Privacy Policy

Last updated: June 28, 2026

DUNAS DESENVOLVIMENTO DE SOFTWARE LTDA, enrolled with the Brazilian CNPJ under No. 64.717.332/0001-74 (“Auxiliar”, “we”, “us” or “our”), is seriously committed to your privacy and to the protection of your personal data. We prepared this notice (“Privacy Policy”) to explain which personal data we process, how we use it, with whom we share it, and how long we keep it.

This Privacy Policy applies to auxiliar.ai — our web-access API gateway that gives you and your AI agents a single API key and a unified endpoint for many third-party search, scraping, browser-automation and voice APIs (“Upstream Providers”), with usage metered as credits against your account (the “Service” or “Platform”). For more information on how the Service works, please see our Terms of Service.

This Privacy Policy does not apply to the Upstream Providers or to any other third-party products, services or content that may be offered, integrated or accessed through the Service. Auxiliar does not control, endorse or take responsibility for third-party services, content, tools, AI models, systems or platforms, even when they are reachable through our Platform. We recommend that you review the privacy policies of any website, platform or third-party service you interact with — including the Upstream Providers your requests are routed to — before sending data through the Service.

PLEASE READ THIS PRIVACY POLICY CAREFULLY BEFORE USING THE SERVICE AND/OR PROVIDING ANY PERSONAL DATA TO AUXILIAR.

IF YOU DO NOT AGREE WITH THIS PRIVACY POLICY, PLEASE DISCONTINUE YOUR ACCESS TO AND USE OF THE SERVICE.

By accessing or using the Service, you (“you” or “User”) acknowledge and agree to the terms of this Privacy Policy, including the legal principles that underpin it. Acceptance of this Privacy Policy is an essential condition for the full use of the features offered.

If you have any questions about this Privacy Policy or about the processing of your personal data, please contact us at [email protected] and we will be glad to help.

Summary Table


Who are we?	DUNAS DESENVOLVIMENTO DE SOFTWARE LTDA, CNPJ 64.717.332/0001-74 — operator of auxiliar.ai.
Which data do we use?	Account and identity data (name, email) handled through our authentication provider; billing data handled through our payment processor; operational and technical data from your use of the Service (API request logs, IP, date/time, device and client/SDK details, credits consumed); the content of the requests you send through the gateway and the responses returned by Upstream Providers; data provided when you contact us; and cookies and similar technologies.
How do we collect it?	(i) Directly from you, when you register or use the Service; (ii) automatically, through logs, cookies and other technologies; (iii) from your activity and interactions with us; and (iv) through internal security, authentication and audit systems, and through our authentication and payment providers.
Sharing	Your personal data may be shared with: the Upstream Provider required to fulfill each request; Auxiliar affiliates; Auxiliar’s service providers (sub-processors); or public authorities, when required.
For which purposes?	Create and manage accounts; route requests to Upstream Providers and meter/charge credits; ensure security, audit and integrity of the Service; comply with legal obligations; and improve the Service and your experience.
For how long?	For as long as necessary to provide the Service, comply with legal obligations, resolve disputes or exercise rights, in accordance with the LGPD.
International transfers	Auxiliar may transfer your data outside Brazil — primarily to cloud, hosting and infrastructure providers located in the United States, and to Upstream Providers worldwide. All transfers rely on the legal mechanisms set out in the LGPD.
Data subject rights	Confirm processing; access data; correct data; request anonymization, blocking or deletion; port data; withdraw consent; obtain information about sharing; and lodge a complaint with the ANPD.
Contact	Data Protection Officer: [email protected]

This Summary Table is for information purposes only and does not replace reading this Privacy Policy and the Terms of Service in full.

Definitions

To make this Privacy Policy easier to understand, the main terms used are set out below. Every capitalized word has the meaning indicated here whenever it appears in this document.

