Deep Reflection

Last updated: December 12, 2024

This Privacy Policy ("Privacy Policy" or "Policy") outlines the categories of information that Deep Reflection and its affiliates ("DeepReflection.com", "we", "our", or "us") collect, use, and process in accordance with the General Personal Data Protection Law (LGPD - Law No. 13,709/2018).

Unless otherwise stated in this Privacy Policy, the rules described herein apply to all websites, mobile applications, electronic products, digital services, and any other services provided by DeepReflection.com, whether online or offline, that are linked to this Policy (collectively referred to as the "Services").

By using the Services, you express your agreement with the terms and practices described in this Policy, including the processing of your personal data in accordance with Brazilian law. If you do not agree with these practices, we kindly ask that you do not access or use the Services.

Capitalized terms not defined in this Policy shall have the meanings assigned to them in the DeepReflection.com Terms of Service.

1. Information We Collect

When you access or use our Services, we collect different types of information based on your interaction with the platform. Certain data is essential for providing the Services, and its absence may limit or prevent their use. The information collected includes data provided directly by you, data automatically generated from your interactions with the Services, information obtained from other sources, and, when applicable, data provided through integrations with external platforms such as YouTube.

1.1 Information You Provide to Us Directly

We collect information directly provided by you, for example, when you create an account, communicate with us, subscribe to newsletters, or use specific features. This data may include, but is not limited to:

• Email address;
• Username;
• User Content: such as chat messages, posted images, and shared Reflections, as defined in the Terms of Service;
• Content of communications made with us.

Although you are not required to provide this information, certain features or functionalities of the Services may not be available without it.

1.2 Information Collected Automatically

We and our third-party partners, such as ad networks and analytics providers (e.g., Google Analytics), use cookies, pixel tags, and other tracking technologies to collect data about how you interact with the Services. This data may include:

• Browser type and operating system;
• Domain name and IP address;
• Unique device identifiers (such as IDFA or Android ID);
• Pages accessed and frequency of access;
• General location information inferred from IP address.

This data is used to personalize the Services, enhance your user experience, evaluate advertising campaigns, and perform analytics. You may adjust your browser settings to disable cookies, but doing so may impact the optimal functioning of the Services.

1.3 Information Obtained from Other Sources

In addition to data provided directly or collected automatically, we also obtain information from other sources, including:

• Third-Party Platforms: We may collect data from social networks or services linked to your Deep Reflection account (such as Facebook or Google), including account identifiers and granted permissions.
• YouTube: We collect transcripts of videos published on YouTube by content creators who have chosen to integrate their channels into Deep Reflection's training. We also capture video metadata such as title, description, tags, publication date, and view-related information, in accordance with YouTube API usage policies.

Linking your account to a Third-Party Account or authorizing the use of content from platforms like YouTube is optional. If such integration is configured, the collected data will be used exclusively for the purposes defined in this Policy and in accordance with the granted permissions and the policies of those platforms.

2. How We Use the Information We Collect

We may use your information for any of the following purposes:

• To provide and manage the Services;
• To personalize the Services;
• To communicate with you, including information about features or aspects of the Services that we believe may be of interest to you, or to notify you of changes to our terms, conditions, or policies;
• To engage in other communications with you, such as responding to your questions, comments, feedback, or requests;
• To analyze, maintain, improve, modify, customize, and measure the Services, including training our artificial intelligence/machine learning models;
• To train content creators' Reflections using YouTube video transcripts uploaded to the platform by the creators themselves, in accordance with YouTube API usage policies, as well as the metadata associated with those videos;

We may combine information we collect from you through the Services with information we obtain from other sources. We may also aggregate and/or de-identify information collected through the Services. We may use and disclose de-identified or aggregated data for any purpose, including, without limitation, for research and marketing purposes.

