Privacy policy

Updated on 2026-04-05

Reis Tecnologia Ltda (Company ID CNPJ: 30.101.677/0001-87) develops management systems and API integrations between ERPs and marketplaces, including SHEIN. This policy explains how we process personal data in compliance with the Brazilian LGPD and applicable GDPR principles.

1. Data collection and categories

We only collect and process personal data that is required to deliver contracted services and maintain secure integration operations.

  • Seller registration data: name, email, phone number, documents and account identifiers.
  • Transactional order data: order IDs, status, items, amounts and logistics information.
  • Access and operation logs: IP, timestamp, technical identifiers, audit trails and authentication events.

2. Purpose and legal basis

Data is used to perform contracts, provide technical support, reconcile orders, monitor integrations and comply with legal or regulatory obligations.

  • LGPD: contract performance, legal/regulatory obligation and legitimate interest, where applicable.
  • GDPR: performance of a contract, legal obligation and legitimate interests, where applicable.

3. Third-party API processing (SHEIN)

Within third-party API integrations, including SHEIN, Reis Tecnologia primarily acts as a Data Processor, processing personal data on behalf of and under instructions from the client acting as Data Controller.

  • We do not use personal data for unrelated internal purposes.
  • Data sharing occurs only with providers and partners required for technical operation, subject to contractual confidentiality clauses.
  • When international transfers are required, we adopt contractual safeguards and appropriate data protection measures.

4. Technical and organizational security

We implement technical and administrative controls proportionate to processing risks to prevent unauthorized access, loss, alteration or data leakage.

  • Encryption in transit through TLS/SSL for system and API communications.
  • Strict access control based on role segregation, least privilege and secure authentication.
  • Secure cloud storage with monitoring, backup and audit trail capabilities.

5. Data subject rights (LGPD Art. 18)

Data subjects may request all rights established under LGPD Art. 18, without prejudice to equivalent GDPR rights.

  • Confirmation of processing.
  • Access to personal data.
  • Correction of incomplete, inaccurate or outdated data.
  • Anonymization, blocking or deletion of unnecessary, excessive or non-compliant data.
  • Data portability, subject to ANPD regulation and trade/industrial secrecy safeguards.
  • Deletion of data processed under consent, where applicable.
  • Information about public and private entities with whom data was shared.
  • Information on the option to deny consent and the consequences of denial.
  • Withdrawal of consent, where consent is the legal basis.
  • Review of decisions based solely on automated processing, where applicable.

6. Data retention and disposal

We retain personal data only for as long as necessary to provide contracted services, deliver technical support, comply with legal obligations and protect legal rights in administrative, arbitration or judicial proceedings.

  • When retention is no longer required, data is deleted, anonymized or blocked as required by law.
  • Privacy requests can be submitted through the institutional channel available on the contact page.