ANPD — the Brazilian National Data Protection Authority, the public body responsible for overseeing, implementing and enforcing the LGPD.
Consent — the free, informed and unambiguous expression by which the data subject agrees to the processing of their personal data for specific purposes.
Personal Data — any information relating to an identified or identifiable natural person, such as name, identification numbers, email address, IP address, among others.
Data Protection Officer (DPO) — the person appointed to act as a communication channel between Auxiliar, data subjects and the ANPD.
AI / AI Agents — artificial-intelligence systems, statistical models, automated tools or algorithms — including the Upstream Providers and the User’s own agents — capable of analyzing data and generating outputs or recommendations based on patterns.
Upstream Providers — the independent third-party search, scraping, browser-automation and voice APIs that the Service routes your requests to.
LGPD — Brazilian Law No. 13.709/2018, the General Data Protection Law, which governs the processing of personal data, including in digital media.
Data Subject — the natural person to whom the processed personal data relates.

Collection of Personal Data

We collect certain information when you use the Service. This includes information you provide, information we collect automatically, and information provided by third parties.

Information you provide

Account data — information you must submit to register and authenticate, including your name and email. Authentication is handled through our identity provider, and you may sign in using email or a supported third-party (social) login. The provision of certain account data is essential to enable access to the Service; without it, registration and use are not possible.
Request content — everything you (or your AI agents) submit through the gateway to be processed and routed to an Upstream Provider, such as search queries, URLs and pages to scrape or crawl, browser-automation instructions, text to synthesize into speech, prompts, parameters and any other inputs — together with the responses returned by the Upstream Provider. This content is necessary to route and fulfill your requests.
Billing data — when you purchase credits, payment is handled by our third-party payment processor. We receive limited information (for example, confirmation that a payment succeeded, billing country and the last digits of the card), but we do not collect or store full card numbers.
Communications — information you provide when you contact us through our official channels, including support requests and reports of technical issues.

Data collected automatically

Usage and metering data — logs and events relating to how and when you use the Service: which endpoint and Upstream Provider you call, timestamps, request status, request size and the credits or units consumed. This data is used to operate, meter, bill and secure the Service.
Device and technical information — IP address, user-agent, client or SDK information, device type, browser type and version, unique identifiers and network data.
Diagnostics — error reports, performance metrics and error logs collected through our diagnostics tooling, to identify and fix problems.
Cookies — cookies are internet files that may be temporarily stored on your devices. On our website and dashboard we use cookies to improve your experience, remember preferences, ease navigation and analyze usage. The Service uses the following types of cookies:
- Strictly necessary — required for the Service to work, including authentication.
- Functional — help deliver enhanced features, such as language preferences.
- Performance / analytics — let us understand how the Service is used (via our analytics provider) so we can improve it.

Data we do NOT collect

Precise location — we do not collect precise or approximate geolocation data.
Full payment card data — we do not store complete card numbers; payment data is handled by our payment processor.
Special-category data for advertising — we do not collect advertising identifiers, and we do not sell your personal data.
Upstream Provider credentials are not yours to handle — the credentials used to authenticate with Upstream Providers are injected by us server-side and are never exposed to you, so you never transmit them to us.

Data provided by third parties

We may receive data from authentication providers, payment processors, fraud-prevention tools, technology service providers, security systems or operational partners that help verify identity, validate information or support the operation of the Service.
We may process personal data contained in the content of the requests and responses routed through the Service, including where third parties are referenced in that content.
Where you use the Service together with third-party services, we may receive data through those services. In those cases, the third party’s own terms and privacy policies govern that use.

Personal data of minors

The Service is not intended for individuals under 18 years of age and is permitted only for persons with full legal capacity. If we identify registration, use or provision of personal data by a minor, Auxiliar may delete the account and remove the associated data, in accordance with applicable law.

Sensitive personal data

Auxiliar does not request, process or use sensitive personal data in the context of the Service. Exceptionally, the content of the requests and responses routed through the Service may contain sensitive personal data inserted by you. In those cases, the processing is incidental and limited to what is necessary to operate the Service, and Auxiliar adopts appropriate technical and administrative measures and observes the principles and safeguards of the LGPD.

Purposes for Using Personal Data

We use the information we collect for the reasons below and in accordance with the applicable legal bases.

To perform our contract with you

Provide and operate the Service, including routing your requests to the relevant Upstream Provider, returning the responses, and metering and charging the credits consumed.
Create, configure, authenticate and manage your account and API keys.
Where you enable additional features or integrations, process the information necessary according to your settings and permissions.
Contact you about your account, including for verification, security, prevention of unauthorized access and relevant operational communications.
Respond to your requests and questions, including support requests and reports of technical issues.

For our legitimate business interests

Keep the Service secure, prevent misuse, identify suspicious activity, combat fraud and abuse, and enforce our Terms of Service.
Analyze how Users interact with the Service, identify useful features, develop new capabilities and continuously improve the experience.
Send communications about news, updates, features or invitations to participate in tests, surveys or pilots. You can adjust your communication preferences at any time.

We do not use the content of your requests to train AI models. Auxiliar is a passthrough gateway: your request content is forwarded to the Upstream Provider you select in order to fulfill the request, and the response is returned to you. We may use aggregated and technical usage metadata (for example, request counts, latency and error rates) to operate, secure and improve the Service. How each Upstream Provider handles the content it receives is governed by that provider's own terms and privacy policy.

To comply with our legal and regulatory obligations

Retain and use your information when necessary to meet legal or regulatory obligations, including responding to requests from authorities, audits, fraud prevention and administrative or judicial requirements.
When you exercise your rights under the LGPD, we may request additional information to confirm your identity and protect your account and privacy.

To protect life and physical safety

We may collect, use or share personal data when we believe in good faith that it is necessary to protect the life or physical safety of you or others.

We may share your personal data with:

Upstream Providers — to fulfill a request, we transmit the relevant request content to the Upstream Provider you invoke (for example, a search query to a search provider, a URL to a scraping provider, or text to a voice provider). Those providers process that content under their own terms and privacy policies. This sharing is limited to what is necessary to execute the feature you requested.
Auxiliar group companies (affiliates) — for administrative, operational, support, internal-audit and continuity purposes, your personal data may be shared with entities of the same economic group, in Brazil or abroad, subject to the safeguards required by the LGPD.
Service providers and operational partners (sub-processors) — we share personal data with third parties that help us run essential aspects of the Service, including: cloud hosting, edge compute and storage (Cloudflare and Amazon Web Services); authentication and identity management (Clerk); payment processing (Stripe); product analytics (PostHog); and fraud prevention, identity verification, user support, security and other necessary technology. These third parties process personal data only under Auxiliar’s instructions and subject to confidentiality obligations.
Corporate transactions — in the event of a merger, demerger, acquisition, sale or transfer of assets, or any corporate transaction, your personal data may be transferred to the parties involved, subject to confidentiality and the level of protection required by the LGPD.
Exercise of rights — your personal data may be shared with lawyers, accountants, consultants or other legal representatives, for the regular exercise of rights or defense in judicial, administrative or arbitration proceedings.
Judicial or administrative requests — we may share your personal data to comply with court orders, ANPD determinations or requests from any other competent public authority.
Compliance with legal or regulatory obligations — your personal data may be shared to meet specific legal requirements applicable to Auxiliar, including tax, consumer, security or data-protection obligations.

Auxiliar uses its best efforts to ensure that all third parties with whom it shares personal data observe comparable standards of information security and data protection, adopting appropriate contractual and technical measures.

International Transfer of Personal Data

As a rule, Auxiliar processes and stores personal data on servers located in the United States of America (Cloudflare and Amazon Web Services). International transfers may also occur because our sub-processors and the Upstream Providers your requests are routed to may be located in various countries.

These transfers will always take place in line with the legitimate purposes set out in this Privacy Policy and the legal grounds provided by the LGPD. Where a transfer is made to a country without an adequacy decision from the ANPD, Auxiliar will adopt appropriate safeguards.

Retention of Personal Data

Auxiliar processes your personal data securely and only for as long as necessary to achieve the legitimate purposes set out in this Privacy Policy. We may keep your personal data for as long as necessary to comply with legal or regulatory obligations, to perform contracts, to defend our rights in proceedings, while a legitimate interest persists, or until the end of processing.