3. When We Disclose the Information We Collect

We may disclose your information under the following circumstances:

• Affiliates: We may share information with our affiliates, meaning entities that control, are controlled by, or are under common control with DeepReflection.com. Our affiliates will use the information in a manner consistent with this Policy.
• Vendors: Information may be disclosed to employees, consultants, and third-party vendors who need access to perform work or provide services on our behalf, such as data storage, technical support, analytics, customer service, fraud prevention, and marketing.
• Advertising and analytics: Although we do not conduct advertising at the date of this Policy, in the future we may share information with advertising and analytics partners to serve targeted ads and provide analytical services. These partners may use cookies and tracking technologies to understand user behavior and personalize content.
• Legal requirements: Information may be disclosed to comply with legal, regulatory, or law enforcement processes, such as warrants, subpoenas, or court orders, or as required by applicable laws.
• Business transfers: During negotiations or completion of mergers, asset sales, financing, or acquisitions, information may be transferred to the involved companies.
• User and Reflection conversations: Conversations that the public has with a content creator’s Reflection may be displayed to the creator. This allows them to monitor interactions, understand what is being discussed, and manually adjust responses if necessary to better align with the intended purpose and accuracy of the answers.
• Your User Content: Certain actions performed on the Services may result in content being visible to other users. For example, shared Reflections or messages sent in Group Chats may be made available to participants or other users, depending on your settings.
• Other disclosures with your consent or at your direction: We may share information with unaffiliated third parties when you explicitly authorize us to do so. For example, when recommending the Services to friends or acquaintances, we may disclose specific information about you as needed.

4. Online Analytics and Personalized Advertising

4.1 Analytics

We use third-party analytics services, such as Google Analytics, to understand how users interact with the Services. These providers use technologies described in the "Information Collected Automatically" section, such as cookies and pixel tags, to collect data about the use of the Services, including information about the site from which you accessed our platform.

The information collected may be shared with these providers or collected directly by them to assess your use of the Services. This data helps us identify usage patterns and improve the user experience. Additionally, we may use Google Analytics for advertising-related purposes, as detailed below.

To prevent Google Analytics from collecting information about your web usage, you can install the Google Analytics opt-out browser add-on, available on Google's official website.

4.2 Personalized Advertising

Although we do not use personalized advertising at the time this Policy is published, we may in the future allow third-party advertising networks to use cookies or similar technologies on your device to collect information about your use of the Services. This data may be used to:

• Inform, optimize, and display marketing content based on your previous interactions with our Services and other websites;
• Analyze how marketing impressions and interactions result in visits to our website or app.

We may also allow third parties, such as ad networks and ad servers (including Google Analytics), to use these technologies to deliver personalized ads. These technologies may be associated with non-identifiable or anonymized data linked to information voluntarily provided by you (for example, an email address in a hashed, non-human-readable format).

You can customize your advertising preferences or opt out of personalized ads by visiting the Google Ads Settings Page. Even if you choose not to receive personalized ads, you may still see general advertising content.

4.3 Cookie Considerations and Advertising Opt-Out

Advertising technologies integrated into the Services may continue to display ads even if you disable personalization. To ensure opt-out is effective:

• Make sure your browser accepts cookies when visiting opt-out pages;
• Avoid deleting cookies associated with the opt-out or using different browsers.

Please note that we do not control the opt-out tools provided by third parties, nor are we responsible for the availability or accuracy of those tools.

5. Your Choices

We offer you several choices regarding the collection, use, and disclosure of information about you. These include:

5.1 Profile Information

You may deactivate your account through the profile page. Additionally, you can view, correct, update, or delete certain information directly on your account's profile page.

5.2 Inclusion and Removal of Videos by the Content Creator

Content creators have full control over the videos used to train their Reflections. The inclusion of new videos must be done manually by the content creator, with their explicit consent.

Likewise, the content creator may remove any video previously integrated into Deep Reflection. After removal, the transcripts and metadata of that video will no longer be part of the Reflection training. Since this action is manual, Deep Reflection does not perform these changes automatically. The creator must manage the inclusion or removal directly on the platform.

5.3 Marketing Communications

You may opt out of receiving marketing emails by following the instructions contained in those emails. However, we will continue to send administrative emails related to the Services, such as notifications about updates to our Terms of Service or this Policy.

5.4 Cookies and Analytics

You may choose to opt out of certain processing related to cookies and analytics as described in this Policy.

