FaceDojo

Privacy Policy | FaceDojo

Last updated: March 22, 2026.

ZedScript Automações LTDA is committed to the protection of personal data and privacy of FaceDojo users.

This policy describes the lifecycle of your data in compliance with the LGPD (Brazil) and the GDPR (European Union).

By using our services, you declare awareness and agreement with these guidelines.

1. DATA CONTROLLER

The personal data controller is ZedScript Automações LTDA. We handle privacy requests through our whatsapp

2. PERSONAL DATA COLLECTED

2.1 Data provided by the user

  • Contact data: Name, email, and phone number.
  • Professional profile: Registration information and gym data.
  • Linked data: Information about the unit and team.

2.2 Biometric data (Sensitive)

  • We collect facial biometrics for attendance automation.
  • Usage is restricted to student attendance control.
  • We do not perform data mining of biometric data for advertising.
  • Processing requires explicit consent from the data subject.

2.3 Browsing data

  • IP address and access logs.
  • Device type and browser used.
  • Cookies for platform personalization.

3. PURPOSES OF PROCESSING

  • Technical and managerial operation of the platform.
  • Facial recognition for security and attendance.
  • Technical support and customer service.
  • Guaranteeing platform integrity.
  • Compliance with industry regulations.

4. LEGAL BASIS (Compliance)

LGPD Compliance (BR)

  • Service contract execution.
  • Consent for sensitive data.
  • Regular exercise of rights.

GDPR Compliance (EU)

  • Art. 6(1)(b): Execution of a contract.
  • Art. 9(2)(a): Explicit consent for sensitive data.
  • Art. 6(1)(c): Compliance with legal obligations.

5. SHARING

  • Cloud Providers: Scalable storage and processing (AWS/MongoDB).
  • Security and Analytics: Diagnostic tools and continuous improvement.
  • Legal Obligation: Compliance with judicial or administrative orders.

6. INTERNATIONAL TRANSFER

Your data may be processed on global servers. We use Standard Contractual Clauses (SCCs) to ensure that the GDPR/LGPD level of protection is maintained regardless of the physical location of the data.

7. OPERATIONAL SECURITY

  • End-to-end encryption in transit and at rest.
  • Strict policies of least privilege (Least Privilege).
  • Vulnerability scans and 24/7 monitoring.
  • Data redundancy and encrypted backups.

8. RETENTION AND DELETION

  • Data kept while there is an active contractual link.
  • Definitive deletion at the data subject's request (Right to be Forgotten).
  • Residual retention only for tax or legal obligations.
  • Biometric data deleted immediately upon termination.

9. USER RIGHTS

  • Confirmation and Access to existing personal data.
  • Correction of incomplete or erroneous information.
  • Portability and revocation of consent.
  • Opposition to automated processing (GDPR).

10. CONTACT CHANNEL

To exercise any right provided by law, send your signed request through our whatsapp