ProbY Terms of Use, Privacy and Personal Data Protection Policy

Last updated: May 8, 2026
Version: 2.0

This Terms of Use, Privacy and Personal Data Protection Policy explains how ProbY collects, uses, stores, protects and shares personal data in the context of the digital platform available at https://proby.online and its related services.

ProbY is a collaborative digital platform focused on the registration, structuring, curation, analysis and connection between problems and solutions, supported by digital technologies, artificial intelligence and collaborative environments for individuals, companies, organizations and innovation ecosystems.

This Policy was prepared based on Law No. 13,709/2018, the Brazilian General Data Protection Law (LGPD), the Brazilian Civil Rights Framework for the Internet and best practices related to transparency, information security and data governance.

By creating an account, accessing or using ProbY, the user declares that they have read and understood this Policy. When applicable, certain services may also be subject to contracts, commercial proposals, specific terms or additional policies.

This Policy applies to the processing of personal data carried out by ProbY in relation to:

• users registered on the platform;
• visitors to the website and public ProbY pages;
• solvers, proposers, administrators and other community participants;
• representatives, employees and users linked to companies, organizations, public institutions, universities, third-sector entities, accelerators, hubs, communities and Enterprise clients;
• individuals who interact with ProbY through forms, communications, support channels, events, demonstrations, commercial prospecting or digital channels.

This Policy covers the use of the ProbY platform, including registration, login, profiles, marketplace, publication of problems and solutions, curation, attachments, documents, transcriptions, artificial intelligence features, payments, notifications, corporate environments and collaboration resources.

The entity responsible for the ProbY platform is PROBY GLOBAL - INOVA SIMPLES (I.S.), a legal entity registered under CNPJ No. 62.564.354/0001-16, headquartered at Rua Vinte de Setembro, No. 1240, Centro District, Bagé/RS, ZIP Code 96.400-050, email address global@proby.online and phone number +55 (53) 9 3618-0468.

For purposes of the LGPD, ProbY may act as a data controller or data processor depending on the context of the processing activity.

ProbY acts as a controller when it defines the purposes and means of processing personal data required to operate the platform, create accounts, authenticate users, process payments, maintain security, manage profiles, provide functionalities and comply with legal obligations.

ProbY may act as a processor when processing personal data on behalf of a company, organization or Enterprise client within a private or contracted environment, following documented instructions from such client, without prejudice to the security and compliance measures provided for in this Policy.

When a company, organization or Enterprise client invites users, manages access, defines internal purposes, registers problems, monitors solutions or uses the platform within its own environment, such organization may act as the controller of the data processed within its environment, according to its own decisions and legal obligations.

ProbY processes different categories of data according to the type of user, subscribed plan, functionalities used and information voluntarily provided on the platform.

3.1. Account, registration and authentication data

We may collect and process data such as:

• name;
• email address;
• phone number;
• password stored in a protected format, such as a hash;
• username;
• CPF, CNPJ or equivalent document, when necessary;
• nationality;
• job title, profession or professional title;
• profile photo;
• biography, professional description or personal presentation;
• professional links, website, portfolio or social media;
• authentication identifiers, including third-party login information such as Google ID;
• account preferences, language, plan and settings.

3.2. Company and organization data

When the user represents a company, organization or Enterprise client, we may process data such as:

• trade name;
• legal name;
• CNPJ or equivalent business document;
• corporate email address;
• corporate phone number;
• logo;
• institutional description;
• username or public organization identifier;
• website;
• headquarters city and country;
• data relating to administrators, representatives and users linked to the organization;
• plan, contract, permissions, access roles and corporate environment information.

3.3. Problem, solution and user-submitted content data

The platform allows users to register, publish, analyze, comment on, solve or monitor problems and solutions. In these cases, we may process:

• problem title and description;
• context, location, sector, category, impacts and causes provided;
• financial, operational, social, environmental, strategic or reputational impacts;
• information regarding proposed, accepted, rejected or pending solutions;
• comments, messages, justifications, interactions and activity history;
• status, stage, priority, risk, opportunity, metrics and associated metadata;
• data generated during curation, such as summaries, classifications, tags, hypotheses, patterns, causes, impacts, risks, opportunities, recommendations, semantic relationships and other enrichments produced by ProbY or artificial intelligence systems.

Users should avoid inserting excessive personal data, sensitive data, confidential third-party information, trade secrets, credentials, banking information, third-party personal documents or content they are not authorized to share.

3.4. Documents, attachments, images, audio files and transcriptions

ProbY may allow the submission or processing of files, documents, attachments, images, audio recordings, transcriptions and other supporting content. Such materials may contain personal data or sensitive information depending on the content submitted by the user.

When transcription, document analysis or AI-powered curation features are used, the content may be processed to generate text, summaries, classifications, information extraction, problem organization or support solution analysis.

Audio files used for transcription may be temporarily retained whenever technically feasible. As an internal best practice, ProbY may adopt a deletion period of up to 48 hours for temporary audio files, except when retention is necessary due to user request, legal obligation, security, auditing, evidence preservation or legitimate platform operation.

3.5. Payment and billing data

To subscribe to paid plans, issue charges, process payments or comply with tax and accounting obligations, we may process:

• payer or account holder name;
• CPF, CNPJ or equivalent document;
• billing email address and phone number;
• subscription, plan, billing history and payment status data;
• customer identifiers used by payment providers;
• the last four digits of the credit card, when provided by the payment processor;
• information required for invoices, receipts, billing statements or proof of payment.

ProbY does not store complete credit card numbers when payment processing is handled by specialized providers. Financial processing may be carried out by contracted third parties in accordance with their own policies and security standards.

3.6. Technical, log and usage data

When accessing the platform, we may collect technical and browsing data such as:

• IP address;
• access date and time;
• session identifiers;
• browser, device, operating system and language;
• pages accessed, events, clicks and interactions;
• authentication records, errors, security logs and relevant activities;
• cookies, similar technologies and analytics data;
• application performance, diagnostic and stability information.

Such data is used for security, fraud prevention, user experience improvement, auditing, technical support, legal compliance and platform enhancement.

ProbY may collect data in the following ways:

• directly from the user through registration, profile editing, forms, problem publication, solution submission, comments, document uploads, support interactions or plan subscriptions;
• through organization administrators or Enterprise clients who create, invite or manage users within corporate environments;
• through authorized integrations such as Google authentication or other login providers;
• through payment, billing, communication, hosting, security, analytics or support providers;
• automatically through cookies, logs, technical identifiers and platform usage records;
• through artificial intelligence systems, curation, transcription, classification, search, indexing, data enrichment and semantic analysis based on content provided by users or available within the platform environment.

ProbY may use personal data for the following purposes:

• creating, authenticating and managing user accounts;
• enabling login, access recovery and account security;
• operating the platform, its features, plans and environments;
• enabling the registration, curation, organization, publication, analysis and monitoring of problems;
• enabling the submission, evaluation, communication, acceptance, rejection and monitoring of solutions;
• displaying profiles, organizations, problems and solutions in public or private areas according to platform settings and rules;
• enabling the problems and solutions marketplace;
• performing matching, recommendations, classification, prioritization, search, indexing and connection between problems, solvers, organizations and opportunities;
• processing user-submitted documents, attachments, audio files and transcriptions;
• using artificial intelligence to support curation, structuring, summarization, analysis, translation, classification, information extraction, insight generation, pattern identification and experience improvement;
• sending operational notifications, transactional messages, security notices, account updates and communications necessary for the operation of the service;
• providing technical, commercial and institutional support;
• processing payments, subscriptions, billing, invoices, receipts and tax obligations;
• preventing fraud, abuse, misuse, unauthorized access and security incidents;
• complying with legal, regulatory, judicial, administrative and contractual obligations;
• carrying out statistical analysis, usage metrics, internal reports and service improvements;
• communicating news, content, events, research, opportunities, features or commercial information related to ProbY, respecting applicable opt-out or unsubscribe options.

ProbY processes personal data in accordance with the legal bases provided by the LGPD. Depending on the context, we may process data based on:

• contract performance or preliminary procedures when processing is necessary to create accounts, provide the platform, process plans, offer support or deliver contracted services;
• compliance with legal or regulatory obligations when records, tax documents, regulatory responses or legal compliance are required;
• legitimate interest when processing is necessary for security, fraud prevention, platform improvement, service-related communications, analytics, governance, protection of ProbY rights and proper marketplace operation, always respecting the rights and legitimate expectations of data subjects;
• consent when the LGPD requires specific user authorization, especially for certain communications, non-essential cookies or optional features;
• the regular exercise of rights in administrative, judicial or arbitration proceedings;
• credit protection when applicable to billing, payment or default prevention processes;
• protection of life or physical safety in exceptional situations involving significant risk to individuals;
• health protection if specific processing is necessary in a legally compatible context, always with reinforced caution.

Whenever sensitive personal data is processed, ProbY will adopt an appropriate legal basis, proportional security measures and purpose limitation.

As a general rule, ProbY does not request that users insert sensitive personal data into the platform. However, because the platform allows free-form descriptions of problems, solutions, attachments, audio files and documents, users may insert content that directly or indirectly contains data related to health, racial or ethnic origin, religious beliefs, political opinions, union membership, genetic data, biometric data, sexual life or other data protected under the LGPD.

Users are responsible for evaluating in advance the content they submit to the platform and must ensure they have authorization, legal basis or legitimacy to share personal, sensitive, strategic, confidential or third-party information.

ProbY may restrict, edit, anonymize, block, remove or reject content that presents legal risk, violates rights, contains excessive personal data, improperly exposes third parties, includes unlawful, discriminatory, offensive or confidential content or is incompatible with the platform's purpose.

ProbY uses artificial intelligence resources to support platform operation and improve user experience. Such resources may include:

• structuring and enrichment of problems;
• generation of summaries and analyses;
• identification of causes, impacts, risks and opportunities;
• classification by theme, sector, location, priority or category;
• recommendation of connections between problems, solutions and solvers;
• semantic search, embeddings and vector indexing;
• audio transcription;
• translation, textual organization and curation support;
• detection of patterns, duplicates, inconsistencies or incomplete information.

Results generated by artificial intelligence are support resources and may require human validation. ProbY does not guarantee that all AI-generated outputs will be free from errors, omissions, bias, inaccuracies or improper interpretations.

ProbY may review, moderate, adjust or supplement AI-generated content for quality, security, clarity and compliance purposes. Users must review relevant information before making decisions based on analyses, recommendations or content generated by the platform.

ProbY does not use exclusively automated decisions that produce relevant legal effects or significantly affect the interests of the data subject without adequate transparency and the possibility of review, when applicable.

ProbY includes public, collaborative and private functionalities. Data visibility depends on the type of environment, plan, settings and actions performed by the user.

9.1. Public profiles

Certain profile information may be publicly displayed or shared with other platform users, such as name, username, photo, job title, bio, professional links, linked organization, plan badge and public participation history, when applicable.

Passwords, documents, financial data, email addresses, phone numbers and billing information are not publicly displayed by ProbY unless the user voluntarily inserts such information into public fields, descriptions, documents, comments or attachments.

9.2. Problems and solutions in the marketplace

Problems, solutions and content published in open areas or within the marketplace may be viewed by other users, visitors or community participants according to the rules of the applicable functionality.

By publishing content in public areas, users understand that such content may be accessed, read, internally indexed, analyzed, shared within the platform and used to enable solution matching, curation, marketplace connections and marketplace evolution.

ProbY may limit the public display of certain data, apply moderation, anonymize excerpts, restrict sensitive information or alter content visibility whenever there is legal risk, violation of this Policy, data subject request, legal obligation or the need to protect third parties.

9.3. Enterprise and private environments

Within Enterprise or private environments, problems, solutions, attachments, interactions and organizational data are, by default, restricted to authorized users within that environment according to permissions defined by the contracting organization.

Enterprise environment administrators may view, manage, export, moderate or configure data and users linked to the organization according to the applicable contract and permissions.

When using ProbY, users agree to:

• provide truthful, updated information compatible with the platform's purpose;
• maintain the confidentiality of their access credentials;
• use the platform lawfully, ethically and in compliance with applicable laws;
• not publish unlawful, discriminatory, offensive, defamatory, misleading, violent, abusive or rights-violating content;
• not insert personal data, sensitive data, documents or third-party information without proper authorization or legal basis;
• not publish trade secrets, credentials, banking information, confidential documents or strategic information without first assessing exposure risks;
• respect intellectual property, confidentiality, data protection, security and good-faith rules;
• review AI-generated or AI-assisted content before using it in relevant decisions;
• comply with specific rules applicable to corporate environments, challenges, calls, programs, contracts or platform functionalities.

ProbY may suspend, restrict or remove accounts, content or access in cases of Policy violations, security risks, misuse, fraud, legal violations or orders from competent authorities.

ProbY does not sell users' personal data.

We may share personal data only when necessary and in a manner compatible with this Policy, including with:

• hosting, infrastructure, storage, database, security, monitoring and technical processing providers;
• artificial intelligence, embeddings, search, transcription, translation, content analysis or automation providers;
• payment, billing, anti-fraud, tax issuance, accounting and financial management providers;
• communication, email, notification, support, CRM, customer service and relationship management tools;
• analytics, performance, metrics and user experience improvement providers, when applicable;
• companies, organizations or Enterprise clients responsible for private environments in which the user participates;
• other users or visitors when the user publishes content in public areas or the marketplace;
• public authorities, regulators, judicial, administrative or law enforcement authorities when required by legal obligation, valid order or rights defense;
• third parties involved in corporate reorganizations, mergers, acquisitions, investments, asset sales or similar transactions, subject to confidentiality and continuity safeguards.

Whenever possible, ProbY uses providers that adopt practices compatible with information security, data protection and confidentiality.

ProbY may use technology, cloud, artificial intelligence, authentication, database, payment, communication or analytics providers located outside Brazil or that process data in other countries.

Whenever international transfers of personal data occur, ProbY will adopt measures compatible with the LGPD, including supplier evaluations, contractual clauses, security standards, access restrictions, data minimization and other legally appropriate mechanisms.

ProbY will retain personal data for as long as necessary to fulfill the purposes described in this Policy, perform contracts, operate the platform, preserve records, comply with legal obligations, resolve disputes, prevent fraud, conduct audits, protect rights and respond to data subject requests.

Retention periods may vary according to the category of data and processing context. In general:

• account and profile data are retained while the account remains active or as long as necessary to provide the service;
• authentication, security and log data may be retained for the minimum legal retention period and for additional periods necessary for fraud prevention, security, auditing or rights defense;
• payment, billing and tax-related data may be retained for periods required under tax, accounting, consumer protection and regulatory laws;
• problems, solutions, curation records, attachments and interactions may be retained while linked to the platform purpose, environment, contract, marketplace history, activity traceability or community integrity preservation;
• public or collaborative content may be retained in anonymized, aggregated or de-identified form whenever necessary to preserve history, integrity, statistics, governance, traceability or platform continuity;
• temporary files such as audio files used for transcription may be deleted within shorter periods whenever technically feasible and legally appropriate;
• backups may retain data for limited periods until replacement or secure deletion according to technical security cycles.

When data is no longer necessary, ProbY may delete, anonymize or retain it only in circumstances permitted by the LGPD.

Users may request account deletion through channels available on the platform or through the contact channels indicated in this Policy.

Account deletion may result in the removal or deactivation of profile data, credentials and personal information linked to the user. However, certain data may be retained whenever required by legal obligation, security, fraud prevention, billing, auditing, rights defense, contractual compliance or preservation of public and collaborative content in anonymized or de-identified form.

Within Enterprise environments, certain requests may depend on the contracting organization, especially when data is linked to activities, records, problems, solutions, projects or internal obligations within the corporate environment.

Under the LGPD, data subjects may request, when applicable:

• confirmation of the existence of processing;
• access to personal data;
• correction of incomplete, inaccurate or outdated data;
• anonymization, blocking or deletion of unnecessary, excessive or unlawfully processed data;
• data portability, subject to applicable regulations;
• information regarding public and private entities with which ProbY shared data;
• information regarding the possibility of denying consent and the consequences of such denial;
• withdrawal of consent;
• objection to processing carried out under consent waiver hypotheses whenever there is non-compliance with the LGPD;
• review of decisions based solely on automated processing of personal data, when applicable;
• deletion of personal data processed based on consent, subject to legal exceptions;
• filing complaints with the Brazilian National Data Protection Authority.

To protect users' security and privacy, ProbY may request additional information to confirm the identity of the requester before responding to a request.

ProbY will respond to requests within applicable legal deadlines considering the nature of the request, technical complexity and any retention obligations.

ProbY may use cookies, pixels, identifiers, local storage and similar technologies to:

• keep user sessions active;
• authenticate access and protect accounts;
• remember preferences and settings;
• measure platform performance, stability and usage;
• understand interactions, flows and functionalities used;
• improve user experience;
• support communications, campaigns or analytics, when applicable.

Cookies may be classified as:

• necessary, when essential for operation, authentication, security and navigation;
• functional, when they allow preferences to be remembered and improve user experience;
• analytical or performance-related, when they help understand platform usage and improve services;
• advertising or marketing-related, when used to measure campaigns or personalize communications, when applicable.

Users may manage cookies through browser settings or consent mechanisms provided by ProbY. Disabling necessary cookies may impair platform functionality.

ProbY adopts technical and organizational measures to protect personal data against unauthorized access, loss, alteration, destruction, improper disclosure or inappropriate processing.

Depending on the context, such measures may include:

• access control by user, profile and permission;
• authentication and session management;
• password storage in protected format;
• encryption in transit and, when applicable, at rest;
• segregation of environments and permissions for Enterprise clients;
• monitoring, logging and auditing of relevant activities;
• backups and continuity routines;
• secure development practices;
• supplier and integration reviews;
• internal confidentiality policies and access restrictions;
• incident prevention, detection and response measures.

Despite security efforts, no digital system is entirely immune to risks. Users must also protect their credentials, use strong passwords, avoid sharing access and immediately report any suspected misuse of their account.

In the event of a security incident that may result in significant risk or damage to data subjects, ProbY will assess the event, adopt containment and mitigation measures and make the required communications to data subjects and the Brazilian National Data Protection Authority whenever required by applicable law.

Such communications may include, depending on the case, descriptions of the nature of the affected data, involved data subjects, related risks, adopted technical and security measures and guidance for damage mitigation.

ProbY is primarily intended for professional users, companies, organizations, institutions and participants in innovation environments. The platform is not directed at children.

Use by teenagers may occur only when compatible with the platform's purpose, supported by an appropriate legal basis and, when required, authorized by legal guardians or the institution responsible for the usage environment.

If ProbY identifies inappropriate processing of children's or teenagers' data, it may remove data, restrict accounts or request additional information for compliance purposes.

ProbY may send communications related to accounts, security, support, functionalities, policy changes, operational updates, billing, plans, opportunities, content and events related to the platform.

Strictly operational or service-related communications may be sent regardless of specific consent. Promotional communications, newsletters or campaigns may include unsubscribe mechanisms when applicable.

The platform may contain links to websites, tools, content, communities, documents, social media, payment platforms, authentication providers or third-party services.

ProbY does not control the privacy practices of such third parties. Users should review the respective privacy policies, terms and settings before using external services.

ProbY may update this Policy at any time to reflect changes to the platform, legislation, regulatory decisions, security practices, suppliers, functionalities, business models or internal processes.

Whenever relevant changes are made, ProbY may notify users through the platform, email, website notices or other appropriate channels.

Continued use of the platform after publication of a new version indicates acknowledgment of the updated Policy, without prejudice to rights guaranteed under the LGPD.

For questions, requests, exercise of data subject rights or matters related to privacy and personal data protection, contact ProbY:

Controller: PROBY GLOBAL - INOVA SIMPLES (I.S.)
CNPJ: 62.564.354/0001-16
Address: Rua Vinte de Setembro, No. 1240, Room 301, Centro District, Bagé/RS, ZIP Code 96.400-050
Email: global@proby.online
Phone: +55 53 9 3618-0468
Website: https://proby.online

ProbY may provide a specific privacy channel, data protection officer or dedicated form for LGPD requests. If such a specific channel is created, it should be prioritized for communications related to personal data protection.

This Policy shall be interpreted in accordance with the LGPD, the Brazilian Civil Rights Framework for the Internet, the Consumer Protection Code, regulations issued by the Brazilian National Data Protection Authority and other applicable laws.

If any provision of this Policy is deemed invalid or unenforceable, the remaining provisions shall remain in full force and effect.

This Policy replaces previous versions of the ProbY Privacy Policy, Data Usage Policy and Terms of Use, especially the version updated on June 21, 2025.

ProbY®
Smart Platform for Global Problems
https://proby.online