Política de Privacidade

Última atualização: 2026-02-01

1. Introduction

AETERNUM CAPITAL LTDA (“Dolafy”, “we”, “us”, or “our”), registered under CNPJ 59.983.687/0001-75, is committed to protecting the privacy of our users (“you”).

This Privacy Policy explains how we collect, use, and share your personal information when you use our website (dolafy.com), mobile applications, and our financial technology services (collectively, the “Platform”).

By using Dolafy, you agree to the collection and use of information in accordance with this policy. This policy works in conjunction with our Terms of Service.

Important Note on Our Role

Dolafy is a financial technology company, not a bank. We partner with regulated financial institutions (“Financial Partners”) to provide virtual accounts and prepaid cards.

While we manage your experience, certain data processing regarding the custody of funds and card issuance is performed by these Financial Partners subject to their own regulatory obligations.

2. Information We Collect

To comply with financial regulations and provide our services, we must collect specific data.

2.1 Information You Provide to Us

  • Identity Data: Name, date of birth, nationality, and government ID numbers (e.g., CPF, Passport).
  • Contact Data: Email address, phone number, and residential/business address.
  • Verification Documents: Photos of IDs, selfies (for liveness checks), and proof of address/business registration to satisfy “Know Your Customer” (KYC) and “Know Your Business” (KYB) laws.
  • Financial Data: Bank account details and transaction instructions.
  • Support Data: Information you send to us via customer support tickets or email.

2.2 Information Collected Automatically

  • Device Information: IP address, device type, operating system, and browser version.
  • Usage Data: Pages visited, buttons clicked, and time spent on the Platform.
  • Transaction Metadata: Log data regarding the timing, amount, and status of API calls or dashboard actions.

2.3 Information from Third Parties

We may receive data about you from:

  • Identity Verification Providers: To confirm your identity and screen against sanctions lists.
  • Financial Partners: To update your balance, transaction history, and card status.

3. How We Use Your Data

We use your data for the following specific purposes:

  1. Service Delivery: To create your account, issue virtual accounts, process cards, and execute payouts.
  2. Compliance & Safety: To prevent fraud, money laundering, and terrorist financing. This includes screening against global sanctions lists (OFAC, UN, EU).
  3. Communication: To send you transaction alerts, security codes (2FA), and important policy updates.
  4. Improvement: To analyze how our Platform is used and fix technical bugs.
  5. Legal Obligations: To comply with tax reporting and regulatory requests from Brazilian or international authorities.

4. Sharing Your Information

We do not sell your personal data. We only share it in the following strict circumstances:

  • With Financial Partners: We must share your KYC/KYB data with our partner banks and card issuers to open accounts and issue cards in your name.
  • With Service Providers: We use trusted third parties for hosting (e.g., AWS), identity verification, and customer support tools. These providers are contractually bound to protect your data.
  • For Legal Reasons: We may disclose information if required by a subpoena, court order, or government regulation, or to protect the rights and safety of Dolafy and its users.

5. International Data Transfers

Dolafy operates globally. Your information may be transferred to and processed in countries other than your country of residence (including the United States and Brazil). We ensure that these transfers comply with applicable data protection laws (such as the LGPD) by using standard contractual clauses and ensuring our partners maintain high security standards.

6. Your Rights (LGPD & Global)

Under the Lei Geral de Proteção de Dados (LGPD) and other applicable privacy laws, you have specific rights regarding your data:

  • Access: You can request a copy of the personal data we hold about you.
  • Correction: You can ask us to fix incorrect or incomplete data.
  • Deletion: You can ask us to delete your data, subject to our legal obligation to retain financial records (usually 5–10 years for AML compliance).
  • Portability: You can request your data in a structured, commonly used format.
  • Revocation: You can withdraw consent for marketing communications at any time.

To exercise these rights, email us at support@dolafy.com with the subject line “Privacy Request”.

7. Security and Retention

7.1 Security

We use enterprise-grade security measures, including encryption in transit (SSL/TLS) and at rest. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security. You are responsible for keeping your login credentials confidential.

7.2 Retention

We retain your personal data only as long as necessary to fulfill the purposes described in this policy, or as required by law (e.g., tax and accounting laws). When data is no longer needed, it is securely deleted or anonymized.

8. Cookies and Tracking

We use cookies to:

  • Keep you logged in securely.
  • Remember your preferences (like language).
  • Analyze site traffic to improve performance.

You can control cookies through your browser settings, though disabling them may affect the functionality of the Dolafy Dashboard.

9. Contact Us

If you have questions about this Privacy Policy or how we handle your data, please contact our Data Protection Officer (DPO) team: