Privacy Policy

1. Who we are

Iora is the controller of personal data processed through the Iora platform. Contact: contato@iora.digital.

2. Data we collect

• Account data: name, email, password hash.
• Financial data you provide or import (transactions, accounts, cards).
• Usage data: pages viewed, actions taken, device and browser metadata.
• Billing data handled by Paddle (we never store full card numbers).

3. Purposes / how we use your data

We process your data to provide the Service, generate insights and forecasts, communicate with you, prevent fraud, and meet legal obligations.

4. Legal bases (LGPD/GDPR)

We rely on contract performance (to deliver the Service), legitimate interest (security, product improvement), legal obligation (tax, accounting) and consent where required.

5. Sharing

• Paddle.com — Merchant of Record and payment processor.
• Cloud infrastructure providers used to host the Service.
• Open-banking aggregators when you connect bank accounts.
• Authorities, when required by law.

6. Retention

We retain personal data while your account is active and for the period required by applicable law after deletion.

7. Your rights

Subject to applicable law (LGPD, GDPR), you may access, correct, delete, port or object to processing of your data. Contact contato@iora.digital to exercise these rights.

8. Security

We apply technical and organizational safeguards including encryption in transit, access controls and audit logging.

9. Cookies

We use cookies and similar technologies to keep you signed in and measure product usage.

10. Changes

We may update this policy. Material changes will be notified in advance.

11. Contact / DPO

Data Protection Officer (DPO): contato@iora.digital.