on all endpoints.
• Database access restricted by credentials and private networks.
• Regular backups with controlled retention.
• Two-factor authentication for administrative access.
• Continuous monitoring of suspicious access.

Data is retained for as long as necessary to provide the service or as required by legal obligations. After account closure, data is deleted within a maximum of 90 days, unless legal obligations require otherwise.

9. Data subject rights

In accordance with the LGPD and applicable laws, the user has the following rights regarding their personal data:

• Confirmation and access: know whether we process their data and obtain a copy.
• Correction: request the update of incorrect or outdated data.
• Deletion: request the deletion of their data, except for legal obligations.
• Portability: receive their data in a structured, machine-readable format.
• Withdrawal of consent: revoke granted permissions at any time.
• Objection: object to processing based on legitimate interest.
• Information about sharing: know with whom we share their data.

To exercise any of these rights, the user may contact the Company through the channels listed in Section 12.

10. Cookies and tracking

We use strictly necessary cookies for the platform to function, including session and authentication cookies. We do not use third-party tracking cookies or behavioral advertising tools.

• Session cookies: keep the user authenticated during navigation.
• Preference cookies: store the language setting and the selected business unit.
• CSRF cookies: protect against cross-site request forgery attacks.

The user may configure their browser to block cookies, but this may prevent the platform from working correctly.

11. Changes to this policy

This Privacy Policy may be updated periodically to reflect changes in our services or legal requirements. When substantial changes are made, users will be notified by email or through a prominent notice on the platform.

The date of the latest update is always shown in the header of this document. Users are advised to review this policy periodically.

12. Contact

For inquiries, requests related to personal data or to exercise the rights described in Section 9, the user may contact us through the following public channels: