Nextside
Book a call

LEGAL DOCUMENT · LGPD COMPLIANCE

Privacy policy.

This document describes how Nextside collects, uses, stores, and protects your personal data, in compliance with the Brazilian General Data Protection Law (LGPD — Law 13,709/2018). This policy is governed by Brazilian law (LGPD).

Versionv1.0
Effective from01.05.2026
ControllerNextside Ltda.
CNPJ66.475.888/0001-27

01Who we are

Nextside Ltda., registered under CNPJ 66.475.888/0001-27, is a high-performance software consultancy headquartered in Brazil. For the purposes of the LGPD, we act as the controller of the personal data processed in our commercial operations, website, and communication channels.

02Data we collect

Data provided by you

  • Identification and contact: name, email, phone number, company, and role, submitted through contact or scheduling forms.
  • Conversation content: messages sent via email, WhatsApp, or the website form.
  • Contractual data: corporate name, CNPJ, billing address, and banking information required for the execution of agreements.

Data collected automatically

  • Browsing data: IP address, browser type, operating system, pages visited, time spent, and referring URL.
  • Cookies and similar technologies: session identifiers and preferences (detailed in section 06).

03How we use your data

We use the personal data collected for the following purposes:

  • Commercial support: responding to inquiries, scheduling discovery calls, and sending proposals.
  • Contract execution: providing the contracted services, issuing invoices, and processing payments.
  • Communication: sending project updates, operational notices, and, when authorized, informational content.
  • Analytics and improvement: understanding how our website and services are used in order to enhance user experience.
  • Legal compliance: fulfilling legal and regulatory obligations or determinations from competent authorities.
  • Security: preventing fraud, unauthorized access, and security incidents.

04Legal bases (LGPD, art. 7)

The processing of personal data by Nextside is grounded in the following legal bases:

  • Contract execution: when necessary to fulfill contractual obligations entered into with you (art. 7, V).
  • Pre-contractual procedures: to address requests made by you prior to the formalization of an agreement (art. 7, V).
  • Legal obligation: when required by applicable legislation or regulation (art. 7, II).
  • Consent: for sending marketing communications and informational content, when applicable (art. 7, I).
  • Legitimate interest: for service improvement, security, and fraud prevention, respecting your rights and expectations (art. 7, IX).

05Data sharing

We may share personal data with third parties strictly necessary to our operations, always under contractual safeguards:

  • Infrastructure: hosting and cloud storage providers (e.g., Vercel, AWS).
  • Productivity tools: email, CRM, and communication platforms used in commercial management.
  • Finance: payment institutions and accounting firms for invoice issuance and transaction processing.
  • Competent authorities: when required by law, court order, or regulatory authority request.
Important

Nextside does not sell, rent, or trade personal data of its clients or visitors under any circumstances.

06Cookies and similar technologies

Our website uses the following types of cookies:

  • Essential: required for the basic functioning of the website (session, language preferences). These do not require consent.
  • Analytics: used to measure traffic and browsing behavior in an aggregated and anonymized manner (e.g., Plausible, Google Analytics).
  • Functional: store user preferences to improve the browsing experience.

We do not use retargeting or behavioral advertising cookies. You can manage or disable cookies through your browser settings.

07Storage and retention

Personal data is retained for as long as necessary to fulfill its purpose:

  • Leads and commercial contacts: up to 24 months after the last active contact, unless new consent is provided.
  • Contractual data: 5 years after contract termination, in compliance with tax and legal obligations.
  • Marketing communications: until consent is revoked by the data subject.
  • Access logs: 6 months, in accordance with the Brazilian Internet Civil Framework (Marco Civil da Internet — Law 12,965/2014).

After the retention periods, data is securely deleted or anonymized.

08Your rights as a data subject

Under the LGPD (art. 18), you have the following rights regarding your personal data:

  • Confirmation of the existence of processing.
  • Access to the personal data processed.
  • Correction of incomplete, inaccurate, or outdated data.
  • Anonymization, blocking, or deletion of unnecessary or excessive data.
  • Data portability to another service provider.
  • Deletion of data processed based on consent.
  • Information about with whom your data has been shared.
  • Revocation of consent at any time, without prejudice to the lawfulness of prior processing.

To exercise any of these rights, contact us at privacidade@nextside.tech. We will respond within 15 business days.

09Data security

We adopt technical and organizational measures to protect your personal data against unauthorized access, loss, or destruction:

  • Encryption in transit: all communications with our website and services use TLS 1.2+.
  • Multi-factor authentication (MFA): mandatory for all team members on internal systems.
  • Least privilege principle: access restricted to only the data necessary for each role.
  • Backup and recovery: regular backups with periodic restoration tests.

10International transfer

Some of our infrastructure providers may process data on servers located outside Brazil. In such cases, we adopt appropriate contractual safeguards, including standard contractual clauses and verification that the destination country provides an adequate level of data protection, in compliance with art. 33 of the LGPD.

11Updates to this policy

This policy may be updated periodically to reflect changes in our practices or in applicable legislation. The current version and the date of update are always indicated at the top of this page. We recommend reviewing this document periodically.

12Contact & DPO

For questions, requests, or complaints related to the processing of personal data, please contact us:

If you believe the processing of your personal data violates applicable law, you may also file a complaint with the ANPD (Brazilian Data Protection Authority — Autoridade Nacional de Proteção de Dados).