5.5 Rights Related to Your Information

Depending on your jurisdiction, you may exercise the following rights regarding the information we collect about you:

• Request details about the categories of personal information we collect or disclose, the sources of that information, the business purposes for collection, and the categories of third parties with whom we share that information.
• Request access to and/or a copy of personal information held about you.
• Opt out of the processing of your information for direct marketing or targeted advertising.
• Request the deletion of specific information, subject to legal exceptions.
• Restrict how we process and disclose certain information.
• Transfer your information to a third-party provider of your choice.
• Withdraw your consent for the processing of your information.

5.6 Authorized Agent Requests

You may designate an authorized agent to make requests on your behalf. To validate this authorization, we require written documentation, such as a power of attorney, and we may verify your identity before processing any request.

5.7 Exclusions and Restrictions

Certain information may be retained to comply with legal requirements or for the proper operation of the Services. For example, some information may be necessary to protect our Services or fulfill regulatory obligations.

5.8 Right to Appeal

Depending on applicable laws, you have the right to appeal any decision that denies a request related to your data. We will provide details on how to exercise this right, if applicable.

If you have questions about your rights or wish to exercise them, please contact us at support@deepreflection.com. We will take reasonable steps to verify your identity before responding to requests, thereby ensuring the protection of your privacy.

6. Regional Privacy Disclosures

Contractual Commitments

We may use, share, or disclose personal data to fulfill contractual commitments established with you. For example, we process your personal data to execute signed contracts, including the provision of services or fulfillment of contractual obligations assumed by Deep Reflection.

With Your Consent

In cases required by Brazilian law or in other applicable situations, we use, share, or disclose personal data based on your freely given, informed, and unambiguous consent.

Legitimate Interests

In certain cases, we process, share, or disclose personal data based on our legitimate interests, provided that these interests do not override the fundamental rights and freedoms of individuals. Examples include:

• Customer service;
• Promotional activities;
• Analysis and continuous improvement of our services;
• Providing platform security;
• Fraud prevention;
• Managing legal or regulatory matters.

Legal Compliance

We process and disclose personal data in accordance with applicable legal or regulatory requirements, as established by the General Data Protection Law (LGPD - Law No. 13,709/2018). This includes responding to court orders, applicable regulations, or requests from competent authorities.

Complaints

In addition to the rights described in this Policy, you may file a complaint with the National Data Protection Authority (ANPD) if you believe your data protection rights have been violated. However, we encourage you to contact us first to resolve any concerns. We will seek to respond promptly and resolve the issue in the best possible way.

Online Analytics and Advertising Services

We may use online analytics and advertising services that may share online identifiers (such as cookies, IP addresses, device identifiers, and usage data) with advertising partners to promote the Services on other websites. If you wish to opt out of this type of sharing, you can use the tools described in the Personalized Advertising section of this Policy or access the available options directly on the platform.

Children's Data Protection

We do not knowingly "sell" or "share" personal information of individuals under the age of 16. Any data inadvertently collected will be removed from our systems as soon as it is identified, as required by the LGPD.

Do Not Track

Currently, we do not respond to "Do Not Track" signals sent by browsers, as there is no universally accepted standard for their implementation and use. We will continue to monitor industry practices for potential future adaptations.

7. Children's Privacy

Deep Reflection’s Services are not intended for individuals under the age of 16, and our Terms of Service prohibit use by anyone below this age range. We recognize the importance of protecting children’s privacy and data, as established by the LGPD and the Brazilian Child and Adolescent Statute (ECA).

Data Collection and Deletion

If we identify that a person under the age of 16 has provided personal information, we will take immediate steps to:

1. Terminate the account associated with that child;
2. Delete from our systems all personal information collected, including data generated or shared during the use of the Services.

If you believe we have collected information from a person under the age of 16, please contact us at support@deepreflection.com, and we will promptly investigate the matter.

Data Retention Permitted by Law

In certain circumstances, and when permitted by applicable law, we may internally retain specific information, such as limited and anonymized records, to comply with legal obligations or prevent fraud, provided it does not violate the fundamental rights and freedoms of the data subject.

Connection with Third-Party Accounts

Deep Reflection does not collect data from third-party accounts (such as YouTube or social networks) directly associated with individuals under the age of 16. All integrations with external platforms must be carried out with the explicit authorization of the content creator, who is responsible for ensuring that the materials do not involve minors in an unauthorized manner.

Compliance and Accountability

Deep Reflection is committed to full compliance with data protection rules and follows the principles below to ensure children's privacy:

• Implementation of verification mechanisms to prevent the registration of individuals under the age of 16;
• Immediate deletion of any data identified as originating from a child, as detailed above;
• Transparency and readiness in the event of incidents related to minors' data, in alignment with the ANPD (National Data Protection Authority).

If you have questions or concerns about children's privacy in Deep Reflection's Services, please contact us. Our team is prepared to address these matters in accordance with Brazilian legislation and international best practices.

8. Security

Deep Reflection is committed to protecting the information we collect and process by implementing appropriate technical, administrative, and physical measures, as required by the General Data Protection Law (LGPD - Law No. 13,709/2018). Our security practices are designed to prevent the loss, misuse, unauthorized access, disclosure, alteration, or destruction of data.

Protection Measures

We adopt strict safeguards to protect users' personal data, including:

• Encryption: All data transmissions between our systems and users are protected using industry-standard encryption (TLS) to secure information in transit.
• Access Controls: We implement restricted access policies, ensuring that only authorized individuals affiliated with Deep Reflection or contracted service providers have access to the information necessary to perform their duties.
• Audits and Monitoring: We conduct regular audits of our systems to identify vulnerabilities and continuously implement security updates and patches.
• Secure Storage: Data is stored on servers protected by robust firewalls and located in data centers that follow international security standards.

Limitations of Warranty

Although we strive to protect user information with the highest security standards, we recognize that no data transmission over the Internet or electronic storage is completely secure or error-free. Therefore, we cannot guarantee absolute protection against all threats, such as cyberattacks or security breaches.

User Responsibility

To complement our security measures, we ask users to also follow best practices, such as:

• Using strong and unique passwords to access the Services;
• Not sharing access credentials with third parties;
• Immediately notifying Deep Reflection in case of suspected misuse or unauthorized access.

Incident Notification

In the event of a security incident compromising personal information, Deep Reflection will:

1. Notify the National Data Protection Authority (ANPD), as required by the LGPD;
2. Inform affected data subjects, detailing the type of incident, potential impacts, and measures taken to mitigate the damage.

Ongoing Commitment

We are committed to regularly reviewing and improving our security policies and practices, keeping up with market best practices and regulatory updates.

If you have any questions or concerns regarding the security of your information on Deep Reflection, please contact us at security@deepreflection.com.

9. Data Retention

Deep Reflection follows data retention practices based on the principles of necessity, purpose, and transparency, as established by the LGPD (Law No. 13,709/2018). We retain your information for as long as necessary to fulfill the purposes described in this Policy, unless otherwise required by law.

9.1 Retention Period

The retention period varies according to the following factors:

• Purpose of Processing: We retain data for as long as it is necessary to provide the Services, including the creation and maintenance of Reflections, customer support, and other operational purposes.
• Legal Compliance: We retain information to fulfill legal, regulatory, or tax obligations, such as maintaining records for periods required by law.
• Dispute Resolution and Contractual Guarantees: We may retain information to resolve disputes, prevent fraud, or ensure compliance with our Terms of Service and other agreements.

After the applicable retention period ends, data may be:

1. Deleted: Permanently removed from our systems.
2. Anonymized: Transformed into data that cannot be linked to identifiable individuals, enabling use for analysis and continuous improvement of the Services.

9.2 Reflection Data and Creator Content

Content creators may request the deletion of videos and other materials integrated into Reflections. Once deleted, the related transcripts and metadata will be removed from Reflection training, as described in the Your Choices section of this Policy. These processes are carried out manually by the content creator.

