7T
Hire In Brazil
by CPSM Tech
  • Home
  • About
  • Contact
LoginJoin Network
Join Network

Hire In Brazil

Connecting companies with elite Brazilian developers via Employer of Record for successful project outcomes.

Solutions

  • Staff Augmentation
  • Tech Synergy
  • Technical Leadership

Company

  • Home
  • About
  • Contact

Resources

  • Talent
  • Browse Jobs
  • Insights

© 2026 Hire In Brazil — CPSM Tech. All rights reserved.

Privacy PolicyTerms of ServiceCookie PolicyAcceptable Use

Privacy Policy

Last updated: 2026-07-07

This Privacy Policy describes how CRISTIANO PEREIRA DA SILVA MUNIZ, LLC, a Delaware limited liability company doing business as "HireInBrazil" ("HireInBrazil", "we", "us"), collects, uses, shares, and protects Personal Data when you use our software platform (the "Platform").

This policy is authored and maintained in English. If you view a translated version, including through the site's translation feature, the English version controls.

We are bound by the Brazilian Lei Geral de Proteção de Dados (LGPD, Law No. 13.709/2018) and by U.S. state privacy laws including the California Consumer Privacy Act/CPRA. For European Economic Area visitors, we honor GDPR rights on a voluntary best-effort basis (we do not actively target the EEA).

1. Who we are

Controller (LGPD Controlador / GDPR Controller / CCPA Business):

CRISTIANO PEREIRA DA SILVA MUNIZ, LLC (dba HireInBrazil), a Delaware limited liability company, with registered address 1111B S Governors Ave STE 48391, Dover, DE 19904, United States, and operating email privacy@hireinbrazil.com.

For Brazilian data subjects: inquiries relating to your LGPD rights or to the ANPD may be sent to privacy@hireinbrazil.com, our designated channel for data-protection communications.

2. What data we collect

2.1 Tenant account data

  • Company legal name, jurisdiction, registered address, billing address;
  • Authorized representative name, work email, role;
  • Payment method tokens (we do not store full card numbers — they live with Stripe);
  • Tax identifiers (EIN for US Tenants);
  • All data Tenant uploads to the Platform (job descriptions, contractor invitations, expense receipts, etc.).

2.2 Brazilian Contractor data

  • Full name, CNPJ, residential address, registered PJ address;
  • Bank account details (for payouts);
  • Tax forms (W-8BEN, NFS-e records);
  • ID document scans (RG / CNH / passport during onboarding);
  • All data the Contractor submits to the Platform (skills, experience, signed contracts, time entries, expense receipts, leave requests).

2.3 Pre-engagement Talent data

  • Full name, primary email, location, time zone;
  • LinkedIn URL, portfolio URL, GitHub URL (optional);
  • Experience snapshot, skills, hourly rate, English level (collected via the 15-min interview flow);
  • Interview transcript and AI-derived embeddings;
  • Any other data the Talent submits voluntarily.

2.4 Marketing-visitor data

  • IP address (transient, kept only for rate-limiting and security per Arcjet);
  • Browser metadata (User-Agent, language);
  • Cookie identifiers (see Section 7);
  • Form submissions (e.g., lead-inquiry form).

2.5 Operational data we generate

  • Audit logs (platform.platform_audit_log) — captures every action by HireInBrazil staff;
  • Application error captures (platform.app_errors) — message + digest; PII is redacted via lib/observability/logger.ts;
  • Webhook deliveries, email outbox events, API token usage.

3. How we use Personal Data

We process Personal Data for these purposes (per LGPD Art. 6 + 7 and CCPA business purposes):

  • Contract performance: operate the Platform, facilitate engagements, process payments;
  • Legal obligation: tax reporting, OFAC screening, AML, recordkeeping;
  • Legitimate interest: security, fraud prevention, Platform improvement;
  • Consent: for any processing outside the above bases (e.g., marketing emails to former leads).

We do not sell Personal Data. We do not "share" Personal Data for cross-context behavioral advertising (CCPA-defined).

4. With whom we share Personal Data

We share Personal Data only with:

  • Sub-processors listed in Annex A of our Data Processing Agreement, under written DPAs that bind them to LGPD-equivalent protections;
  • Tenants who have engaged a particular Contractor — limited to the data needed for that engagement;
  • The Contractor themselves — Tenant Personal Data shared with the Contractor as necessary to perform Services;
  • Tax authorities — IRS in the US (e.g., 1099-NEC year-end filings if applicable), Brazilian municipal SEFAZ for NFS-e mediation;
  • Law enforcement — only on valid legal process, and we challenge overbroad requests;
  • Successor entity — in the event of a merger, acquisition, or asset sale, with notice to affected Data Subjects.

We do not share Personal Data with advertisers, data brokers, or any third party for commercial-marketing purposes.

5. Where we store Personal Data

Detailed data-localization map is in DPA Annex A. Summary:

Data classPrimary storage location
Brazilian Talent + Contractor PIISão Paulo, Brazil (Floci S3, KVM 4)
Talent + Worker embeddings (prd)São Paulo, Brazil (Qdrant on KVM 4)
Talent + Worker embeddings (dev)us-east-1 (Qdrant Cloud free tier) — no real Personal Data
Tenant company data + billingus-east-1 (Neon Postgres)
Application logsus-east-1 (Vercel)

6. How long we retain Personal Data

Our Retention Policy holds the full schedule. Summary:

Data classRetention period
Tenant company data + signed contracts7 years from end of relationship (US tax recordkeeping)
Contractor PJ data + signed ICAs + NFS-e records5 years from termination (Brazilian civil + tax statute of limitations)
Payroll + payout history7 years (US tax / SOC 2)
Talent profiles (unhired, no activity)24 months from last interaction, then auto-purged
Audit logs7 years (SOC 2 baseline)
Email outbox90 days
API token use audit1 year
Application telemetry / logs90 days

Beyond these periods, we delete or de-identify Personal Data unless we have specific consent or a legal obligation to retain longer.

7. Cookies

We use cookies and similar technologies. Details are on the Platform's cookies page. We use:

  • Strictly necessary cookies (no consent needed): session authentication (NextAuth), CSRF protection, language preference;
  • Functional cookies (consent banner): UI preferences;
  • Analytics cookies (consent banner): aggregated usage metrics — we do not use ad-tech cookies.

8. Your rights

Depending on where you are, you have some or all of these rights:

Under LGPD (Brazilian Data Subjects)

  • Access (Art. 18-II)
  • Rectification (Art. 18-III)
  • Anonymization, blocking, or deletion of unnecessary, excessive, or non-compliant data (Art. 18-IV)
  • Portability (Art. 18-V)
  • Deletion of consented data (Art. 18-VI)
  • Information about sharing (Art. 18-VII)
  • Information about consequences of denial (Art. 18-VIII)
  • Revocation of consent (Art. 18-IX)

We respond within 15 days of a verifiable request — that's our LGPD Art. 18 SLA.

Under CCPA/CPRA (California Residents)

  • Right to know
  • Right to delete
  • Right to correct
  • Right to opt out of "sale" / "sharing" (we don't do either, but the opt-out is moot here)
  • Right to limit use of Sensitive Personal Information
  • Right to non-discrimination

We respond within 45 days (CCPA SLA), with extension permitted to 90 days.

Under GDPR (EEA Visitors, voluntary)

  • Same rights as LGPD with minor differences in scope and timing.

How to exercise rights

  • Self-service: in-Platform delete functions where available.
  • Email: privacy@hireinbrazil.com.
  • Postal: CRISTIANO PEREIRA DA SILVA MUNIZ, LLC (dba HireInBrazil), 1111B S Governors Ave STE 48391, Dover, DE 19904, United States.

We may ask you to verify identity before processing requests for Personal Data.

9. Security

We protect Personal Data with:

  • TLS 1.2+ encryption in transit;
  • AES-256 encryption at rest;
  • Postgres Row-Level Security per-tenant isolation;
  • Multi-factor authentication for platform admins;
  • Audit logging of all data access;
  • Annual penetration tests (target Q4 each year);
  • Documented incident-response runbook;
  • Target: SOC 2 Type II by year +2.

No system is perfectly secure. If we detect a Personal Data breach affecting you, we'll notify you within 72 hours unless law enforcement requires delay.

10. Children

The Platform is not directed at children under 18 (LGPD Art. 14 / COPPA / GDPR Art. 8 thresholds). We do not knowingly collect Personal Data from minors. If you believe we have, contact privacy@hireinbrazil.com and we will delete it.

11. International transfers

When we move Personal Data across borders, we use the legal mechanisms in DPA Section 6. For Brazilian Data Subjects: data is primarily stored in Brazil; the limited operational metadata transiting to US-based services is covered by LGPD Art. 33-IV (contract performance).

12. Changes to this policy

We may update this Privacy Policy. When we do, we will:

  • post the new version with an updated Last updated date;
  • bump the version number;
  • notify Tenant authorized representatives by email of material changes;
  • present a clickwrap re-acceptance to all signed-in users for material changes.

Continued use after the effective date constitutes acceptance.

13. Contact

Privacy questions / Data Subject requests: privacy@hireinbrazil.com Brazilian data-protection (ANPD) inquiries: privacy@hireinbrazil.com Postal: CRISTIANO PEREIRA DA SILVA MUNIZ, LLC (dba HireInBrazil), 1111B S Governors Ave STE 48391, Dover, DE 19904, United States