CF
ClikFlow
Sign In Get Started
LGPD · Lei 13.709/2018

Privacy Policy

Last updated: May 21, 2026 Version 1.0 Controller: ClikFlow

This Privacy Policy describes how ClikFlow collects, uses, stores and protects personal data of platform users, in accordance with the Brazilian General Data Protection Law (LGPD — Law No. 13,709/2018) and other applicable regulations.

1 Who we are (Data Controller)

ClikFlow is a process mining platform that enables organisations to discover, analyse, and optimise their business processes from event log data.

Company ClikFlow
Email privacy@clikflow.com
DPO dpo@clikflow.com
2 Data we collect and why

We collect only the data necessary to deliver our services. The table below describes each category, its purpose, and the corresponding legal basis (LGPD, art. 7):

CategoryDataPurposeLegal basis
Account data Name, email address, password (hashed) Account creation and management; authentication Contract performance (art. 7, V)
Usage data IP address, browser type, pages visited, access timestamps Security, error diagnostics, service improvement Legitimate interest (art. 7, IX)
Uploaded files CSV/XES event logs submitted by the customer Processing the log for process analysis Contract performance (art. 7, V)
Billing data Invoicing information (processed by our payment gateway) Subscription and billing management Contract performance (art. 7, V)
Analytics cookies Anonymised session identifiers Traffic analysis and UX improvement Consent (art. 7, I)

Important: Event logs uploaded by customers may contain personal data belonging to third parties (e.g. employees, end customers). In those cases the customer is the Controller and ClikFlow acts as the Processor — see our Data Processing Agreement (DPA) for the contractual details.

3 Data sharing

ClikFlow does not sell personal data. We share data only in the following circumstances:

RecipientDataPurposeSafeguards
Cloud hosting provider Data stored on the platform Infrastructure and availability Data protection clauses in contract
Payment gateway Billing information Payment processing PCI-DSS compliant; we never store card data
Analytics tool Anonymised browsing data Usage analysis (consent only) Pseudonymisation; opt-out available
Competent authorities As required by legal order Compliance with legal obligations LGPD art. 7, II
4 Data retention
Data typeRetention period
Active account dataFor as long as the account remains active
Closed account data30 days after closure, then permanently deleted
Uploaded event log files2 hours in memory after analysis; saved investigations are kept until manually deleted
Access logs (system logs)6 months (Brazilian Internet Act requirement)
Billing records5 years (statutory fiscal obligation)
5 Your rights

Under LGPD art. 18, you have the following rights regarding your personal data:

  • Confirmation and access — confirm whether we process your data and obtain a copy.
  • Correction — request correction of incomplete, inaccurate or outdated data.
  • Anonymisation or blocking — where data is unnecessary or excessive.
  • Deletion — erase data processed on the basis of your consent.
  • Portability — receive your data in a structured format (CSV/JSON).
  • Consent withdrawal — at any time, without affecting prior lawful processing.
  • Objection — object to processing carried out on the basis of legitimate interest.
  • Sharing information — know which third parties your data has been shared with.
  • Review of automated decisions — where applicable.

To exercise your rights, visit our Data Subject Rights Portal or email privacy@clikflow.com. We will respond within 15 calendar days.

6 International data transfers

Data may occasionally be processed on servers located outside Brazil. In such cases we guarantee equivalent protection to the LGPD through:

  • Standard contractual clauses approved by the ANPD;
  • Transfers only to countries with an adequate level of protection recognised by the ANPD; or
  • The data subject's specific consent, where applicable.
7 Data security

We implement appropriate technical and organisational measures to protect personal data, including:

  • Encryption in transit (TLS 1.2+) and at rest (AES-256);
  • Role-based access control (RBAC) with multi-factor authentication;
  • Continuous monitoring and incident response;
  • Periodic vulnerability assessments.

See our Information Security Policy for full details.

8 Cookies

We use essential cookies for platform functionality and, with your consent, analytics and functional cookies. You can manage your preferences at any time via the cookie banner or by reading our Cookie Policy.

9 Minors

The ClikFlow platform is intended exclusively for users aged 18 or over and for authorised representatives of legal entities. We do not knowingly collect data from minors.

10 Changes to this policy

This policy may be updated periodically. For material changes, we will notify users by email or via an in-platform notice at least 15 days in advance. The latest version is always available on this page.

11 Contact and DPO

For questions, requests, or complaints related to personal data, please contact:

DPO Data Protection Officer — ClikFlow
Email dpo@clikflow.com
Privacy privacy@clikflow.com
ANPD www.gov.br/anpd

You may also file a complaint directly with the Autoridade Nacional de Proteção de Dados (ANPD).

Contents
  1. Data Controller
  2. Data we collect
  3. Data sharing
  4. Retention
  5. Your rights
  6. International transfers
  7. Security
  8. Cookies
  9. Minors
  10. Changes
  11. Contact and DPO
Data Subject Portal
CF
ClikFlow
© 2026 ClikFlow. All rights reserved.
Privacy Policy Cookie Policy Terms of Use Information Security DPA Data Subject Portal