top of page

Privacy Policy

This website is maintained and operated byInvestfine Ltda - CNPJ 45.901.861/0001-89. We collect and use certain personal data belonging to those who use our website. In doing so, we act as the controller of this data and are subject to the provisions of Federal Law n. 13.709/2018 (General Personal Data Protection Law - LGPD). We take care of the protection of your personal data and, therefore, we provide this privacy policy, which contains important information about:

- Who should use our website  
- What data we collect and what we do with it;  
- Your rights in relation to your personal data; and  
- How to contact us.

1. Who should use our website
Our website may only be used by persons over eighteen years of age. Therefore, children and adolescents should not use it.

2. Data we collect and reasons for collection

Our website collects and uses certain personal data from our users, in accordance with the provisions of this section.

1. Personal data expressly provided by the user

We collect the following personal data that our users expressly provide us when using our website: Full Name, CPF, Address, Cell Phone and e-mail. 

The collection of this data takes place at the following times:

When the user registers on the Investfine.  portal

The data provided by our users is collected for the following purposes:
Allow the user to consolidate their portfolio and use Investfine's features.

2. Personal data obtained in other ways


We collect the following personal data from our users: IP address and data that can improve the performance of the customer's wallet.

The collection of this data takes place at the following times: When the customer authorizes access to information.

This data is collected for the following purposes: Personalize the User experience.

3. Sensitive data

The website may collect the following sensitive data from users:
- data on racial or ethnic origin
- biometric data

The collection of sensitive data takes place at the following times:
- at the time of registration and when Investfine deems it necessary to
authenticate the client.

This data is collected for the following purposes:
- the data will be used to improve the customer experience

The collection and use of sensitive personal data will only be carried out with the specific and highlighted consent of its holders, except, if applicable, in cases where the General Data Protection Law allows the processing of this type of data based on other legal bases other than consent.

In any case, the processing of sensitive personal data will only take place to meet the specific purposes expressed in this policy or duly informed to the user by other means.

4. Cookies
Cookies are small text files that are automatically downloaded to your device when you access and browse a website. They basically serve to identify devices, activities and user preferences.

Cookies do not allow any file or information to be extracted from the user's hard drive, and it is also not possible, through them, to have access to personal information that has not come from the user or the way in which he uses the resources of the site. .

The. Website cookies: Website cookies are those sent to the computer or device of the user and administrator exclusively by the website. The information collected through these cookies is used to improve and personalize the user experience, and some cookies can, for example, be used to remember user preferences and choices, as well as to offer personalized content.
B. Third-party cookies: Some of our partners may set cookies on users' devices
who access our website. These cookies, in general, aim to enable our partners to offer their content and services to the user who accesses our website in a personalized way, by obtaining navigation data extracted from their interaction with the website. The user will be able to obtain more information about third-party cookies and the way in which the data obtained from them are treated, in addition to having access to the description of the cookies used and their characteristics, by accessing the following link:

Google Analytics
The entities responsible for collecting cookies may transfer the information obtained to third parties.

ç. Management of cookies: The user can oppose the registration of cookies by the website, simply by deactivating this option in their own browser. More information on how to do this in some of the main browsers used today can be accessed from the following links:

Internet Explorer:
Google Chrome:
Mozilla Firefox:


The deactivation of cookies, however, may affect the availability of some tools and functionalities of the website, compromising their correct and expected functioning. Another possible consequence is the removal of user preferences that may have been saved, harming your experience.

5. Collection of data not expressly provided for
Eventually, other types of data not expressly provided for in this Privacy Policy may be collected, provided they are provided with the user's consent, or even if the collection is allowed on the basis of another legal basis provided for by law. In any case, the data collection and the resulting processing activities will be informed to the users of the website.

3. Sharing personal data with third parties:

We share some of the personal data mentioned in this section with third parties.

Shared data is as follows:
- Stock Exchange  
- Banks and Brokerage Firms  
- Partners that can improve the user experience

This data is shared for the following reasons and for the following purposes:
- Improve customer experience

In addition to the situations reported here, it is possible that we share data with third parties to comply with any legal or regulatory determination, or even to comply with an order issued by a public authority. In any case, the sharing of personal data will observe all laws and
applicable rules, always seeking to guarantee the security of our users' data, observing the technical standards used in the market.

4. How long will your personal data be stored:

The personal data collected by the website is stored and used for a period of
time that corresponds to what is necessary to achieve the purposes listed in this document and that considers the rights of its holders, the rights of the website controller and the applicable legal or regulatory provisions.


