Privacy Policy - Stronit

Last updated: May 2026. Version 2.0.

1. Who we are

Stronit Solutions, Tax ID (CNPJ) 25.527.577/0001-87, is a Brazilian cybersecurity company founded in 2016, headquartered in Jaraguá do Sul/SC. We act as Data Controller for website visitors, commercial contacts and direct clients. For clients who contract our services (SOC, Pentest, MSSP, etc.), we act as Data Operator under specific contract.

2. What personal data we collect

2.1 Data you actively provide

Contact forms: name, corporate email, phone, company, role, message.
"I'm under attack" form: name, phone, corporate email, company, incident description.
Threat Report newsletter: email address.
Client Area (Movidesk): access credentials and ticket data (subject to Movidesk's own privacy policy).

2.2 Automatically collected data

Cookies and similar technologies: anonymous identifiers for site usage measurement, per consent banner choice.
Browsing data: IP address, browser type, operating system, pages visited, visit duration, traffic sources.
Google Analytics 4: anonymized usage metrics (anonymize_ip enabled).

3. Purposes

Commercial service: respond to requests, send proposals, conduct follow-up.
Incident response: activate on-call teams for emergency clients.
Marketing communication: send Monthly Threat Report and technical content (only with explicit consent and one-click unsubscribe).
Site improvement: understand which pages generate value, identify navigation bottlenecks.
Compliance with legal and contractual obligations.

4. Legal bases (LGPD Art. 7)

Consent (Art. 7, I) — for analytics cookies, marketing and newsletter.
Contract execution (Art. 7, V) — for contracted clients.
Legitimate interest (Art. 7, IX) — for handling commercial contact requests, fraud prevention and site security.
Legal obligation (Art. 7, II) — when required by law.

5. Data sharing

We do not sell personal data. We share with third parties only when necessary for service operation, under contractual obligation of equivalent protection:

Technology providers: Google (Analytics, Tag Manager, Cloud), Microsoft (M365), Movidesk (Client Area), email and CRM providers.
Vendor partners (Fortinet, SentinelOne, Bitdefender, etc.) — only for contracted clients, per specific contract.
Public authorities: when required by law or court order.

6. Data retention

Leads (contact forms): 5 years from last contact, unless deletion requested.
Active clients: during contract validity + 10 years (tax obligation).
Newsletter: until the subject unsubscribes.
Browsing logs: 6 months, except when required by specific law (Brazilian Civil Rights Framework for the Internet — Art. 13 and 15).

7. Security measures

As a cybersecurity company, we apply to ourselves the same practices we recommend to clients:

TLS 1.3 encryption in transit and AES-256 at rest.
Mandatory multi-factor authentication (MFA) for employees.
Principle of least privilege on administrative access.
Periodically tested immutable backups.
Continuous monitoring by our own 24x7 SOC.
Continuous awareness training (KnowBe4 + FIT program).

8. Your rights as data subject (LGPD Art. 18)

You can, at any time, exercise the following rights regarding your personal data processed by Stronit:

Confirmation that processing exists;
Access to your data;
Correction of incomplete, inaccurate or outdated data;
Anonymization, blocking or deletion of unnecessary or non-compliantly processed data;
Data portability;
Deletion of personal data processed with consent;
Information about public and private entities with which the controller shared data;
Revocation of consent.

How to exercise your rights

You can exercise any of these rights through our Data Subject Rights Request form (DSR) — a secure platform that records, tracks and handles your request within the legal deadline.

Alternatively, contact our Data Protection Officer (DPO) directly at: dpo@stronit.com.br.

9. Data Protection Officer (DPO)

In compliance with LGPD Art. 41, Stronit appointed a Data Protection Officer (DPO) as the contact point between controller, subjects and ANPD. To reach our DPO:

Email: dpo@stronit.com.br
Postal address: Rua Governador Jorge Lacerda, 433, Sala 3 · Centro · Jaraguá do Sul/SC · CEP 89.251-390
Formal request: Securiti DSR form

10. Applicable legislation

This policy is governed by Brazilian legislation, especially:

Brazilian General Data Protection Law (Law 13.709/2018 — LGPD)
Brazilian Civil Rights Framework for the Internet (Law 12.965/2014)
Brazilian Consumer Protection Code (Law 8.078/1990)
Resolutions of the Brazilian National Data Protection Authority (ANPD)

For questions, suggestions or complaints about the processing of your personal data, contact dpo@stronit.com.br.