Privacy Policy for Healthcare Professionals

SHORT VERSION

We've done our best to explain clearly and simply what personal data we need from you and what we will do with each piece of information. Therefore, we've separated below the most important points, which can also be read in full detail in the next section (Full Version).

Additionally, we are always available to answer any questions you may have via email contato@vigilantesdosono.com or at Rua dos Cariris, 90, Pinheiros District, ZIP Code 02254-020, São Paulo - SP.

1. How do we ensure the security of your data?

To ensure your security, your personal data is transferred in encrypted form and stored on cloud servers provided by Firebase (Google) and Heroku (Salesforce) - responsible for storage and security (we recommend you read about their privacy and security, as well as the Terms of Service of Firebase, and the Terms of Service and Privacy Policies of Heroku), whose access is restricted. Additionally, we use access controls, TLS 1.3 encryption, vulnerability scanning, certifications, backups, and a variety of security technologies and procedures to help protect User information. As a result, these companies gain access to your data, solely to store and protect it, as soon as you provide it to Vigilantes do Sono. If you have any issues with this, please do not continue using the platform.

2. How do we ensure the security and processing of your payment data?

For processing payment information, your data will be sent via API and transmitted through the independent platforms Pagar.me, Mercado Pago, Google Play, and App Store, which are the institutions responsible for payment processing. We do not have access to your banking data and use these third-party platforms so they can ensure security in financial transactions, as we would not be able to do so on our own.

3. What data do you need to provide when registering on the platform?

When Client Users register on the platform, we will ask for the following information: full name, photo, gender, email, phone.

We will also collect data from interaction, form filling, and message sending on our websites and applications (e.g., session and technique evaluations, sleep diary, use of taught techniques, sleep-related habits, and pre-existing medical conditions).

4. With whom do we share your personal data?

We will share your personal data with the companies referenced in these policies, partner companies, clients of our service so they can be monitored in the program by you, and internally only with people strictly necessary to enable the provision of our service, such as the Marketing and Technology team. Except in the cases mentioned, in cases of legal consent from the personal data holder and by court order or legal determination, we will not share your data with third parties.

5. Will your access records be collected?

When you access our platform, we collect your access records, that is, a set of information regarding the date and time of use of a particular internet application from a specific IP address. This information will be maintained by Vigilantes do Sono, under confidentiality, in a controlled and secure environment, for a minimum period of 06 (six) months, pursuant to Law No. 12.965/2014, and article 7, II, of Law No. 13.709/18.

6. Will personal data be collected indirectly (without filling out forms)?

Additionally, we collect your location and information indirectly via browsing and cookies to track IP address, page visited, browser type and/or version, operating system used, access time, for continuous analysis and optimization of our platform and content, as well as to offer the best platform usage experience.

7. Will communication records be stored?

We will store all conversations you have with us through our communication channels, as this will improve your service and make it more efficient. Without this history, you would probably have to repeat what you previously told us every time you used the platform. Additionally, we may store responses you have with our digital assistant, Sônia, to offer a program more personalized to your needs.

8. How will your data be processed?

All your data is processed for specific purposes and in accordance with the Personal Data Protection Law. All this information is described in a table, to facilitate your viewing, in our Privacy Policies.

9. What are your rights?

Even if you have already provided us with your personal data, you have the full right, at any time, to: confirm the existence of data processing; access your data; correct your data; anonymize data; block or delete unnecessary, excessive, or non-compliant data; request data portability to another provider; delete data, except those required by law; obtain information about with whom Vigilantes do Sono has shared data; obtain information about the possibility of not providing consent and the consequences of refusal; and withdraw your consent.

10. Can these conditions change?

Our Privacy Policy may change, but you can always access the most updated version on our platform. Additionally, if we need to take any action that requires your authorization by law, you will receive a notice beforehand so you can accept or refuse.

11. What are the contents of the Privacy Policies?

The following Privacy Policy is divided as follows to facilitate your access to information:

1. Text Availability Date;

2. Explanation of Technical Terms or Foreign Language Terms;

3. User Privacy and Third-Party Data Operators;

4. Data Collection;

5. Personal Data Processing;

6. Sharing of User Personal Data;

7. Platform Cancellation, Account Access, and Data Deletion;

8. Rights of the Personal Data Holder;

9. Security;

10. Changes to the Privacy Policy;

11. Data Protection Officer and General Provisions;

12. Contact.

FULL VERSION

Before accessing the Vigilantes do Sono platform, it is important that you read, understand, and freely, unequivocally, and informedly accept these Privacy Policies.