Once the storage periods for personal data have expired, they are removed from our databases or anonymized, except in cases where there is a possibility or need for storage due to legal or regulatory provisions.


5. Legal bases for the processing of personal data:

Each personal data processing operation must have a legal basis, that is, a legal basis, which is nothing more than a justification that authorizes it, provided for in the General Law for the Protection of Personal Data. All of Our personal data processing activities have a legal basis on which they are based, among those permitted by legislation. More information about the legal bases we use for specific personal data processing operations can be obtained from our contact channels, informed at the end of this Policy.

6. User rights: 
The website user has the following rights, granted by the Personal Data Protection Act:
- confirmation of the existence of treatment;  
- access to data;  
- correction of incomplete, inaccurate or outdated data;  
- anonymization, blocking or deletion of unnecessary, excessive or processed data in violation of the provisions of the law;  
- data portability to another service or product provider, upon express request, in accordance with the regulations of the national authority, observing commercial and industrial secrets;  
- deletion of personal data processed with the consent of the holder, except in cases provided for by law;  
- information from public and private entities with which the controller shared data use;  
- information about the possibility of not providing consent and about the consequences of denial;  
- revocation of consent.


It is important to note that, under the LGPD, there is no right to delete data processed on the basis of legal bases other than the
consent, unless the data is unnecessary, excessive or processed in violation of the law.

1. How the holder can exercise their rights: The holders of personal data processed by us may exercise their rights through the form available in the following path: Alternatively, if desired, the holder may send an email or correspondence to our Personal Data Protection Officer. The information necessary for this is in the contact section of this Privacy Policy.


The holders of personal data processed by us may exercise their rights by sending a message to our Personal Data Protection Officer, either by email or by correspondence. The information necessary for this is in the contact section of this Privacy Policy. To ensure that the user who intends to exercise their rights is, in fact, the holder of the personal data object of the request, we may request documents or other information that can assist in their correct identification, in order to protect our rights and the rights of third parties. This will only be done, however, if absolutely necessary, and the applicant will receive all related information.

7. Security measures in the processing of personal data:

We employ technical and organizational measures capable of protecting personal data from unauthorized access and from situations of destruction, loss, misplacement or alteration of such data.

The measures we use take into account the nature of the data, the context and purpose of the treatment, the risks that a possible violation would generate for the user's rights and freedoms, and the standards currently used in the market by companies similar to ours.

Among the security measures adopted by us, we highlight the following:
a) Monitoring security alerts,  
b) Risk Analysis of the card scope (which may address technology, process and people)  
c) Semi-annual evaluation of firewall rules  
d) Development of secure code based on best market practices 
e) Application of hardening for network components and Virtual Machines;
f) Management and administration of physical and logical accesses;  
g) Penetration tests (internal and external)  
h) Vulnerability tests (internal and external)  
i) Tests to detect unauthorized wireless (Wi-Fi) networks.  
j) Review and update (when applicable) the policies in force in the company, especially the policies applied to the PCI topic.


We also inform you that we have ISO 27001 certification. We therefore follow the highest technical standards of information security, so that we can protect our users' personal and non-personal data. Although it adopts everything within its power to avoid security incidents, it is possible that a problem occurs exclusively motivated by a third party - such as in the case of attacks by hackers or crackers, or even in the case of the exclusive fault of the user, who occurs, for example, when he himself transfers his data to a third party. Thus, although we are, in general, responsible for the personal data we process, we are exempt from liability in the event of an exceptional situation such as these, over which we have no control whatsoever. In any case, in the event of any type of security incident that may generate relevant risk or damage to any of our users, we will communicate the affected parties and the National Data Protection Authority about the event, in
compliance with the provisions of the General Data Protection Act.


8. Complaint to a control authority:

Without prejudice to any other administrative or judicial means of recourse, holders of personal data who feel, in any way, injured, may file a complaint with the National Data Protection Authority.


9. Changes to this policy:

This version of this Privacy Policy was last updated on: 03/30/2022. We reserve the right to modify, at any time, these rules, especially to adapt them to any changes made to our website, either by making new functionalities available, or by deleting or modifying existing ones. Whenever there is a modification, our users will be notified of the change.

10. How to contact us
To clarify any doubts about this Privacy Policy or about the personal data we process, please contact our Personal Data Protection Officer, through any of the channels mentioned below:


bottom of page