Privacy Policy

This Policy aims to:

• Guide employees, partners, suppliers and other third parties on the practices adopted by Voidr in the processing of personal data;
• Ensure that data processing is carried out lawfully, transparently, securely and in strict compliance with the purpose for which it was collected;
• Inform data subjects about their rights and procedures to exercise them, reinforcing our commitment to protecting privacy and information;
• Explain how our self-hosted architecture ensures that sensitive data remains under your control.

This policy applies to all personal data processing activities carried out by Voidr, including:

• Users and customers who interact with our websites, applications, testing platform and AI services;
• Employees, partners, service providers and suppliers;
• Data processed by Multi-Agent AI, Self-Healing Tests and other automated functionalities;
• Any third party who, in any way, has access to personal data processed by Voidr, regardless of the channel (digital, physical or other) and geographic location.

For the purposes of this policy, the following terms shall have the meanings below:

• Personal Data: Information relating to an identified or identifiable natural person.
• Sensitive Personal Data: Data revealing racial or ethnic origin, religious conviction, political opinion, trade union membership or membership of a religious, philosophical or political organization, data concerning health or sex life, as well as genetic or biometric data.
• Data Subject: Natural person to whom the personal data being processed relates.
• Controller: Natural or legal person who makes decisions regarding the processing of personal data.
• Processor: Natural or legal person who processes personal data on behalf of the controller.
• Data Protection Officer (DPO): Professional appointed by Voidr to act as a communication channel between the company, data subjects and Data Protection Authorities.
• Processing: Any operation performed with personal data, such as collection, storage, use, processing, sharing and deletion.

Data Provided Directly by the Data Subject

We collect data when you provide it directly through forms, registrations or interactions on our platforms. The data collected may include:

• Contact and Registration Data: Name, surname, corporate email, phone and job title.
• Identification and Access Data: Username, password and Platform access preferences.
• Transaction Information: Data relating to payments, order history and billing information.
• Communications and Feedback: Emails, messages, survey responses and comments.

Automatically Collected Data

When accessing our services (websites, applications, etc.), we may automatically collect information, such as:

• Usage Data: Information about how you interact with our services, such as pages visited, access time and features used.
• Device Data: IP address, device identifier, browser type, geolocation data (when enabled) and information obtained through cookies and similar technologies.
• Telemetry Data: Aggregated Platform usage metrics for continuous service improvement (in cloud mode).

Data in Self-Hosted Mode

When the Platform runs in self-hosted mode (on the customer's infrastructure):

• Test data, execution results, configurations and logs remain 100% in your infrastructure.
• Voidr has no access to test data or results generated in your environment.
• Only aggregated and anonymized metadata may be collected for licensing and product improvement purposes, as configured.
• You maintain full control over encryption keys and access policies.

Synthetic Data

Our Synthetic Data feature generates realistic test data without using actual personal information. Synthetic data is algorithmically created, maintaining statistical patterns but without any connection to real people, ensuring full LGPD/GDPR compliance even in test environments.

Data from Third Parties

We may also receive data from public sources or partners, always with the purpose of improving the experience of our services and validating information necessary for the execution of contracts.

The personal data collected will be used for the following purposes:

• Service Provision and Improvement: To enable the creation and maintenance of your account, personalize your experience, process transactions and offer support.
• Communication and Relationship: To send relevant information, notifications, updates about our services and, when authorized, marketing communications.
• Compliance with Legal and Contractual Obligations: To meet tax, regulatory and fraud prevention requirements, as well as for the execution of contracts.
• Analysis and Development: To perform analysis, research, audits and improve the quality and security of our services.
• Security and Protection: To monitor, detect and prevent incidents that may compromise the integrity, confidentiality or availability of data.

Each processing operation will be carried out based on legal grounds provided for by applicable data protection laws, such as contract execution, compliance with legal obligations, legitimate interest and, when applicable, data subject consent.