This Platform, named Vigilantes do Sono, is owned, maintained, and operated by VIGILANTES DO SONO - QUALIDADE DE VIDA E TECNOLOGIA LTDA, a private legal entity registered under CNPJ/ME No. 36.658.510/0001-06, headquartered at Av. Dr. Arnaldo, 2194 - Sumaré, São Paulo - SP, Brazil. ZIP: 01255-000.

This document aims to provide information about the collection, use, processing, and storage of data provided by Users and is in compliance with Law No. 12.965/2014 (Brazilian Civil Rights Framework for the Internet) and Law No. 13.709/18 (General Data Protection Law).

1. Text availability date

1.1. This version of this document was made available on: 08/12/2025.

2. Explanation of technical terms or foreign language terms

2.1. Below are the meanings of technical nomenclatures and terms in English:

• Controller: Natural or legal person, public or private, responsible for decisions regarding the processing of personal data;

• Cookies: Small text files stored on the user's computer that can be retrieved by the website that sent them during browsing. They are mainly used to identify and store information about visitors.

• Encryption: Set of principles and techniques for encoding writing, making it unintelligible to those who do not have access to the agreed conventions.

• Personal data: Information related to an identified or identifiable natural person;

• Sensitive personal data: Personal data regarding racial or ethnic origin, religious conviction, political opinion, membership in a union or religious, philosophical, or political organization, data related to health or sexual life, genetic or biometric data, when linked to a natural person;

• Data Protection Officer: Person appointed by the controller and operator to act as a communication channel between the controller, data subjects, and the National Data Protection Authority (ANPD).

• IP (or Internet Protocol): Unique identification for each computer connected to a network.

• Operator: Natural or legal person, public or private, that processes personal data on behalf of the controller;

• Data processing: Any operation performed with personal data, such as collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, filing, storage, deletion, evaluation or control of information, modification, communication, transfer, dissemination, or extraction.

  2.2. The types of Platform Users are:

• Client User: One who seeks the Platform to improve sleep quality through a sleep and habit monitoring program.

• Healthcare Professional User: One who recommends the Vigilantes do Sono Platform to the Client User, as well as monitors therapeutic treatment through the Platform.

• These Users, together, will be called simply Users.

3. User privacy and third-party data operators

3.1. Protecting your privacy is very important to us. Your data is transferred in encrypted form and stored on cloud servers provided by third-party companies Firebase and Heroku - responsible for storage and security, whose access is restricted. Additionally, we use access controls, TLS 1.3 encryption, vulnerability scanning, certifications, backups, and a variety of security technologies and procedures to help protect User information.

3.1.1. These companies are independent and have no relationship with this text. Therefore, we recommend that you also read the terms of use and privacy policies of these platforms and see if you agree with all provisions before using our services.

3.1.2. For processing payment information, your data will be sent via API and transmitted through the independent platforms Pagar.me Mercado Pago, Google Play, and App Store, which are the institutions responsible for payment processing. We do not have access to your banking data and use these third-party platforms so they can ensure security in financial transactions, as we would not be able to do so on our own. We also recommend that you read the Terms and Privacy of Pagar.me, Terms and Policies of Mercado Pago, Terms of Service and Privacy and Terms of Google Play, as well as the Privacy Policies of App Store before making payments.

3.2. The servers used by Vigilantes do Sono that are equipped with mechanisms capable of ensuring the security of your data are located outside Brazil and have the purpose of providing contracted services securely and effectively, pursuant to article 33, IX of Law No. 13.709/18.

3.3. All access records, a set of information regarding the date and time of use of a particular internet application from a specific IP address, will be maintained by VIGILANTES do Sono, under confidentiality, in a controlled and secure environment, for a minimum period of 06 (six) months, pursuant to Law No. 12.965/2014, and article 7, II, of Law No. 13.709/18.

3.4. The User must take responsibility and declare themselves exclusively responsible for all actions, as well as for all information and the veracity of content entered on the platform.

