Privacy Policy

Last updated: June 20, 2026 · Effective: June 20, 2026

1. Who we are

Januss is a data pipeline platform operated by Lazaros Soluções em Tecnologia Ltda. (CNPJ 32.678.893/0001-15), with registered address at Rua Matos Costa, 100, Casa 03 Sala 01, Passo Manso, Blumenau/SC, CEP 89046-320, Brazil ("Januss", "we", "us"). This Policy explains how we handle personal data and the rights you have over it. For privacy matters, contact us at privacy@januss.io.

2. Controller and processor roles

We act in two distinct roles:

• As a controller, for the personal data of our account holders and website visitors (e.g., name, email, billing and usage data) — we decide how and why it is processed.
• As a processor (operator), for the data that customers move through their pipelines using the platform. The customer is the controller of that data and decides its purposes; we process it only to provide the service, under the customer's instructions and the applicable Data Processing Agreement (DPA).

3. Personal data we collect

• Account data: name, email, password (hashed) or Google sign-in identifier, workspace and company details.
• Connection metadata: hostnames, credentials and configuration you provide to connect sources and destinations. Credentials are stored encrypted and used only to run your pipelines.
• Customer pipeline data: the records your pipelines extract, transform and load. We process this on your behalf and do not use it for our own purposes.
• Usage and technical data: log data, IP address, device/browser, execution metrics (rows, duration, success rate).

4. How we use data and legal bases

We process personal data to: provide and operate the service; authenticate and secure accounts; run, monitor and troubleshoot pipelines; bill and prevent fraud; communicate service notices; and comply with legal obligations. The legal bases (LGPD Art. 7 / GDPR Art. 6) include performance of a contract, legitimate interests, consent (where required), and compliance with legal obligations.

5. Sub-processors

We rely on a limited set of vendors to deliver the service, including:

• Oracle Cloud Infrastructure (OCI) — hosting and storage (region: São Paulo, Brazil).
• Cloudflare — CDN, DNS and edge security.
• Google — optional sign-in (OAuth) and Google Analytics (website usage analytics, loaded only after your consent).
• Amazon SES — transactional email delivery.
• Anthropic — AI assistance for the HTTP connector (processes API specs/auth configuration metadata; not your pipeline records).

An up-to-date list of sub-processors is available on request. Customers under a DPA are notified of material changes.

6. International transfers

Customer data is hosted in Brazil. Where personal data is transferred across borders (for example to a vendor or to serve customers in another region), we rely on an appropriate transfer mechanism — such as the EU-US Data Privacy Framework, Standard Contractual Clauses, or an adequacy decision — and apply additional safeguards as needed.

7. Data retention

We keep personal data only as long as necessary for the purposes above, for the life of the account, and as required to meet legal, tax or security obligations. Customer pipeline data is retained according to the customer's configuration and DPA, and deleted on termination subject to legal retention periods.

8. Security

We apply technical and organizational measures including encryption in transit (TLS) and at rest, per-workspace tenant isolation, access controls, and operational monitoring. No method of transmission or storage is fully secure; we work to protect your data and to notify you and the authorities of incidents as required by law.

9. Your rights

Subject to the LGPD (Art. 18) and the GDPR (Arts. 15–22), you may request: confirmation and access; correction; anonymization, blocking or deletion; portability; information about sharing; and to object to or restrict processing, or withdraw consent. To exercise these rights, contact privacy@januss.io. Where we act as a processor, requests are forwarded to the relevant controller (our customer).

10. Cookies

Our website uses strictly necessary cookies/local storage (e.g., to remember your language preference) and, with your consent, analytics cookies via Google Analytics to understand how the site is used. We do not use advertising cookies. You can accept or decline analytics in our cookie banner and control cookies through your browser settings.

11. Children

The service is intended for businesses and is not directed to children. We do not knowingly collect personal data from children.

12. Changes to this Policy

We may update this Policy from time to time. Material changes will be posted here with a revised "Last updated" date and, where appropriate, communicated to account holders.

13. Contact

Questions or requests: privacy@januss.io. Data Protection Officer / Encarregado (DPO): [to be appointed].