Internal and Third-Party Sharing

Voidr may share your personal data with:

• Internal Employees and Departments: Only those authorized and strictly necessary for the execution of services.
• Service Providers and Suppliers: Third parties acting on our behalf, through contracts that impose confidentiality and security obligations.
• Regulatory Authorities and Public Bodies: When required by law or for compliance with legal obligations.
• Commercial Partnerships: Partner or affiliated companies, always observing the legal bases and sharing limits provided.

International Data Transfer

In some cases, your personal data may be transferred to foreign countries. In these cases, we will adopt the necessary measures (such as Standard Contractual Clauses) to ensure that processing complies with applicable laws and guarantees an adequate level of protection.

Our Platform uses Multi-Agent AI to automate testing. Regarding data processing by AI:

• Purpose: AI analyzes code patterns, user interfaces and test results to generate, execute and maintain automated tests.
• Data Processed: In cloud mode, aggregated and anonymized usage data may be used to improve models. In self-hosted mode, all processing occurs locally.
• Automated Decisions: AI suggests actions (such as repairing broken tests via Self-Healing), but critical decisions can always require human approval as configured.
• Guardrails: We implement protection layers to ensure AI operates within safe and auditable limits.
• Transparency: You can request explanations about decisions made by AI at any time.

Voidr adopts various technical and administrative measures to protect personal data against unauthorized access, leaks or any form of inappropriate processing. These include:

• End-to-End Encryption: Applied during data storage and transmission, with support for customer-managed keys.
• Access Controls: Rigorous restrictions and authentication, including RBAC (Role-Based Access Control) and SSO support.
• Monitoring and Audits: Conducting internal and external audits to ensure process compliance, with complete audit trail.
• Backup and Recovery: Structured processes to ensure data availability and integrity, even in incident situations.
• Training and Awareness: Continuous training of employees on security and privacy practices.
• Automatic Anonymization: PII (Personally Identifiable Information) is automatically detected and anonymized in logs and reports.

We adopt controls aligned with market best practices, including references to ISO/IEC 27001 and SOC 2 Type II standards, seeking to ensure the highest security standards.

In self-hosted mode, you maintain full control over infrastructure, encryption keys and access policies. No data leaves your environment.

Retention

Personal data will be kept for the period necessary to fulfill the purposes for which it was collected, subject to legal and contractual obligations.

Deletion

At the end of the retention period or upon request from the data subject, data will be securely deleted so that it cannot be recovered or misused.

In accordance with applicable data protection laws, data subjects have the following rights:

• Confirmation and Access: Know whether your data is being processed and access a copy of the information.
• Correction: Request correction of incomplete, inaccurate or outdated data.
• Deletion: Request deletion of data, except for legal hypotheses that justify its maintenance.
• Portability: Receive data in a structured and commonly used format, or request transfer to another provider.
• Processing Restriction: Limit the use of your data in certain situations.
• Objection: Object to data processing for specific purposes, especially for direct marketing.
• Consent Withdrawal: Withdraw previously provided consent, when this is the legal basis for processing.

To exercise these rights, the data subject may contact our Data Protection Officer (DPO) through the channels indicated below.

On our websites and applications, we use cookies and similar technologies to:

• Personalize Experience: Adapt content and ads according to your preferences.
• Analysis and Performance: Collect usage data to improve the performance and functionality of our services.
• Security: Protect systems against fraud and unauthorized access.

You can adjust your browser or device settings to limit or block the use of cookies, although this may impact your experience using our services.

This policy may be updated periodically to reflect changes in legislation or our internal processes. The most current version will always be available on our website, and notifications may be sent to data subjects when necessary.

For clarifications, requests or to exercise any of your rights provided for in this policy, please contact us:

If you do not receive a satisfactory response, you may appeal to the competent Data Protection Authority.

This Policy reflects Voidr's commitment to the protection and privacy of personal data, promoting a culture of transparency, security and responsibility. If you have any questions or need additional information, our team is available to assist you.