Privacy Policy
Last updated: January 2, 2026
This English translation is provided for convenience only. In the event of any discrepancy or conflict between versions, the Portuguese version prevails.
1. Introduction
Arkar Tecnologia Ltda. ("Arkar", "we", "us", "our") values the privacy and the protection of the personal data of the users of its platform and of the other individuals with whom it interacts. This Privacy Policy explains how we collect, use, store, share and protect your Personal Data, in compliance with Lei nº 13.709/2018 (LGPD – Brazilian General Data Protection Law) and other applicable rules.
By using our services, you represent that you have read, understood and agree to the terms of this Policy.
2. What Personal Data do we collect and how do we collect it?
2.1. Registration data
- Full name
- Phone/mobile number
- CPF/CNPJ (Brazilian taxpayer identification numbers)
- Address
- Position/company/area
- Login credentials
2.2. Financial and investment data
- Information about investments and fund positions
- Information about funds under administration or management
- History of transactions and movements
- Regulatory documents and information
2.3. Browsing and usage data
- IP address
- Date/time/duration of access sessions
- Device/OS/browser information
- Records of actions performed on the platform
2.4. Communication and support data
- Messages sent via email/forms/chat
- Information provided in support tickets
- Interaction records
2.5. Data obtained from third parties
- Fund managers, administrators, distributors
- Service providers and partners
- Public sources
3. What do we use your Personal Data for?
3.1. Service provision and platform operation
We use your data to provide, maintain and improve our services, including fund management, investor administration, performance monitoring, regulatory reporting and other platform features.
3.2. Security, fraud prevention and auditing
We process data to ensure the security of the platform, detect and prevent fraudulent activity, conduct internal audits and maintain access logs as required by law.
3.3. Legal and regulatory compliance
We process personal data to comply with legal and regulatory obligations applicable to the financial sector, including the rules of the CVM (the Brazilian Securities Commission), ANBIMA (the Brazilian Financial and Capital Markets Association) and other regulatory bodies.
3.4. Analytics and product improvement
We use aggregated and anonymized data to perform statistical analyses, develop new features and improve the user experience on the platform.
3.5. Communication and relationship management
We process data to send relevant communications about our services, platform updates and changes to terms and policies, and to respond to support requests.
4. Legal bases for Processing
Your Personal Data is processed on the basis of the following legal grounds provided for in the LGPD:
- Performance of a contract: when processing is necessary for the provision of the contracted services or for preliminary procedures relating to a contract to which you are a party.
- Compliance with a legal obligation: when processing is necessary to comply with legal or regulatory obligations, including CVM and ANBIMA rules and applicable financial legislation.
- Legitimate interest: when processing is necessary to serve the legitimate interests of Arkar or of third parties, such as security, fraud prevention, service improvement and analytics, always respecting your fundamental rights and freedoms.
- Consent: when processing depends on your free, informed and unequivocal expression of agreement, such as for sending marketing communications or using non-essential cookies.
5. Sharing of Personal Data
5.1. Service providers (processors)
We share data with service providers that assist us in operating the platform, such as cloud infrastructure providers, communication services and analytics tools, always under contracts that ensure adequate protection of the data.
5.2. Organizations using the platform
When you use the platform as a representative of an organization (fund manager, administrator, distributor), your data may be shared with that organization as necessary for the provision of the services.
5.3. Public bodies and authorities
We may share data with regulators and administrative or judicial authorities when required by law, regulation or court order.
5.4. Corporate transactions
In the event of a merger, acquisition, corporate reorganization or sale of assets, personal data may be transferred to the successor or acquirer, subject to the protection safeguards provided for in this Policy.
5.5. Aggregated and anonymized data
We may share aggregated and anonymized data that does not allow the identification of individuals for market analysis, research and development purposes.
We do not sell Personal Data for third parties to use freely in their own marketing campaigns.
6. International transfer of Personal Data
Arkar may transfer Personal Data to other countries when necessary for the provision of the services, the use of cloud infrastructure or the performance of contractual obligations. In such cases, we adopt appropriate measures to ensure that the data receives a level of protection compatible with the LGPD, including standard contractual clauses, data processing agreements and verification of the recipients' privacy policies.
7. For how long do we keep your Personal Data?
We keep your Personal Data for as long as necessary to fulfill the purposes for which it was collected, including legal, contractual, regulatory and audit obligations. Upon termination of processing, the data will be deleted or anonymized, except where its retention is authorized or required by law.
8. Security of Personal Data
Arkar adopts appropriate technical and organizational measures to protect your Personal Data against unauthorized access, destruction, loss, alteration and any form of inappropriate or unlawful processing, including:
- HTTPS/TLS: Encryption in transit for all communications between the user and the platform.
- Access controls: Multi-factor authentication, segregation of duties and the principle of least privilege.
- Monitoring: Continuous monitoring of suspicious activity, access logs and intrusion detection.
- Backup: Regular backups with disaster recovery procedures.
- Internal policies: Employee training, information security policies and incident response procedures.
9. Your rights as a Data Subject
Under the LGPD, you have the following rights with respect to your Personal Data:
- Confirmation and access: Confirm the existence of processing and access your data.
- Correction: Request the correction of incomplete, inaccurate or outdated data.
- Anonymization, blocking or deletion: Request the anonymization, blocking or deletion of data that is unnecessary, excessive or processed in violation of the LGPD.
- Portability: Request the portability of your data to another service or product provider.
- Information about sharing: Be informed about the public and private entities with which we share your data.
- Objection: Object to processing carried out on the basis of one of the legal grounds that do not require consent.
- Withdrawal of consent: Withdraw previously given consent at any time.
- Review of automated decisions: Request the review of decisions made solely on the basis of automated processing of personal data.
10. Data Protection Officer (DPO)
To exercise your rights or to ask questions about the processing of your Personal Data, please contact our Data Protection Officer:
- Email: privacy@arkar.ai
- Website: https://www.arkar.ai
11. Updates to this Policy
Arkar reserves the right to update this Privacy Policy at any time to reflect changes in our practices, technologies, or legal or regulatory requirements. We recommend that you review this page periodically. Significant changes will be communicated through the platform or by email.