Privacy Policy

We at MEISTRARI DESENVOLVIMENTO DE SOFTWARE LTDA ("MEISTRARI"), a company headquartered at Alameda Ministro Rocha de Azevedo 599, apt 11, respect and care for the privacy of Personal Data Subjects, always striving to act transparently and provide clear information about the Processing of Personal Data.

The Processing of your Personal Data aims, first and foremost, to provide better and more personalized service, taking into account the specific conditions of each User. The more the User interacts with us, the more information is provided and, consequently, the greater our ability to offer more personalized services.

As Users contact us, register, access, and use Tela, personal information about the User may be collected and processed. This Privacy Policy describes the types of Personal Data we may receive about the User, how we may use it, with whom we may share it, how we protect and keep it secure, as well as the User's rights regarding their Personal Data.

This Privacy Policy provides an overview of the situations through which we may interact.

This Privacy Policy is an integral and inseparable part of Tela's Terms and Conditions of Use ("Terms of Use"), available at https://tela.com/terms-of-use.

1. Definitions

1.1 Capitalized terms will have the meaning assigned to them in the Terms of Use or in applicable law. Below are some definitions used throughout this Privacy Policy:

• "User" or "You": any person, whether a legal entity or an individual accessing Tela on behalf of a legal entity, who inputs Personal Data into Tela by adhering to the Terms of Use and this Privacy Policy;
• "Client": companies that hire and use Tela and the Product, sharing Anonymized Data of their employees, which will later be integrated into the Product;
• "Tela": the website https://tela.com, in addition to any applications, widgets, software, tools, and other services offered by MEISTRARI to make the Product available;
• "Product": solution accessed through Tela;
• "Terms of Use": General Terms and Conditions of Use of the Product, available at https://tela.com/terms-of-use;
• "Personal Data": data that identifies or makes a natural person identifiable;
• "Sensitive Personal Data": Personal Data about racial or ethnic origin, religious belief, political opinion, union membership or membership in a religious, philosophical, or political organization, data concerning health or sexual life, as well as genetic or biometric data when linked to a natural person;
• "Anonymized Data": any data related to a Data Subject that cannot be identified, considering the use of reasonable and available technical means at the time of its Processing;
• "Controller": natural person or legal entity responsible for decisions regarding the Processing of Personal Data;
• "Independent Controllers": two or more natural persons or legal entities with decision-making power over the Processing of Personal Data, in which each Controller separately and independently defines the purposes and means of Processing, each being responsible for the Processing carried out within their scope of action;
• "Processor": natural person or legal entity that processes Personal Data on behalf of the Controller;
• "Cookies": browsing files that temporarily store information about what the User is visiting on a certain website or application;
• "Data Subject": natural person to whom the Personal Data being processed refers;
• "Processing": any operation or set of operations performed on Personal Data or sets of Personal Data, whether by automated means or not, such as, but not limited to, collection, use, access, organization, consultation, production, alteration, reception, classification, utilization, reproduction, communication, transmission, distribution, processing, archiving, storage, adaptation, retrieval, transfer, availability, combination, restriction, elimination, evaluation or control, modification, deletion, or extraction;
• "Data Protection Legislation": while in force, the General Data Protection Law (Law No. 13.709/2018 or "LGPD"), its subsequent amendments, and any other laws and regulations applicable to the Processing, protection, and privacy of Data, including, when applicable, guidelines, standards, regulations, ordinances, and codes of practice and conduct issued by the National Data Protection Authority ("ANPD") or another competent authority;
• "Personal Data Incident": security breach resulting in the destruction, loss, alteration, unauthorized disclosure, or unauthorized access to Personal Data transmitted, stored, or otherwise Processed by MEISTRARI or an authorized subcontractor;
• "Consent": free, informed, and unequivocal expression by which the Data Subject agrees to the Processing of their Personal Data for a specific purpose.

2. Data Collection

2.1 Collected data and data sets. MEISTRARI collects and processes various types of Personal Data when Users access, register, and use Tela according to the functionalities made available.

Some of this data is:

(i) automatically collected by us, such as information from the device used to access Tela, geolocation data, access logs, Tela usage information, Cookies or similar technologies, statistical information, and aggregated data;

(ii) provided directly by Users, such as registration and identification data, information entered into Tela, and information shared when contacting us or interacting with other Users; and

(iii) provided by third parties, such as employee names for service provision, always in compliance with Data Protection Legislation.

See below the Personal Data we collect:

3. How We Use the Collected Data

3.1 Security. MEISTRARI will use its best efforts to keep Personal Data secure at all times, adopting security and protection measures, both technical and administrative, compatible with the nature of the Data collected, used, stored, or otherwise processed, in accordance with market best practices.

