Legal

Privacy Policy

Labirinto Inc.  ·  Last updated: March 2026

LGPDGDPR / UK GDPRCCPA / CPRA

1Introduction

This Privacy Policy explains how Labirinto Inc. (“Labirinto”, “we”, “us”, or “our”) collects, uses, and protects personal data when you use our website (https://labirinto.ai), applications, APIs, and services (collectively, the “Services”).

We comply with applicable privacy laws, including:

  • Brazil: Lei Geral de Proteção de Dados (LGPD)
  • European Union / UK: GDPR / UK GDPR
  • United States: Applicable federal and state laws, including CCPA/CPRA principles

2Data Controller

The data controller for the Services is:

Labirinto Inc.

State of Delaware, United States

Privacy inquiries: privacy@labirinto.ai

3Data We Collect

3.1 Data You Provide

  • Name, email address, and account credentials
  • User inputs (prompts, files, and chat history)
  • Communications such as support requests and feedback

3.2 Automatically Collected Data

  • IP address, device information, and browser type
  • Usage logs and interaction data
  • Approximate location derived from IP address
  • Cookies and tracking technologies

3.3 Data from Third Parties

  • Authentication providers (Google, Apple)
  • Security and fraud detection partners

3.4 Sensitive Data

We do not intentionally collect sensitive personal data (such as health information, financial data, or government identifiers). Users should not submit such data through the Services.

4How We Use Data

We use collected data to:

  • Provide, operate, and maintain the Services
  • Improve and train AI systems where permitted and disclosed
  • Ensure security and prevent abuse or fraud
  • Communicate with users regarding accounts, updates, and support
  • Comply with applicable legal obligations

Legal bases for processing include: performance of a contract, legitimate interests, user consent, and compliance with legal obligations.

5Data Sharing

We may share personal data with:

  • Service providers — hosting, analytics, and payment processors acting on our behalf
  • Legal authorities — when required by applicable law, court order, or regulatory request
  • Corporate transaction parties — in connection with a merger, acquisition, or asset sale
  • Third parties — only with your explicit consent

We do not sell personal data to third parties.

6International Transfers

Labirinto is incorporated in the United States and operates globally. Your data may be processed in the United States or other jurisdictions that may have different data protection laws than your country of residence.

Where required, we implement appropriate safeguards for cross-border transfers, including Standard Contractual Clauses (SCCs) approved by the European Commission and equivalent mechanisms under UK and Brazilian law.

7Data Retention

We retain personal data for as long as necessary to provide the Services, fulfill the purposes described in this Policy, comply with legal obligations, resolve disputes, and enforce our agreements. When data is no longer needed, we securely delete or anonymize it.

8Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access — request a copy of the personal data we hold about you
  • Rectification — correct inaccurate or incomplete data
  • Erasure — request deletion of your personal data
  • Restriction — restrict or object to certain types of processing
  • Portability — receive your data in a structured, machine-readable format

To exercise any of these rights, contact us at privacy@labirinto.ai. We will respond within the timeframe required by applicable law.

9Cookies

We use cookies and similar tracking technologies for authentication, security, session management, and analytics purposes. Cookies may be:

  • Strictly necessary — required for the Services to function
  • Analytical — to understand how users interact with the Services
  • Functional — to remember preferences and settings

Where required by law, we request consent before placing non-essential cookies. You may manage or withdraw cookie preferences through your browser settings or our cookie preference center where available.

10Security

We implement technical and organizational security measures designed to protect your personal data against unauthorized access, disclosure, alteration, and destruction. These include encryption in transit and at rest, access controls, and regular security reviews.

No system is completely secure. In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and relevant authorities as required by law.

11AI Disclaimer

AI-generated outputs may be inaccurate, incomplete, or misleading. Users should not rely solely on AI outputs for medical, legal, financial, or other critical decisions. Always verify important information through appropriate professional channels.

12Children

The Services are not intended for individuals under the age of 13 in the United States or under 16 in the European Union. We do not knowingly collect personal data from children below these ages. If you believe we have inadvertently collected such data, please contact us immediately at privacy@labirinto.ai and we will take steps to delete it.

13Updates

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the Services. We will notify you of material changes by posting the updated policy on our website with a revised “Last Updated” date. Your continued use of the Services after the effective date constitutes acceptance of the updated policy.

14Contact

For any questions, concerns, or requests relating to this Privacy Policy or your personal data, please contact our Privacy team:

Labirinto Inc.

Privacy Team

privacy@labirinto.ai