Privacy Policy
1. Purpose

1.1 Sofist Qualidade de Software S.A. ("Sofist", "we", "our"), with address at Avenida Orosimbo Maia 360, Sala 509, Campinas/SP, Brazil, CEP 13010-211, is committed to protecting your personal data and complying with applicable data protection laws, including Brazil's General Data Protection Law (LGPD). This privacy policy describes how and why we collect, use and disclose personal data, and how data subjects can exercise their rights.

2. Scope

2.1 This policy applies to all users who access and interact with Sofist's website, covering all pages, contact forms, newsletters, integrated services, all personal data processed by Sofist, including customer data, potential customers, regardless of their location.

3. Roles and responsibilities

3.1 Data Controller (Organization responsible for the website)

- Ensuring compliance with personal data protection regulations;
- Keeping the privacy notice up to date and accessible to users;
- Ensuring response mechanisms for data subjects (e.g.: requests for access, correction or deletion of personal data); - Ensuring compliance with personal data protection regulations.

Data Protection Officer (DPO)

- Act as a communication channel between data subjects, the organization and the National Data Protection Authority (ANPD);
- Monitor and provide guidance on the privacy practices adopted on the website.

3.3 Website users

- Read and understand this notice before providing any personal information;
- Use the channels indicated to exercise their rights under the LGPD.
4. General guidelines

4.1 Personal data we collect

‍We may collect the following categories of personal data:

- Identifiers: First name, last name, e-mail address, telephone number, occupation/position, country, company.
- Information about activities on the Internet or other electronic networks: IP address, browsing history and interactions with our website.
-Professional or employment-related information: Position, employer and professional experience.
- Sensitive data: Where applicable, data relating to personal preferences or behavior, processed only with explicit consent and in compliance with article 11 of the LGPD.
- Information for hiring employees: Identifiers, sensitive personal data, emergency contacts (including identifying data of these contacts), bank details, personal documents (voter registration, ID, reservist card, CPF, work permit and driver's license) and, where applicable, identifying and sensitive personal data of dependents.
- Information for recruitment and selection: Any data or information, in whatever format, provided by official recruitment channels and/or CVs and letters made available to Sofist.

‍4.2 Purposes of processing

‍We process personal data for the following purposes:

- Provision of Services: To provide consulting services in information technology and other related services, preparing reports, analyses and other documents related to our activities.
- Business Development: To create opportunities to present our solutions to clients and potential clients.
- Communication: To send invitations, publications and various communications.
- Support: To provide user support and answer questions.
- Hiring, Recruitment and Selection: Personal data of candidates is collected for background assessment, where applicable.
- Legal Compliance: To comply with legal obligations in different jurisdictions.

4.3 How personal data is collected

‍4.3.1 Personal data is collected in the following ways:

- Personal data provided by the data subject: we collect personal data necessary to initiate and maintain a commercial and/or contractual relationship with the data subject via an electronic channel, for inclusion in electronic systems maintained by Sofist or by partners.
- Personal data provided by third parties: we also process personal data that is provided by third parties. For example, data received from our legal entity clients regarding users of their digital products, employees, etc.

‍4.3.2. We do not knowingly collect, store or otherwise process personal data that is excessive or unnecessary for the provision of our services. Accordingly, we ask you to refrain from sharing sensitive personal data with us, such as those relating to your racial or ethnic origin, religious belief, political opinion, membership of a trade union or religious, philosophical or political organization, health or sex life, as well as genetic data.‍‍
4.4 Purpose of personal data and legal bases for processing

4.4.1 Sofist acts as an operator to carry out the data processing activities of our clients.

‍4.4.2 All personal data collected is used for the provision of services or their supply. The privacy of the data subject is respected. Therefore, all personal data and information is treated as confidential and used only for the purposes described herein.

‍4.4.3. Our processing of personal data is based on the following legal grounds:

- Consent: where you have provided consent for specific processing activities.
- Contractual necessity: to enter into a contract with you or to take steps at your request prior to entering into a contract.
- Legal or regulatory obligation: to comply with legal and regulatory obligations under the LGPD, including cases of money laundering or anti-corruption measures.
- Legitimate interests: for the purposes of our legitimate interests, provided that these are not overridden by your data protection rights.
- Regular exercise of rights: for the regular exercise of rights in judicial, administrative or arbitration proceedings - for example, in judicial or administrative defenses in proceedings to which we are a party.

‍4.5. Period of retention of personal data

‍‍4.5.1. Personal data will be kept for the period necessary to achieve the purposes defined at the time of collection. After the termination of this relationship, they will be kept for as long as necessary to comply with legal obligations or as described in contractual agreements and exercise your rights, including for the purpose of auditing our activities. Retention periods are reviewed periodically and are in accordance with Article 15 of the LGPD.

‍4.5.2 Once the purpose of processing personal data has been fulfilled, the information will be disposed of securely, except in the cases legally provided for in Article 16 of the LGPD. That is, personal information about you that is essential for compliance with legal, judicial and administrative orders and/or for exercising the right of defense in judicial and administrative proceedings will be kept, despite the deletion of other data.‍

‍4.6. Sharing and disclosure of data

‍‍4.6.1. Personal data may be shared in the following cases:

- Legal determination, request, requisition or court order, obliging the sharing of data with competent judicial, administrative or governmental authorities.
- Use of third-party services or platforms that support our operations, causing personal data to be stored by the service providers, who in turn are contractually obliged to protect your data.
- Corporate movements, such as mergers, acquisitions and incorporations, automatically forcing the sharing of data with future shareholders.
- Protection of Sofist's rights in any type of conflict, including those of a judicial nature.

‍4.6.2 We will only share your personal data with third parties when we can do so under the terms of the law or the contract we have entered into. When we share your data with third parties, we take contractually established security measures so that personal data protection mechanisms appropriate to the law and accepted by us are in place.

‍4.7. International data transfers

‍‍4.7.1. We may use third parties located in other countries to perform some services provided by us. As a result, some personal data may be transferred abroad.

4.7.2. We take care to ensure that all personal data shared with agents abroad is adequately protected and in accordance with standards similar to those we have adopted. If we transfer your personal data outside your jurisdiction, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses for compliance with the mechanisms described by the LGPD. Transfers comply with Article 33 of the LGPD.
4.8 Measures for the security of personal data‍

‍4.8.1. Sofist has an Information Security Policy that is updated in line with the best information security practices.

‍4.8.2. The main measures adopted by Sofist to protect your personal data are:

- Confidentiality: All Sofist employees are subject to total confidentiality and any third parties hired are required to sign a confidentiality agreement, if this is not part of the main agreement between the parties.
- Transparency: Sofist always keeps users informed of changes in the procedures for processing personal data aimed at protecting privacy and data security, including the establishment of appropriate practices and policies. The data subject can, at any time, request information about where and how personal data is stored, protected and used.
- Isolation: All access to personal data is blocked by default, using a zero privilege policy. Access to personal data is restricted to individually authorized personnel. The area responsible for the data grants authorizations when proven necessary and keeps a record of authorizations granted. Authorized personnel receive minimal access to the database and systems, at the level strictly necessary to carry out their activities.
- Personal data subject rights: Sofist makes it possible for data subjects to exercise their rights in an accessible and user-friendly channel.
- Monitoring: Sofist uses log audit reports and notifications to monitor access patterns and identify and mitigate potential threats. Administrative operations, including access to the system, are recorded to provide an audit trail in the event of unauthorized or accidental changes.
- Communication of a security incident: In the event of a security incident that may entail a risk or relevant damage to user data, Sofist will notify the National Data Protection Authority (ANPD) in the case of the LGPD and, as the case may be, will notify the holder, in both cases, within a reasonable period of time, with information on the description of the nature of the personal data affected, including an indication of the technical and security measures used for data protection, related risks and measures that have been or will be adopted to reverse or mitigate the effects of the damage.

‍4.8.2.1. For the purposes of the above, "security incident" means a breach of security that leads to unauthorized access, accidental or unlawful destruction, loss, alteration, communication or any form of improper or unlawful processing.

‍4.8.3. Nevertheless, you should be aware that no Internet security system is guaranteed against unwanted intrusions, and Sofist's commitment is limited to the adoption of protection measures recommended according to the current state of the art.

‍4.8.3.1. In this regard, Sofist is not responsible for (i) any consequences arising from the negligence, imprudence or malpractice of the data subject in relation to their personal data. We guarantee and are only responsible for the security of the data processing processes and the fulfillment of the purposes described in this instrument; (ii) malicious actions by third parties, such as hacker attacks, unless Sofist's culpable or deliberate conduct is proven, and (iii) inaccuracy of the information entered by the data subject in the records required to use Sofist's services; any consequences arising from false information or information entered in bad faith are entirely the responsibility of the data subject.
4.9 Data subjects' rights‍

‍4.9.1 Data subjects may exercise their rights directly or through a legally constituted representative.

‍4.9.2 Depending on your jurisdiction, you may have the following rights in relation to your personal data:

- Right to know: To request information about the categories and specific personal data we have collected about you.
- Right of access: To obtain a copy of your personal data.
- Right to erasure: To request the erasure of your personal data, subject to certain exceptions.
- Right to correction: To request the correction of inaccurate personal data.
- Right to data portability: To receive your personal data in a structured, commonly used and machine-readable format.
- Right to cancel the sale: To direct us not to sell your personal data. It is important to emphasize that Sofist does not sell personal data.
- Right to non-discrimination: To receive equal service and price, even if you exercise your privacy rights.
- Right to restrict processing: In accordance with the LGPD, you may request restriction of processing in specific circumstances.

4.9.3. To exercise these rights, please contact us at privacy@sofist.co.

5. Changes to this policy

5.1. We may update this privacy policy from time to time. Any significant changes will be posted on this page with an updated effective date. We therefore recommend that you periodically request this document in order to be aware of any changes.

6. Terms and definitions

- ANPD: National Data Protection Authority.
- Employees: All Sofist employees, regardless of their position, function or form of employment.
- LGPD: General Data Protection Law.
- Newsletter: Digital publication, sent by email, which contains information, news, updates or relevant content on a specific topic, for a previously registered and interested audience.

‍7. Contact

7.1 If you have any questions, concerns or complaints about this privacy policy or our data practices, please contact us at privacy@sofist.co.

7.2 For questions related to the LGPD, you can contact Brazil's National Data Protection Authority (ANPD), which is responsible for ensuring that the rights of personal data subjects are respected in Brazil. For more information about your rights or the procedure for making a complaint, visit the ANPD channel.

7.3 For other questions, you can contact our Data Protection Officer (DPO) at dpo@sofist.co.


Last updated: August 14, 2025.

Sofist is a quality engineering consultancy that supports technology leaders in bringing continuous quality to their IT operations.

|
SolutionsAI Quality AcceleratorsSofist AI ToolkitTestQuakeStructured QA ExecutionAgile testingTest AutomationPerformance testingAd Hoc SupportSoftware Quality AssessmentOne Day Testing
By ChallengeBugs in ProductionQuality cultureArtificial IntelligenceRegression testingTesting in CI/CD PipelineEmergency ValidationTechnical DebtBy SegmentTechnology, Media and TelecomBanking, Finance and InsuranceRetailIndustryAdvertisingMobilityOthers
Why Sofist?Who we arePressCareers
ContentBlogNews SofistMaterialsContactContactPrivacy Policy

Sofist is a quality engineering consultancy that supports technology leaders in bringing continuous quality to their IT operations.

|
SolutionsQuality accelerators with AITestQuakeStructured QA ExecutionAgile TestingTest automationPerformance testing

One-off support

Software Quality AssessmentOne Day Testing
By ChallengeBugs in ProductionQuality cultureArtificial IntelligenceRegression testingTesting in CI/CD PipelineEmergency ValidationTechnical DebtBy SegmentTechnology, Media and TelecomBanking, Finance and InsuranceRetailIndustryAdvertisingMobilityOthers
Why Sofist?Who we arePressCareers
ContentBlogNews SofistMaterialsContactContactPrivacy Policy
2025 © Developed by Sofist | CNPJ: 08.401.346/0001-03
By clicking "Accept", you agree to store cookies on your device to improve site navigation, analyze usage and assist in our marketing efforts. Please read our Privacy Policy for more information.
PreferencesDenyAccept
Close Modal
Close Modal

Tell us a bit about yourself

Thank you! We've received your message and will be in touch soon!
Something has gone wrong. Please check the fields and try again.

Aspect

Traditional Staff
Augmentation

Crowd-testing

One Day Testing

Agile Contracting, Execution & Results Delivery

Bad

Medium

Excellent

Confidentiality of Data & Software

Excellent

Bad

Excellent

Test Team Expertise

Excellent

Unpredictable

Excellent

Control Over Test Execution

Excellent

Bad

Excellent

Client-Test Team Communication

Excellent

Bad


Excellent

Flexibility to Handle Fluctuating Test Demands

Bad

Excellent

Excellent

Investment

Bad

Medium

Excellent

Top
Top
Contact
Top