Privacy policy

We are QI Tech, a technology company for financial services that operates end-to-end in the credit journey. We are hired by companies across different economic sectors ("Partners") to support them in offering financial services to their customers ("End Clients").

This Notice applies to data processing within the scope of services provided by QI Tech and targets our Partners and their representatives, their End Clients, and any individuals with whom QI Tech maintains a relationship during the execution of our services.

We emphasize that, as a rule, we process personal data of End Clients in the context of services provided to our Partners. Thus, we process personal data of data subjects that are collected and entered into our systems by those who contract our services, to enable the offering of financial products to the market.

It is important to note that QI Tech has no interference or responsibility regarding the privacy and data protection practices of our Partners.

To enable the provision of our services and comply with applicable legal and regulatory requirements, we may process certain personal data. Below, you will find details of the data we may process for each of our services.

In this service, we primarily process data of End Clients.

• Identification and contact data, such as full name, email, phone number, CPF (Brazilian tax ID), address, PEP status, among others.
• Data related to credit history, such as credit situation data (SCR – BACEN), credit score, presumed income, among others.
• Biometric data: facial recognition through photo analysis.
• Geolocation data: identification data and geographic position of electronic devices used, such as IMEI, vendor ID, and software build.

In this service, we primarily process data of legal representatives or attorneys, quotaholders, assignors, service providers, and fund managers.

• Identification and contact data, such as full name, CPF, gender, marital status, nationality, identity document, education level, cell phone, complete address, email, among others.
• Professional data, such as employer name, academic background, professional occupation.
• Financial data, such as bank account information and asset situation data.
• Data about company ownership, such as participation in the company, corporate name of affiliated company.

In this service, we primarily process data of credit borrowers and issuers.

• Identification and contact data, such as full name, email, phone, CPF, address, PEP status, identity document number, among others.
• Financial data, such as bank account information and asset situation data, among others.

In this service, we primarily process data of End Clients and legal representatives.

• Identification and contact data, such as full name, email, phone, CPF, address, PEP status, among others.
• Transaction records: data from executed transactions, such as payer and receiver data, transaction amount, and account number.
• Assessments: results of credit risk and fraud assessments.

Personal data may be provided by the data subject themselves, for example, when interacting with our platforms, or by our Partners. For some services, we may also consult third-party databases.

Below, we describe the purposes of personal data processing:

Personal data collected within the scope of our services is retained for the period necessary to fulfill the purposes described in this Notice. In some cases, information may be retained for an additional period if necessary to comply with legal and regulatory obligations or to protect the exercise of rights.

Personal data is kept securely and confidentially. In this regard, reasonable technical and organizational security measures are adopted to protect personal data against unauthorized access and/or accidental or unlawful situations of destruction, loss, alteration, communication, or dissemination.

Such measures include the application of technologies, such as logical access control to personal data, to ensure that information is only accessed by authorized persons, identity management, encryption, backups, and antivirus/antispam, as well as administrative processes, such as the adoption of policies, procedures, and training of our internal staff.

To ensure the security of your personal data, it is equally important that you adopt measures to protect it against unauthorized access. In this regard, it is recommended to adopt practices such as:

• Do not share your passwords;
• Do not provide personal data through unofficial channels;
• Be wary of suspicious contacts requesting financial, banking information, or verification codes on behalf of our company;
• Verify that you are accessing our services on official websites or applications with a secure connection (https).

To fulfill the purposes described in this Notice, personal data may be shared with:

• Partners;
• Suppliers, service providers, and business partners who support us in operationalizing our business activities, such as technology suppliers and credit bureaus;
• Competent authorities, to comply with legal and regulatory obligations or to respond to official requests.

International transfer: We may transfer personal data to entities located outside Brazil for the following purposes: Cloud data storage | United States.

International data transfer will be carried out in an adequate and secure manner, as provided for in current legislation, and only for the time necessary to fulfill the purposes mentioned above.

LGPD guarantees data subjects rights related to their personal data, which can be exercised subject to any applicable technical and legal limitations. Rights provided by LGPD include:

• Request confirmation of personal data processing;
• Request access to personal data;
• Request correction of personal data if incorrect, inaccurate, or outdated;
• Request anonymization, blocking, or deletion of personal data if unnecessary or excessive;
• Request additional information about personal data sharing;
• Request data portability, in accordance with regulations from the National Data Protection Authority;
• Revoke any authorizations granted for personal data processing;
• Request information about possible consequences if personal data processing is not authorized;
• In cases where processing occurs through obtaining consent, request revocation of such authorization and/or deletion of personal data processed based on such authorization;
• Object to the use of your personal data, provided non-compliance with LGPD is verified;
• Request review of decisions made automatically (without human participation), as well as request the provision of criteria and procedures adopted for making such decisions; and
• Petition the National Data Protection Authority regarding personal data processing.

If you wish to request the exercise of rights related to the use of your personal data, please contact us through the channel: qiajuda@qitech.com.br or through the data subject request form

Remember: In cases where QI Tech acts as a processor, the end client may exercise the above rights directly with the Partner with whom they have a relationship, through the channels provided by them.

With a view to improving the experience when using our website, we may collect cookies, which are files that allow automatic collection of information when you visit a web page. Below, we describe the cookies used on our website and their respective purposes:

Is it possible to block/reject the use of cookies? If you wish, you can configure your internet browser to block the use of cookies on our website. However, if you block cookies, some functionalities may be impaired. The following links provide more information about managing cookie usage:

• Firefox
• Chrome
• Safari
• Internet Explorer
• Opera

This Notice may be updated and adjusted at any time, and it is recommended that you consult it periodically through our website. Date of last update: 07/07/2025