Privacy Policy

zaiped is a free catalog that connects independent professionals with clients. We respect your privacy and are committed to protecting the personal data you entrust to us. This policy, aligned with Brazil's General Data Protection Law (LGPD, Law No. 13.709/2018), describes what information we process, how we use it, with whom we share it and what your rights are.

1. Data we collect

We process only the data needed to run the catalog and connect professionals and clients:

• Professional account data: name, email, password (stored encrypted) and preferred language, collected to create and authenticate your account.
• Public profile data: profession, headline, bio, photo, category and specialties, services (title, description and price), work history, education, location (state, city, postal code and service address), WhatsApp number, social links, accepted payment methods and availability. You provide this data voluntarily and, once the profile is published, it becomes public and visible to anyone on the internet, including indexable by search engines and AI assistants.
• Client data: when requesting an appointment, we collect the client's name, phone (optional) and an optional note. When leaving a recommendation, we collect the name, email, rating and review text.
• Technical and usage data: IP address, browser type, operating system and pages visited, used for security, abuse prevention and diagnostics.
• Visitor's approximate location: when you use the “near me” search, we read your device's coordinates, always with the permission granted to the browser. These coordinates are used only to rank results by proximity and are not stored.

2. How we use your data

We use the information we collect to:

• Publish and maintain the catalog and professional profiles.
• Authenticate professionals and send verification and password-recovery codes by email.
• Provide the catalog's semantic search, which involves generating vector representations (embeddings) of public profile content, and the optional import of a résumé from a LinkedIn PDF.
• Convert the provided address into coordinates (geocoding) to enable proximity search.
• Let the client contact the professional directly via WhatsApp. That conversation takes place between the parties; zaiped neither mediates nor stores its content.
• Send essential communications about the account, recommendation invites requested by the professional and operational notices.
• Ensure security, prevent fraud and abuse and comply with the law.

We do not sell your data and do not use it to train general-purpose AI models.

3. Legal basis for processing

Processing of your data relies on the legal bases set out in Article 7 of the LGPD:

• Performance of a contract and preliminary steps: to create your account and provide the catalog's services.
• Consent: by publishing your profile you authorize the public display of your data; consent also governs non-essential cookies.
• Legitimate interest: for security, abuse prevention and improving search and the overall experience.
• Compliance with a legal obligation: where required by law.

4. Who we share with

We do not sell your data. We share information only in the following situations:

• Processors and infrastructure providers: companies that process data on our behalf and are bound to protect it — Convex (database and backend), Cloudflare (hosting and rendering), Resend (email delivery), Bunny.net (image storage), OpenRouter/Google (embedding generation and LinkedIn PDF reading) and OpenStreetMap/ Nominatim and BrasilAPI (address and postal-code geocoding).
• The general public: the data you publish on your profile is accessible to any visitor and to search engines.
• Competent authorities: when required by law, court order or to protect rights, safety and integrity.
• In a corporate transaction: in a merger, acquisition or sale of assets, your data may be transferred to the legal successor, with the same protections.

5. International transfers

Some of the processors above handle data on servers located outside Brazil. In those cases, the transfer is made to countries that provide an adequate level of protection or under contractual safeguards that ensure standards equivalent to those required by the LGPD.

6. Data retention

We keep your data for as long as your account or profile exists and for as long as necessary to fulfill the purposes of this policy, meet legal obligations and resolve disputes. You can unpublish your profile at any time or request the deletion of your data, subject to retention required by law.

7. Security

We apply technical and organizational measures to protect your data against unauthorized access, loss, alteration or improper disclosure, including:

• Encryption in transit (TLS) and at rest.
• Authentication with an encrypted password and email-code verification.
• Rate limiting on sensitive public actions.
• Access controls and logical data isolation.

Even so, no system is completely free of risk.

8. Your rights

The LGPD grants you, as the data subject, several rights over your personal data, including:

• Confirm the existence of processing and access your data.
• Correct incomplete, inaccurate or outdated data.
• Request the anonymization, blocking or deletion of unnecessary data or data processed in non-compliance.
• Request the portability of your data.
• Withdraw consent and object to processing in certain circumstances.
• Be informed about whom your data has been shared with.

To exercise these rights, reach out through our support channels. We will respond within the time and manner set out by law.

9. Cookies and similar technologies

We use essential cookies and local storage to keep you authenticated and remember your preferences, such as language. Non-essential cookies (for example, usage measurement) are only used with your consent, which you can grant, refuse or adjust at any time through the cookie banner. You can also block cookies in your browser settings, but some features may stop working correctly.

10. Children and adolescents

zaiped is not directed at anyone under 18, and we do not intentionally collect data from children or adolescents. If we identify a minor's data in our systems, we will take steps to remove it.

11. Changes to this policy

We may update this Privacy Policy from time to time to reflect legal, operational or product changes. The latest version will always be available on this page, with the update date shown at the top.