4. Data collection

4.1. Data provided by the Client User: full name, photo, gender, email, phone.

4.2. Usage Data: We will also collect data from interaction, form filling, and message sending on our websites and applications (e.g., session and technique evaluations, sleep diary, use of taught techniques, sleep-related habits, and pre-existing medical conditions). Additionally, in the sleep diary, we may collect information such as medication name, date taken, dose, and name.

4.3. Audio and Image Collection: The user may choose to provide images collected via the phone camera (one from the front of the face and one from the side of the face) and audio recorded by the phone microphone while sleeping (only if the user allows it). This information is used for snoring and apnea detection and improvement of these classifiers.

4.4. Information we collect indirectly: In addition to access records, we collect your location and information indirectly via browsing and cookies to track IP address, page visited, browser type and/or version, operating system used, access time, for continuous analysis and optimization of our platform and content, as well as to offer the best platform usage experience.

4.5. Contact history: Vigilantes do Sono stores information about all interactions already carried out between Users through the platform, such as email messages, phone contacts, online chat, and file uploads, as this will improve your service and make it more efficient. Without this history, you would probably have to repeat what you previously told us every time you used the platform.

4.5.1. Storage of Interactions with Sônia: Vigilantes do Sono stores some interactions you have with our digital assistant, Sônia, for its own operation and for the purpose of improving it. However, we do not store all interactions, only those considered relevant for these purposes.

5. Personal data processing

5.1. By accepting this privacy policy, the User understands that the platform processes their personal data, according to the information presented below:

Type of Personal Data	Legal Basis	Purpose
Name	a) Necessary for the execution of a contract or preliminary procedures related to a contract of which the data subject is a party, at the request of the data subject (Art. 7, V, Law No. 13.709/2018). b) Necessary for compliance with the legitimate interest of the controller (Art. 7, IX, Law No. 13.709/2018).	a) Enable User access to Platform Services. b) Used for service personalization, informing about changes to our terms, services, or policies.
Phone and email	a) Necessary for the execution of a contract or preliminary procedures related to a contract of which the data subject is a party, at the request of the data subject (Art. 7, V, Law No. 13.709/2018). b) Necessary for compliance with the legitimate interest of the controller (Art. 7, IX, Law No. 13.709/2018).	a) Means of communication between Vigilantes do Sono and the User. b) Used for marketing actions, program notifications and news, informing about changes to our terms, services, or policies.
Gender	Necessary for compliance with the legitimate interest of the controller (Art. 7, IX, Law No. 13.709/2018).	Used for service personalization.
Profile photo	Compliance with legal or regulatory obligation by the controller (Art. 7, II, Law No. 13.709/2018).	Used to validate and personalize Vigilantes do Sono services according to each User.
Location	Necessary for compliance with the legitimate interest of the controller. (Art. 7, IX, Law No. 13.709/2018).	Used for continuous analysis and optimization of our pages and content, improving your experience on our websites and applications, technical and operational support, and ensuring the functionality of our services.
Access records	Compliance with legal or regulatory obligation by the controller (Art. 7, II, Law No. 13.709/2018).	Compliance with article 15 of Law No. 12.965/2014, which imposes on Vigilantes do Sono the duty to maintain the respective internet application access records, under confidentiality, in a controlled and secure environment, for a period of 6 (six) months.
Face Images and Snoring Audio	a) Necessary for the execution of a contract or preliminary procedures related to a contract of which the data subject is a party, at the request of the data subject (Art. 7, V, Law No. 13.709/2018). b) Necessary for compliance with the legitimate interest of the controller (Art. 7, IX, Law No. 13.709/2018).	a) Collection of face images and snoring audio for apnea detection. b) Storage and processing of this information to improve the apnea detection model

6. User data sharing

6.1. Only people strictly necessary for providing the service, such as Customer Support and Partners, may have internal access to User information.