Specific retention periods

Account data — retained while your account is active. If your account is deleted, your account data is removed from our servers within 30 days, except where retention is legally required.
Usage and billing records — retained for the period required to meter usage, process payments and comply with tax, accounting and audit obligations.
Request and response content — processed transiently to fulfill your requests. Associated request logs may be retained for a limited period (typically up to 90 days) for security, abuse prevention, debugging and metering, after which they are deleted or anonymized, except where longer retention is legally required.
Diagnostics — error reports and performance data are retained for up to 90 days.

Data Subject Rights

As a data subject, you have the rights guaranteed by the LGPD, which may be exercised by a request addressed to Auxiliar:

Right to confirmation — to know whether we process your personal data.
Right of access — to access the personal data we process about you.
Right to rectification — to request the correction of incomplete, inaccurate or outdated data.
Right to anonymization, blocking or deletion — to request the anonymization, blocking or deletion of unnecessary or excessive data, or data processed in breach of the law.
Right to portability — to request the transfer of your personal data to another service or product provider, under ANPD rules.
Right to deletion of data processed with consent — subject to legal retention obligations.
Right to information — to be informed about the public and private entities with which we share your data, and about the possibility of not providing consent and its consequences.
Right to withdraw consent — to withdraw consent previously given.
Right to petition the ANPD — if you are not satisfied with our response, you may petition the ANPD through its official channel.

To exercise any of these rights, send your request to Auxiliar’s Data Protection Officer at [email protected], including: (i) your full name; (ii) the right you wish to exercise; and (iii) any additional information needed. We may request proof of identity to ensure that data is provided only to the respective data subject.

Security of Personal Data

Auxiliar adopts technical and administrative measures designed to protect personal data against unauthorized access and accidental or unlawful destruction, loss, alteration, communication or any form of inappropriate or unlawful processing. These measures include encryption in transit (TLS), access controls, data segregation, server-side injection of Upstream Provider credentials so they are never exposed to clients, and continuous monitoring.

BECAUSE THE SERVICE IS A GATEWAY, THE CONTENT OF YOUR REQUESTS NECESSARILY PASSES THROUGH OUR SYSTEMS AND IS TRANSMITTED TO THE UPSTREAM PROVIDER YOU SELECT IN ORDER TO FULFILL EACH REQUEST. IT IS THEREFORE NOT END-TO-END ENCRYPTED (E2EE) BETWEEN YOU AND THE UPSTREAM PROVIDER. YOU SHOULD NOT SEND DATA THROUGH THE SERVICE THAT YOU ARE NOT AUTHORIZED TO SHARE WITH THE RELEVANT UPSTREAM PROVIDER.

AUXILIAR REMAINS COMMITTED TO THE CONFIDENTIALITY OF YOUR REQUEST CONTENT, ADOPTS APPROPRIATE TECHNICAL AND ADMINISTRATIVE MEASURES TO PROTECT IT, AND WILL ONLY DISCLOSE REQUEST CONTENT UNDER A VALID COURT ORDER OR REQUEST FROM A COMPETENT AUTHORITY, UNDER APPLICABLE LAW.

Although Auxiliar uses all reasonable efforts to keep the personal data under its custody secure, no system is completely invulnerable to security incidents, and we cannot guarantee the absolute inviolability of our databases. If you suspect any compromise to the security of your personal data, please contact our Data Protection Officer immediately at [email protected].

Updates to this Privacy Policy

Auxiliar may update this Privacy Policy at any time, especially to reflect changes in applicable law, in our data-processing practices or in the features of the Service. We recommend that you review this document periodically. Updates take effect on the date they are published. Continued use of the Service after publication will be interpreted as agreement with the updated terms.

How to contact us

If you wish to exercise any of the rights set out in this Privacy Policy and the LGPD, or have questions, suggestions or complaints about the processing of your personal data, please contact our Data Protection Officer:

Data Protection Officer (DPO) — [email protected]

Company — DUNAS DESENVOLVIMENTO DE SOFTWARE LTDA

CNPJ — 64.717.332/0001-74

Address — Av. Paulista 1636, Conj 4, Pavmto 15, Sala 1504, São Paulo, SP 01310-200, Brazil