3.1.1 Exceptions. However, no method of electronic transmission or retention of data is completely secure and may be subject to external attacks. Accordingly, MEISTRARI cannot guarantee that such security measures are free from flaws or immune to third-party interference, such as hackers. By its nature, despite MEISTRARI's best efforts, any security measure may fail and any Data may become public. BY USING TELA, THE USER DECLARES THAT THEY ARE AWARE OF AND EXPRESSLY ASSUME THIS RISK, AGREEING THAT MEISTRARI WILL NOT BE RESPONSIBLE FOR ANY DATA LEAKS OR UNAUTHORIZED ACCESS TO DATA.

3.1.2 The security measures described above apply to User Data only from the moment they are received by MEISTRARI and while they remain under its custody. The operation and security of the devices used by Users to access Tela, as well as third-party networks through which data travels, are not the responsibility of MEISTRARI.

3.2 Servers. While the User keeps their account active on Tela, all collected information will be stored with a high security standard on servers owned by MEISTRARI or third parties, located in Brazil and/or abroad. The User acknowledges that MEISTRARI may store Personal Data on servers outside Brazil and/or use service providers located abroad. In such cases, MEISTRARI will observe the legal requirements applicable to international data transfers, ensuring an adequate and equivalent level of protection to that required by Brazilian law.

3.3 Storage period. Personal Data will be kept for as long as necessary to fulfill the purposes described in this Privacy Policy. MEISTRARI adopts controls to ensure that Data is stored only for the period strictly necessary, and that it is deleted when the purpose of its Processing ends or when there is no longer a legal basis for its retention. Notwithstanding, Data may be kept for a longer period when necessary to comply with legal or regulatory obligations.

3.4 Data deletion. When Personal Data is no longer necessary, it will be deleted from MEISTRARI's systems and records or anonymized so that it no longer allows the identification of the Data Subject, at MEISTRARI's discretion. MEISTRARI may keep certain Personal Data to comply with legal or regulatory obligations, as well as for the regular exercise of its rights, including in judicial, administrative, or arbitral proceedings. For audit, security, fraud control, and rights preservation purposes, MEISTRARI may keep the history of Personal Data for a longer period whenever authorized or required by applicable law or regulation.

3.5 LIMITATION OF LIABILITY. NOTHING IN THIS PRIVACY POLICY IS INTENDED TO EXCLUDE OR LIMIT ANY CONDITIONS, WARRANTIES, RIGHTS, OR LIABILITIES THAT CANNOT BE LEGALLY EXCLUDED OR LIMITED. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF CERTAIN WARRANTIES OR CONDITIONS, NOR THE LIMITATION OR EXCLUSION OF LIABILITY FOR DAMAGES. IN SUCH CASES, ONLY THE LIMITATIONS PERMITTED BY LAW WILL APPLY. WHEN EXCLUSION OF LIABILITY IS NOT POSSIBLE, BUT ITS LIMITATION IS PERMITTED, MEISTRARI'S TOTAL LIABILITY WILL BE LIMITED TO R$ 1,000.00 (ONE THOUSAND BRAZILIAN REAIS).

4. Rights of Data Subjects

4.1 Rights of Data Subjects. MEISTRARI provides tools for Data Subjects to exercise their legal rights regarding their Personal Data. In this section, we describe these rights and how they can be exercised:

• Confirmation of the existence of Processing: the Data Subject may confirm whether MEISTRARI processes their Personal Data;
• Access to Personal Data: the Data Subject may access their Personal Data, including requesting a copy of the processed data;
• Correction of incomplete, inaccurate, or outdated data: the Data Subject may request the alteration or correction of their Personal Data;
• Anonymization, blocking, or deletion: the Data Subject may request the anonymization, blocking, or deletion of unnecessary, excessive, or unlawfully processed data under Data Protection Legislation;
• Portability: the Data Subject may request the portability of their Data through the contact channels indicated in this Privacy Policy;
• Deletion of Personal Data: the Data Subject may request the deletion of Personal Data processed based on their Consent through Tela itself or through the contact channels indicated in this Policy;
• Information about sharing: the Data Subject may request information about the public and private entities with which MEISTRARI has shared their Personal Data;
• Information about the possibility of not consenting: the Data Subject may obtain information about the possibility of not providing Consent for the Processing of their Personal Data and about the consequences of such refusal, including the possible impossibility of MEISTRARI providing services;
• Revocation of Consent: the Data Subject may, at any time, revoke the Consent previously granted, with the Processing carried out until the moment of revocation remaining valid.

4.2 Exercise of rights. The rights described above, as well as others provided for in applicable law, may be exercised directly by the Data Subject through Tela, according to the available functionalities, such as tools for accessing and editing Personal Data, or by request sent to [email protected]. MEISTRARI may request additional information or documents to verify the identity of the requester.

4.3 Consequences of data deletion. The Data Subject acknowledges that, in certain cases, complying with deletion requests may prevent MEISTRARI from continuing to provide its services. Therefore, a request to delete Personal Data will imply the immediate deactivation of the User's account on Tela, with the definitive loss of the data entered. After deletion, MEISTRARI may use the data in anonymized form, without identifying the Data Subject, for the purposes provided in this Privacy Policy.

4.4 Data retention. MEISTRARI may keep Personal Data for a period longer than initially provided whenever necessary to comply with legal or regulatory obligations, to meet orders from public authorities, or for the regular exercise of rights in judicial and/or administrative proceedings, as well as in cases where the data has been duly anonymized.

In compliance with applicable law or by court order, MEISTRARI may retain certain Personal Data for a minimum period of 6 (six) months after the deletion request. During this period, such data will not be anonymized or deleted. MEISTRARI will record the deletion request and, after complying with the mandatory legal periods, will proceed with the deletion or anonymization of information that allows the identification of the User, at its sole discretion.

If the User requests the deletion of their data and has outstanding obligations towards MEISTRARI, their Personal Data will not be deleted until the pending matter is resolved, and it will be retained to enable the adoption of the appropriate measures.

4.5 Consequences of refusing Consent. The absence of Consent, when necessary for the Processing of Personal Data, may prevent MEISTRARI from providing its services or limit the User's access to certain functionalities of Tela.

5. Contact with MEISTRARI

5.1 Contact. In case of doubts, suggestions, complaints, or requests for clarification about this Privacy Policy or the Processing of Personal Data carried out by MEISTRARI, as well as for the exercise of any of the rights provided for in this Privacy Policy or in Data Protection Legislation, the User may contact MEISTRARI by email at [email protected].

MEISTRARI will use its best efforts to clarify any doubts and/or address the requests made.

6. Data Sharing with Third Parties

6.1 Processing Operators. MEISTRARI may hire third parties to assist in providing its services, such as cloud storage providers and payment processing platforms. Currently, MEISTRARI shares Data with infrastructure providers, including servers, hosting, and cloud services, for the proper functioning of Tela, IT service providers, and partners related to payment processing. These providers may be replaced at any time, provided adequate standards of data security and confidentiality are maintained. MEISTRARI, as Controller, will require such Processors to maintain adequate levels of security and confidentiality.

6.2 Third-Party Services. During the use of Tela, Users may use other services, channels, products, and platforms provided, maintained, and/or operated by third parties, used as support means or channels for the services provided by MEISTRARI, but without direct relationship with it ("Third-Party Services"). Such Third-Party Services may include, for example, payment platforms, file-sharing tools, among others.

When MEISTRARI's services use such Third-Party Services, the Processing of Personal Data will also be subject, in addition to this Privacy Policy, to the privacy policies and terms of use of those third parties, over which MEISTRARI has no control or influence.

In these cases, MEISTRARI and the third party will act as Independent Controllers, each being responsible for the Processing of Personal Data carried out within the scope of its activities.

With regard to MEISTRARI, even when Personal Data is received through these Third-Party Services, the Processing will always observe this Privacy Policy. Nevertheless, the User is advised to consult the policies applicable to the respective Third-Party Services, since MEISTRARI has no influence over the relationship between the User and such third parties, nor is it responsible for the use those third parties make of Personal Data entered directly by the User in those services.

6.3 Sharing with other third parties. In addition to the situations already mentioned, Personal Data may be shared with third parties, including as Controllers, in the following situations:

• 6.3.1 New businesses. Personal Data may be transferred to MEISTRARI affiliates and/or in the context of corporate transactions, such as acquisition, sale, merger, corporate reorganization, or any other change of control. In such cases, MEISTRARI will ensure that the third party that gains access to or control over the Data is bound by this Privacy Policy, ensuring the continuity of Personal Data protection, and will notify Users in advance if there is any relevant change;
• 6.3.2 Regular exercise of rights. MEISTRARI may share Personal Data with third parties, such as law firms, consultancies, collection companies, accounting firms, and similar entities, for the regular exercise of its rights and to ensure compliance with this Privacy Policy and the Terms of Use;
• 6.3.3 Judicial or administrative request. MEISTRARI may share Personal Data upon judicial or administrative request;
• 6.3.4 Compliance with legal or regulatory obligations. MEISTRARI may share Personal Data with public bodies, authorities, and entities, as well as with private individuals or legal entities, when necessary to comply with legal or regulatory obligations;
• 6.3.5 With the User's authorization. In other cases, if sharing is necessary, MEISTRARI will request the User's Consent in advance.

6.4 Legal basis for sharing. Data sharing with third parties will be carried out based on the User's Consent or on other applicable legal bases, such as:

• (i) regular exercise of MEISTRARI's rights;
• (ii) compliance with legal or regulatory obligations;
• (iii) performance of a contract;
• (iv) MEISTRARI's legitimate interest, excluding Sensitive Personal Data in this case, or any other legal basis provided for in applicable law.

7. International Transfers

7.1 International data transfers. To optimize the efficiency, performance, and security of Tela, MEISTRARI may use global technical infrastructure and rely on service providers located in Brazil and abroad. Therefore, your Personal Data, including Sensitive Personal Data, may be transferred to other countries for Processing and storage, under the terms and for the purposes set forth in this Privacy Policy, as well as to enable the provision of the services requested by You.

MEISTRARI may transfer your Personal Data to service providers acting as Processors, carrying out the Processing on behalf of MEISTRARI and according to its instructions.

7.2 Privacy and data protection laws may vary from country to country, and the standards applicable in other jurisdictions may differ from those in Brazil. Even so, MEISTRARI will use its best efforts to ensure the level of data protection provided in this Privacy Policy, in accordance with applicable law.

8. Cookies

8.1 Cookies and similar technologies. MEISTRARI may use Cookies and similar technologies, such as pixels and tags, to ensure that the services provided meet quality standards. Cookies collect statistical information and will not be used for purposes other than those expressly provided in this Privacy Policy.

8.2 What are Cookies and what are they for? Cookies are small files added to your device or computer to provide a personalized experience when accessing Tela. MEISTRARI may use the following types of Cookies:

• 8.2.1 Necessary: Cookies that enable Tela to function and without which the platform may not operate properly. Because they are essential, their use is based on the execution of the contract between MEISTRARI and the User;
• 8.2.2 Functional: Cookies that enable additional functionalities or allow access to specific areas of Tela. Although they are not indispensable for the service to function, disabling them may reduce the platform's functionality. The use of these Cookies is based on the User's Consent when activating such functionalities;
• 8.2.3 Performance: Cookies used to measure and improve the performance of specific pages and the content available on them;
• 8.2.4 Third-party Cookies: Tela may use plugins from third-party websites, applications, and other services. Cookies used by those third parties may be stored in the User's browser. Each third party has its own privacy and personal data protection policy and is responsible for the data collected and the practices adopted. The User may consult the respective sites for information about the Processing of their Personal Data.

MEISTRARI HAS NO CONTROL OR INFLUENCE OVER SUCH THIRD-PARTY SERVICES AND IS NOT RESPONSIBLE FOR THE CONTENT, PRACTICES, OR SERVICES THEY OFFER, NOR FOR THE PROCESSING OF PERSONAL DATA CARRIED OUT BY THOSE THIRD PARTIES, EVEN IF THERE ARE LINKS AVAILABLE ON TELA.

8.3 Limitation on the use of Cookies. Internet browsers generally allow the collection of Cookies to be disabled. If the User does not wish to use Cookies, they may configure their browser to reject them or adjust privacy preferences, although this may impact Tela's functionality.

9. User Responsibility in Protecting Their Data

9.1 Without prejudice to MEISTRARI's efforts to maintain the confidentiality of Personal Data under this Privacy Policy, it is the responsibility of each User to keep their account login and password on Tela secure and confidential.

9.2 If the User believes that their account login and password on Tela were improperly accessed by third parties or became known to unauthorized persons for any reason, they must immediately notify MEISTRARI by email at [email protected], without prejudice to immediately changing their password directly on Tela.

10. Privacy Policy Updates

10.1 Changes to the Privacy Policy. MEISTRARI may, at any time and at its sole discretion, change this Privacy Policy. Any changes will be communicated at least 30 (thirty) days in advance, through Tela itself and/or by email provided by the User and/or by highlighting the changes at the top of this Policy, with a link to the changes made available for a reasonable period. The User should periodically review this page to check for updates and ensure that they agree with the modifications.

10.2 Acceptance of changes. Except in cases where express Consent is required, the continued use of Tela and/or the absence of objection by the User after 30 (thirty) days from the disclosure of the new version of this Privacy Policy will be interpreted as awareness of and full agreement with the new terms applicable to the Processing of Personal Data. If the User does not agree with the changes, they must refrain from using Tela and may request the cancellation of their account under the Terms of Use.