Privacy Policy
AENVO (Portugal)
Last updated: 11/12/2025
1 Introduction
Aenvo Natural Interaction Lda. ("AENVO") values privacy and is committed to protecting personal data in compliance with the GDPR (Regulation (EU) 2016/679) and Law no. 58/2019 (GDPR Execution Law). This Policy describes in detail how we collect, use, store, protect, and share personal data within the scope of our website, applications, APIs, services, and Artificial Intelligence models ("Services").
2 Who we are and contacts
Data Controller: Aenvo Natural Interaction Lda. ("AENVO").
Contact Email: privacy@aenvo.ai
Data Protection Officer (DPO): Ana Fazendeiro (privacy@aenvo.ai).
Competent Supervisory Authority: Comissão Nacional de Proteção de Dados (CNPD).
3 Scope and definitions
This Policy applies to the personal data of customers, end-users, visitors, candidates, partners, and suppliers interacting with our Services.
- 'Personal Data': means any information relating to an identified or identifiable natural person.
- 'Processing': means any operation performed on personal data.
- 'Processor': means an entity that processes personal data on behalf of AENVO.
4 Categories of collected data
(a) Account and billing data
Name, email, credentials, address, VAT ID (NIF), payment details.
(b) Technical data
IP address, device identifiers, browser type, timestamps, visited pages, events, cookies, and similar technologies.
(c) Input content and files
Prompts, documents, images, audio, and other materials submitted; and outputs generated by the models.
(d) Support and communications
Tickets, emails, consented recordings, surveys.
(e) Recruitment data
CV, experience, references.
5 Purposes and legal bases
Provision of Services and contract execution; account management and billing; security and abuse prevention (legitimate interest); improvement and development (legitimate interest balanced with privacy); compliance with legal obligations; marketing and communications with explicit consent; recruitment and application management (pre-contractual measures).
6 Model training and data use for AI
By default, AENVO does not use Customers' Personal Data to train general models without an appropriate legal basis or explicit consent. We provide "opt-out" controls and data segregation, and make dedicated environments available when necessary. Publicly available data may be used in accordance with applicable law and minimisation principles; however, we do not associate customers' private content with general models without authorisation.
7 Automated decisions and profiling
Some Services employ automated decisions and profiling (e.g., fraud detection or content classification). When required, we provide meaningful information about the logic involved, the envisaged consequences, and the right to request human intervention, express one's point of view, and contest the decision.
8 Retention and deletion
We retain data only for the necessary period: account data whilst the account is active; typical operational logs up to [30] days; billing data according to legal deadlines; support data for [12] months; we delete or anonymise data when it is no longer needed, unless there is a legal obligation.
9 Recipients and international transfers
We share data with strictly necessary Processors (cloud, email, monitoring, analytics) under Data Processing Agreements (DPA). For transfers outside the EEA, we adopt appropriate safeguards such as Standard Contractual Clauses (SCCs) and transfer impact assessments.
10 Sub-processors
We publish a list of Sub-processors (Google Cloud — hosting, Titan — email, Google Analytics — analytics) with purpose, legal basis, and retention periods; we update it periodically and notify of relevant changes when required by contract.
11 Data subject rights
Right of access, rectification, erasure, restriction, portability, and objection; right to withdraw consent; right to complain to the CNPD. To exercise these rights, contact privacy@aenvo.ai. We respond within 30 days, barring complexity.
12 Information security
We apply encryption in transit (TLS 1.2+) and at rest (AES-256), RBAC, MFA, environment segregation, logging and auditing, penetration testing, vulnerability management, backups and DR, incident response, and responsible vulnerability disclosure.
13 Cookies and similar technologies
We use essential, functional, analytical, and advertising cookies. Analytical and advertising cookies depend on consent. The user can manage preferences in the consent banner and via the 'Manage Cookies' link. Consult the Cookie Policy for details.
14 Children
The Services are not intended for minors under 18 years of age. We do not knowingly collect data from children; if you identify improper collection, please contact us for removal.
15 Changes to this Policy
We may update this Policy to reflect practices or legal requirements. We will publish the update date and, when material, notify customers.
16 Contacts and complaints
Contact privacy@aenvo.ai; supervisory authority: CNPD (www.cnpd.pt).