Privacy Policy

Privacy Policy — Foco ERP Sistemas

Last updated: 2026-02-26

Foco ERP Sistemas (“Foco ERP”, “we”, “us”) values your privacy and the protection of personal data. This Privacy Policy explains how we collect, use, store, share, and protect personal data when you use our websites, platforms, systems, applications, support channels, and services (“Services”), in accordance with the Brazilian General Data Protection Law (LGPD — Law No. 13,709/2018).

1) Who we are

Data Controller: Foco ERP Sistemas
Privacy contact (DPO / Data Protection Contact): suporte@focoerp.com.br
(Replace with your real contact email.)

2) Personal data we may collect

We may collect personal data depending on how you interact with our Services:

a) Identification and contact data

  • Name, email, phone/WhatsApp, job title, company, city/state.

b) Account and system usage data (when you are an ERP customer/user)

  • Login/user identifier, access permissions, activity records (logs), preferences, and operational history within the system.

c) Billing and contractual data

  • CPF/CNPJ (Brazilian tax IDs), legal name/company name, address, invoice-related data, and payment/billing information.

d) Technical data

  • IP address, access date/time, browser type, device information, cookies, and similar identifiers.

Note: Depending on the modules used by our customers (e.g., hotel, gym, retail), the processing may involve data of third parties (our customer’s end users). In those scenarios, Foco ERP typically acts as a Data Processor on behalf of the customer, as defined in the applicable agreement.

3) How we collect data

  • When you fill out forms (contact requests, demos, support).
  • When you subscribe to and use our Services.
  • Automatically through cookies and access logs.
  • When you contact our support team (messages, emails, tickets).

4) Why we use personal data (purposes)

We use personal data to:

  • Provide and operate our Services (ERP, support, improvements, security).
  • Create and manage user accounts and access credentials.
  • Respond to requests and provide technical support.
  • Comply with legal obligations (tax, accounting, regulatory).
  • Manage billing and payments.
  • Prevent fraud and security incidents and ensure platform integrity.
  • Communicate service updates, changes, and important notices.
  • Marketing and relationship communications where permitted and/or based on consent when required.

5) Legal bases (LGPD)

We process personal data based on one or more of the following legal grounds:

  • Contract performance and pre-contractual procedures.
  • Compliance with legal/regulatory obligations.
  • Legitimate interests, with appropriate assessments and safeguards.
  • Consent, when required (e.g., specific promotional communications).
  • Exercise of rights in legal/administrative proceedings.

6) Data sharing

We may share personal data only when necessary with:

  • Infrastructure and hosting providers (servers, cloud, backups).
  • Security providers (e.g., CDN/WAF, DDoS mitigation).
  • Support and communication tools (email, WhatsApp, chat, ticketing).
  • Partners and integrations requested by customers (e.g., payment/PIX, marketplaces, e-commerce, logistics, external APIs).
  • Public authorities, when required by law or legal order.

We do not sell personal data.

7) International transfers

Some service providers may process or store data outside Brazil. When this happens, we adopt measures to ensure appropriate protection, including contractual safeguards and security requirements in line with the LGPD.

8) Data retention

We retain personal data:

  • For as long as necessary to fulfill the purposes described in this Policy;
  • For the period required by law (e.g., tax/accounting obligations);
  • For the duration of the contractual relationship and/or to protect our legal rights.

After that, data may be deleted or anonymized when applicable.

9) Information security

We apply technical and organizational measures to protect personal data, such as:

  • Role-based access controls and authentication;
  • Encryption in transit (HTTPS/TLS);
  • Monitoring and activity logging;
  • Backups and recovery routines;
  • Internal policies and security best practices.

No system is completely secure. If a relevant security incident occurs, we will take appropriate response measures and communications as required by the LGPD.

10) Cookies and similar technologies

We may use cookies to:

  • Enable core site functionality and authentication;
  • Store preferences and improve user experience;
  • Measure performance and usage analytics.

You can manage cookies via your browser settings. Disabling cookies may limit some features.

11) Your rights as a data subject

Under the LGPD, you may request:

  • Confirmation of processing and access to your data;
  • Correction of inaccurate/incomplete data;
  • Anonymization, blocking, or deletion (when applicable);
  • Data portability (when applicable);
  • Information about data sharing;
  • Withdrawal of consent (when consent is the legal basis).

Contact channel: suporte@focoerp.com.br
We will respond within a reasonable timeframe and in accordance with legal requirements.

12) Children and teens

Our Services are intended for business use. We do not knowingly collect children’s personal data without appropriate legal basis. If you believe data was collected improperly, contact us so we can assess and take appropriate action.

13) When we act as a Data Processor

In many cases, Foco ERP acts as a Data Processor, processing data on behalf of the customer (Data Controller) under contract and documented instructions. In those cases, data subject requests may need to be directed to the responsible Data Controller.

14) Changes to this Policy

We may update this Policy to reflect improvements or legal requirements. The current version will be available through our official channels, including the “Last updated” date.

15) Contact

If you have questions about privacy and data protection:
Email: suporte@focoerp.com.br