New!Explore MarketplaceSign up free

Privacy Policy

Last updated: April 2026

1. Data Controller

The controller of personal data collected through the Geniau platform (geniau.com) is NAVROZ PARTICIPAÇÕES LTDA, registered under CNPJ/MF No. 64.335.226/0001-26, headquartered at Rua Min. Correia de Castro, 232, Vila Serralheiro, São Paulo/SP, ZIP 02.836-060.

This Privacy Policy has been prepared in accordance with the General Data Protection Law (Lei n.º 13.709/2018 — LGPD), the Internet Civil Framework (Lei n.º 12.965/2014), the Consumer Protection Code (Lei n.º 8.078/90), and other applicable regulations.

2. Personal Data Collected

We collect the following categories of personal data:

  • Identification data: full name, email address, CPF (when required for invoice issuance);
  • Authentication data: login credentials (encrypted password), OAuth tokens (Google);
  • Profile data: profile picture, biography, areas of interest;
  • Usage data: submitted ideas, purchased plans, browsing history on the Platform, IP address, device type, and browser;
  • Payment data: processed exclusively by our partner Stripe, which holds PCI-DSS Level 1 certification. Geniau does not store credit card data on its servers.

3. Purposes of Data Processing

Personal data is processed for the following purposes:

  • Creation and management of the User's account;
  • Processing of transactions and payments;
  • Operation of AI analysis services;
  • Personalization of the User's experience;
  • Sending transactional communications (purchase confirmation, analysis status);
  • Sending marketing communications (with prior consent, which may be revoked at any time);
  • Generation of aggregated and anonymized statistical reports on innovation trends;
  • Compliance with legal and regulatory obligations;
  • Regular exercise of rights in judicial, administrative, or arbitral proceedings.

4. Legal Bases (Art. 7 of the LGPD)

The processing of personal data is based on the following legal grounds:

  • Consent (Art. 7, I): for sending marketing communications and non-essential cookies;
  • Contract performance (Art. 7, V): for providing contracted services (idea analysis, plan generation, transactions);
  • Legitimate interest (Art. 7, IX): for continuous improvement of the Platform, fraud prevention, and security;
  • Legal obligation compliance (Art. 7, II): for responding to requests from competent authorities and tax obligations.

5. Data Sharing

Geniau does not sell, rent, or trade personal data of its Users. Data may be shared exclusively with:

  • Payment processors: Stripe Inc. (PCI-DSS certified), for processing financial transactions;
  • Infrastructure providers: hosting and cloud computing services, for secure data storage and processing;
  • AI providers: Anthropic (Claude), Google (Gemini), and OpenAI, for analysis processing — data sent is limited to idea and plan content, without personally identifiable data;
  • Competent authorities: when required by law, court order, or administrative request.

6. International Data Transfer

Some data may be processed on servers located outside Brazil, in countries such as the United States, by our infrastructure and AI partners. We ensure that such transfers are carried out in compliance with Art. 33 of the LGPD, through standard contractual clauses that ensure a level of protection equivalent to Brazilian legislation.

7. Data Retention

Personal data will be stored for the period necessary to fulfill the purposes described in this Policy, subject to the following minimum retention periods:

  • Account data: while the account is active, and up to 6 (six) months after account deletion;
  • Transaction data: 5 (five) years, as required by tax law (National Tax Code);
  • Access logs: 6 (six) months, as per the Internet Civil Framework (Art. 15);
  • Data for regular exercise of rights: until the expiration of the applicable statute of limitations.

8. Data Subject Rights (Art. 18 of the LGPD)

The User, as a data subject, may exercise the following rights at any time:

  • Confirmation of the existence of data processing;
  • Access to personal data;
  • Correction of incomplete, inaccurate, or outdated data;
  • Anonymization, blocking, or deletion of unnecessary or excessive data;
  • Data portability to another service provider;
  • Deletion of data processed based on consent;
  • Information about entities with which data has been shared;
  • Revocation of consent at any time.

To exercise any of these rights, please contact us at suporte@geniau.com. We will respond within 15 (fifteen) business days, as established by the LGPD.

9. Data Security

Geniau adopts appropriate technical and organizational measures to protect personal data, including:

  • TLS/SSL encryption for all communications;
  • Passwords stored with hashing (bcrypt) — never in plain text;
  • Cryptographic hash (SHA-256) for idea timestamps;
  • Role-based access control (RBAC);
  • Regular backups with encryption at rest;
  • Continuous vulnerability monitoring.

While we adopt best security practices, no system is 100% impenetrable. In the event of a security incident that may pose a risk or relevant damage, we will notify affected data subjects and the National Data Protection Authority (ANPD) within a reasonable timeframe, pursuant to Art. 48 of the LGPD.

10. Data Protection Officer (DPO)

The Data Protection Officer (DPO), pursuant to Art. 41 of the LGPD, can be contacted at: suporte@geniau.com.

11. Contact

For questions, requests, or complaints related to this Privacy Policy:

  • Controller: NAVROZ PARTICIPAÇÕES LTDA — CNPJ 64.335.226/0001-26
  • Email: suporte@geniau.com