9.3 Data Subject Rights

You may request the deletion of your personal data at any time, as permitted by the LGPD. However, certain information may be retained to:

• Fulfill legal obligations, such as financial or tax records;
• Protect our legitimate interests, such as fraud prevention;
• Ensure the security and integrity of our systems and services.

9.4 Deletion Notification

When possible, we will notify you about the deletion of your data and any associated impacts, such as the inability to continue using certain Services or features.

9.5 Storage and Deletion Security

All stored data follows strict security standards, including encryption and restricted access. During the deletion process, we ensure that information is securely and irreversibly removed, in accordance with best data protection practices.

If you have questions or wish to exercise your rights related to data retention or deletion, please contact us at support@deepreflection.com.

10. Links to Third-Party Sites and Services

Deep Reflection's Services may include links to third-party websites or services. These links are provided for your convenience and do not imply any endorsement, oversight, or guarantee regarding the content, policies, or practices of such third parties.

10.1 Disclaimer

Deep Reflection is not responsible for the content, policies, or privacy and security practices of third-party websites or services linked to our platform. Your interaction with such sites or services is entirely your responsibility, and we recommend that you proceed with caution when accessing them.

10.2 Data Collection and Use by Third Parties

When accessing third-party websites or services, the information you share will be subject to the privacy and security policies of those third parties, and not to Deep Reflection’s Privacy Policy. This includes the collection, use, and disclosure of personal data that may occur during your interaction with those services.

10.3 User Recommendations

To protect your privacy and security, we recommend that you:

• Carefully read the privacy policies of third-party websites or services before providing any personal information;
• Check whether the site or service uses reliable security practices, such as encryption and access controls;
• Be aware that Deep Reflection has no control over how these third parties handle your data.

10.4 Incident Reporting

If you identify any irregularities or inappropriate practices on a third-party website or service accessed through our platform, please contact us at support@deepreflection.com so we can assess the situation and take appropriate action, if applicable.

11. Changes to This Policy

Deep Reflection may update this Privacy Policy periodically to reflect changes in legislation, our data processing practices, or the features offered by the Services. The date of the last update will be indicated at the beginning of this Policy.

11.1 Communication of Changes

• Significant Changes: If we make material changes to this Policy, we will notify you with reasonable advance notice, as required by the General Data Protection Law (LGPD - Law No. 13,709/2018). This notice may be provided via email, website notice, or other appropriate means.
• Minor Changes: Minor or administrative adjustments will be communicated through updates to the Policy on the website, without the need for additional notifications.

11.2 Continued Use

By continuing to use the Services after an updated version of the Policy takes effect, you confirm that you have read, understood, and agreed to the new terms. If you do not agree with the changes, we recommend that you stop using the Services and contact us to address your concerns.

11.3 Review and Feedback

We encourage you to review this Policy regularly to stay informed about how we are protecting your information. If you have questions or comments about any changes made, please contact us at support@deepreflection.com.

11.4 Change Log

All changes made to this Policy will be documented and stored in accordance with legal requirements, ensuring transparency and the ability to consult previous versions.

13. Contact Us

If you have any questions, comments, or concerns regarding our Privacy Policy or the data processing practices carried out by Deep Reflection, please contact us through the following channels:

• Help Center: Visit our Help Center on the official Deep Reflection website to browse informative articles and access technical support.
• Support Email: Send your request or inquiry to support@deepreflection.com. Our support team is available to help and will respond as quickly as possible.

Compliance with the LGPD

For matters related to your rights under the General Data Protection Law (LGPD - Law No. 13,709/2018), including requests for access, correction, deletion, or portability of personal data, you may use the channels above. We are committed to responding to your requests in accordance with legal deadlines and requirements.

Contacting the Data Protection Officer

For specific questions about the processing of personal data or issues related to privacy and security, please contact our Data Protection Officer (DPO) directly at dpo@deepreflection.com.

Use of Google User Data

DeepReflection only accesses your Google user data (such as your email address and basic profile information) to authenticate your identity and personalize your experience. We do not share your Google user data with third parties. We do not store your data beyond the time required for session usage unless explicitly authorized by you.

Our use of Google user data complies with the Google API Services User Data Policy, including the Limited Use requirements.