LGPD — Brazilian Data Protection Law
Last updated: 2026-05-05
This document explains how EtiquetaChef complies with Brazilian Law No. 13,709/2018 (LGPD). It covers the controller, the Data Protection Officer (DPO), legal bases, data categories, subprocessors, retention, international transfers and how data subjects exercise their rights.
1. Who is the controller
The controller of personal data processed by EtiquetaChef is the EtiquetaChef brand, responsible for processing decisions, technical infrastructure and handling data subject requests. General contact: help@etiquetachef.com.
2. Data Protection Officer (DPO)
The Data Protection Officer (DPO), pursuant to Article 41 of the LGPD, is Jonas R G Filho. The direct DPO channel is help@etiquetachef.com (subject [DPO]). Full details on identity, responsibilities and SLA are on the DPO page.
3. Legal bases (Article 7 LGPD)
We process personal data only under the legal hypotheses listed in Article 7. The main ones for EtiquetaChef are:
- Contract performance (V): Applied to strictly operational data needed to deliver the service: user and tenant registration, products, labels, prints, billing.
- Legitimate interest (IX): Applied to aggregated product telemetry, fraud prevention and platform security — always with proportionality assessment and respect for data subject rights.
- Consent (I): Applied to non-essential cookies and optional telemetry. The data subject can accept or refuse; refusal does not block service usage.
- Compliance with legal obligation (II): Applied when law, regulation or court order requires the retention or sharing of information.
4. Data categories processed
EtiquetaChef processes the following categories of personal data. We do not process data about restaurants’ end customers; the app is an internal kitchen tool.
| Category | Purpose | Legal basis |
|---|---|---|
| User identification (email, name, language) | Create and maintain the account; deliver operational communications. | Contract performance (V) |
| Authentication data (Firebase Auth, password hashes managed by Google) | Secure login and access recovery. | Contract performance (V) |
| Operational data (products, labels, validity rules, print history) | Run the labelling service. | Contract performance (V) |
| Billing data (plan, subscription, receipts via Stripe) | Charge the subscription, issue receipts, compute MBG refunds. | Contract performance (V) |
| Usage telemetry (UI events, screens accessed) | Product improvement and bug detection. | Legitimate interest (IX) / Consent (I) for optional telemetry |
| Audit logs | Security, fraud prevention and legal obligations. | Legitimate interest (IX) / Compliance with legal obligation (II) |
| Phone number (SMS OTP, when applicable) | Authentication via one-time code sent through Twilio. | Contract performance (V) |
5. Data subject rights (Article 18 LGPD)
The LGPD guarantees data subjects the following rights, exercisable at any time:
- Confirmation of processing: Confirm whether your personal data is being processed.
- Access to data: Get a copy of your data via the in-app exportUserData callable, in structured format (JSON/ZIP).
- Correction of data: Correct incomplete, inaccurate or outdated data in-app or by request to the DPO.
- Anonymization, blocking or deletion: Permanently delete your account via the in-app deleteUserAccount callable — 30-day soft-delete then final removal.
- Portability: Receive your data in interoperable format (JSON/CSV/ZIP export) for transfer to another provider.
- Deletion of data processed with consent: Request deletion of data processed under consent (e.g., optional telemetry).
- Information about sharing: Learn which public and private entities receive your data.
- Information about the option to refuse consent: Receive clear information about the option to refuse consent and the consequences.
- Revocation of consent: Revoke consent previously granted, at any time, through an express request.
You can exercise every right directly in the app, under "Account & Privacy" (route /privacy), or by writing to help@etiquetachef.com (subject [DPO]).
6. Subprocessors (Operators — Article 39)
The following operators process personal data on our behalf, under contract and specific instructions. Each is responsible for the security of its own infrastructure.
| Operator | Purpose | Data processed | Server region |
|---|---|---|---|
| Google Firebase (Firestore, RTDB, Auth, Storage, Functions, Hosting) | Database, authentication, hosting and backend execution. | Identification, operational data, billing, auth, logs. | Firestore + Storage + Functions: southamerica-east1 (Brazil); RTDB: us-central1 (USA). |
| SendGrid (Twilio) | Transactional email delivery (welcome, recovery, receipts). | Email, name, transactional message content. | United States. |
| PostHog Cloud US | Product analytics and conversion funnels. | Aggregated UI events, anonymous identifier, language, device. | United States. |
| Twilio | SMS delivery for one-time-code authentication (OTP). | Phone number, generated OTP code. | United States. |
| Anthropic (optional AI) | Optional AI features (label suggestions, classification). | Only when the user opts in; text sent to the function. | United States. |
| Stripe | Payment processing and subscription management. | Billing identification, card data (tokenized; never stored by us). | United States / global. |
7. International data transfer (Article 33)
Part of the data is processed on servers outside Brazil — RTDB in us-central1 (United States), as well as operators SendGrid, PostHog, Twilio, Anthropic and Stripe, all operating in the United States. Adequacy is guaranteed through Standard Contractual Clauses (SCC) signed with Google and the other operators, in line with Article 33(II) of the LGPD. Firestore, Storage and Functions remain in southamerica-east1 (Brazil).
8. Data retention
We apply the following retention windows:
- User account deleted by the data subject: 30-day soft-delete before final erasure. The subject can revert the deletion during this window.
- Tenant (establishment) marked as deleted: 90 days in DELETED state before physical removal, to honor residual tax and contract obligations.
- Audit logs: up to 12 months, unless a longer legal retention duty applies.
- Backups: 30-day cycle; deleted data is purged from subsequent backups.
9. How to exercise your rights
The preferred channel is the "Account & Privacy" section in the app (route /privacy), with self-service export and deletion. Alternatively, write to help@etiquetachef.com (subject [DPO]).
Response SLA: up to 15 business days from receipt of the request, in line with ANPD recommendations.
10. Brazilian Data Protection Authority (ANPD)
If you believe your rights were not honored, you can file a complaint with the Brazilian Data Protection Authority (ANPD) through the official channel at www.gov.br/anpd. ANPD is the body in charge of overseeing LGPD compliance in Brazil.