6.2. User data will be shared by Vigilantes do Sono with the following companies and for the following purposes:

6.2.1. AWS Amazon: since personal data is stored on their servers;

6.2.2. Heroku: since personal data is stored on their servers;

6.2.3. Pagar.me: since they may be responsible for payment processing;

6.2.4. Mercado Pago: since they may be responsible for payment processing;

6.2.5. Google Play: since they may be responsible for payment processing;

6.2.6. App Store: since they may be responsible for payment processing;

6.2.7. Once these companies have access to this data, they become responsible for the security, processing, and adequate sharing of this information, and cannot disclose it for other purposes, in non-compliance with current legislation or these Privacy Policies, under penalty of being liable for all punishments, especially those of a civil, criminal nature, and those applied by the National Data Protection Authority.

6.3. Except in the cases mentioned, in cases of legal consent from the personal data holder and by court order or legal determination, we will not share your data with third parties.

7. Platform cancellation, account access, and data deletion

7.1. Cancellation of access accounts by Vigilantes do Sono: Vigilantes do Sono may, at its sole discretion, block, restrict, disable, or prevent any User's access to the platform whenever inappropriate conduct is detected.

7.2. User service cancellation: To cancel services, the User must send an email to contato@vigilantesdosono.com or appear at Rua dos Cariris, 90, Pinheiros District, ZIP Code 02254-020, São Paulo - SP.

7.3. Data deletion: At the time of account cancellation, when the purpose of data processing ends, or upon request, the User will have all their data deleted immediately and permanently from the platform, except data whose maintenance is mandatory by law or regulation, data necessary for the regular exercise of rights in judicial, administrative, or arbitration proceedings, such as access records (a set of information regarding the date and time of use of a particular internet application from a specific IP address), which will be maintained, under confidentiality, in a controlled and secure environment, for a period of 6 (six) months, pursuant to Law No. 12.965/2014 and the legal basis of art. 7, II, of the General Data Protection Law.

8. Rights of the personal data holder

8.1. The personal data holder has the right to obtain from the controller, regarding the data processed by it, at any time and upon request:

8.1.1. Confirmation of the existence of data processing;

8.1.2. Access to data;

8.1.3. Correction of incomplete, inaccurate, or outdated data;

8.1.4. Anonymization, blocking, or deletion of unnecessary, excessive, or non-compliant data pursuant to Law 13.709/2018;

8.1.5. Data portability to another service or product provider, upon express request, in accordance with the regulation of the national authority, observing commercial and industrial secrets;

8.1.6. Deletion of data processed with the consent of the holder, except in the cases provided for in Law 13.709/2018;

8.1.7. Information about public and private entities with which the controller has shared data;

8.1.8. Information about the possibility of not providing consent and the consequences of refusal;

8.1.9. Revocation of consent.

9. Security

9.1. Vigilantes do Sono is committed to preserving the stability, security, and functionality of the platform through technical measures compatible with international standards and by encouraging the use of best practices. However, no service available on the internet has total guarantee against illegal invasions. In cases where unauthorized third parties illegally invade the system, Vigilantes do Sono will use its best efforts to find the responsible party for the illicit activity, but is not responsible for damages caused by them.

10. Changes to the privacy policy

10.1. Vigilantes do Sono may unilaterally add and/or modify any clause contained in these Privacy Policies. The updated version will be valid for the use of the platform from its publication. Continued access or use of the website after disclosure will confirm the validity of the new Privacy Policies by Users.

10.2. If the change made requires User consent, the option to freely, unequivocally, and informedly accept the new text or refuse it will be presented.

10.3. If the User does not agree with the change, they may not provide consent for specific acts or may terminate their relationship with Vigilantes do Sono entirely. This termination will not, however, exempt the User from complying with all obligations assumed under previous versions of the Privacy Policies.

11. Data protection officer and general provisions

11.1. Vigilantes do Sono appoints Mr. Guilherme Hashioka as the Data Protection Officer, with email address dpo@vigilantesdosono.com, pursuant to art. 41 of the General Data Protection Law, to receive complaints and communications from data subjects and the National Data Protection Authority, provide clarifications, and take measures.

11.2. Vigilantes do Sono has a specific text to regulate the license of use, rights, duties, warranties, and general provisions: the Terms of Use. All these documents are an inseparable part of these Privacy Policies.

12. Contact

12.1. Vigilantes do Sono makes available the following channels to receive all communications that Users wish to make: via email contato@vigilantesdosono.com or at the address: Rua dos Cariris, 90, Pinheiros District, ZIP Code 02254-020, São Paulo - SP.