Privacy Policy
1. Who we are
Data Controller. Rumo in Brazil is operated by [Brasil Co. legal name to be confirmed] ("Brasil Co.", "we", "us"), CNPJ [to be confirmed], with registered office at [address to be confirmed], São Paulo, Brazil. For the purposes of Brazilian data protection law (LGPD, Lei nº 13.709/2018), Brasil Co. is the Controller of your personal data.
Platform owner and main processor. The Rumo platform is owned by Trillium Solutions Ltd, a company registered in England and Wales (Company No. 11246733), with registered office at Suite 7, Second Floor, Apple Market Hub, 9 Crown Passage, Kingston Upon Thames, KT1 1JD, United Kingdom. Trillium operates the technical infrastructure of the platform — servers, application logic, message routing, data storage — under a platform operation and licensing agreement with Brasil Co. For LGPD purposes Trillium acts as a processor (operador), handling personal data on Brasil Co.'s instructions.
Data Protection Officer (Encarregado / DPO). Sanjay Matos Agarwala serves as the Encarregado for Brasil Co. To exercise your rights under the LGPD or to raise any privacy question, contact the DPO at [DPO email to be confirmed — suggested: privacidade@rumo.to].
2. What we collect
When you use Rumo via WhatsApp:
- Your WhatsApp number, your WhatsApp display name as provided by Meta, and (if you tell us) the name you would like us to call you.
- The messages you send and the replies we send back, on a short-term basis. Only the most recent portion of the conversation is retained as live context (currently the last twenty messages); older messages are moved to a long-term archive.
- An evolving summary of context about you, written by Rumo's AI in the course of our conversations. This may include things you have shared about your goals, preferences, situation, relationships, work, health, finances, values, and spiritual or religious frame of reference. You can ask us at any time what we hold about you.
- Your preferences for how Rumo behaves with you (assistant name, language, timezone, communication style settings).
- Operational metadata: timestamps, message lengths, message counts, and similar non-content telemetry needed to run the Service reliably.
When you sign up via the website (once you go past the free message allowance):
- Your first name and surname, email address, and a password (stored only in cryptographically hashed form, never in plain text).
- Your CPF (or CNPJ, if you are a business user) — required for issuing the Nota Fiscal de Serviços eletrônica (NFS-e, electronic service invoice) under Brazilian tax law.
- Payment data: the payment method you choose (card or Pix Automático) is handled directly by our payment processor (Asaas — see section 6). Rumo only stores references (a token or mandate ID) for authorising future debits, and does not store full card numbers or sensitive banking details.
- Transaction and invoice records: records of payments made, charge status, sequential invoice and receipt numbers.
- Website access metadata: the IP address used to access the site, session identifier, and basic browser data needed for web authentication.
Website language preference cookie. Separately from the
WhatsApp Service, the rumo.to website stores a single first-party
functional cookie (rumo_lang) to remember your chosen
interface language so you don't have to re-pick it on each visit. This
cookie contains only a two-letter language code (e.g. pt or
en), is set in response to your explicit toggle of the
language switch, and is not used for analytics, advertising, or any form
of tracking. See our
Cookie Policy for full details.
3. What we do NOT collect
Rumo currently processes text messages only. Any other type of WhatsApp message — photos, voice notes, video, audio messages, documents, stickers, location pins — is dropped at our webhook handler immediately upon receipt and is never stored, processed, downloaded, or seen by our AI.
To be precise about how this works: WhatsApp messages are delivered to us by Meta as webhook notifications. For text messages, the body text arrives directly within the notification payload itself. For other message types, only metadata (message ID, type, sender, timestamp, mime-type, content hash) plus the caption text if any, arrives in the notification — the actual content of the media (image bytes, audio bytes, video bytes, document bytes) requires a separate request to Meta's media API. We never make that separate request. The metadata payload we briefly receive and the caption are dropped from process memory within seconds and are not written to any database or log of message content. The media bytes themselves remain entirely on Meta's WhatsApp infrastructure, subject to Meta's own data policies, and are never transferred to our servers.
If you send Rumo a non-text message (a photo, voice note, etc.), Rumo will not be able to respond to it. You are welcome to describe in text whatever you wanted to share.
We also do not sell your personal data, do not share it with advertisers, and do not use your messages to train third-party AI models without your explicit consent.
4. Sensitive personal data
Because Rumo is a personal assistant, you may choose to share information that the LGPD treats as "sensitive personal data" — for example, information about health, religious or philosophical beliefs, or sexual orientation. We process such data only on the basis of your specific and highlighted consent (LGPD Art. 11, I), given by your continued use of the Service after the first-message notice that we will remember what we discuss in order to help you. You can withdraw that consent at any time by sending the message STOP (to pause) or DELETE (to erase what we hold).
5. Why we use your data, and our legal bases
- To provide the Service — sending and receiving messages, generating responses, remembering context across conversations, authenticating your web account access, managing your preferences. Legal basis: performance of a contract with you (LGPD Art. 7, V).
- To bill and process payments — charging for use of the Service above the free allowance, issuing the Nota Fiscal de Serviços eletrônica (NFS-e), generating invoices and receipts. Legal basis: performance of contract (LGPD Art. 7, V) and compliance with a legal or regulatory obligation (LGPD Art. 7, II).
- To comply with legal obligations — NFS-e issuance, tax and accounting record-keeping, responding to legitimate requests from competent authorities. Legal basis: compliance with a legal obligation (LGPD Art. 7, II).
- To ensure reliability, safety and fraud prevention — diagnosing issues, preventing abuse, preventing fraud. Legal basis: legitimate interest (LGPD Art. 7, IX).
- To improve the Service — aggregated and anonymised analytics to understand usage and quality. We do not use individual analytics to build profiles for marketing purposes. Legal basis: legitimate interest (LGPD Art. 7, IX).
- To process sensitive personal data shared in the course of conversations. Legal basis: specific and highlighted consent (LGPD Art. 11, I).
- For optional marketing communications (if any such are offered in future): only with your specific and revocable consent (LGPD Art. 7, I).
6. Who we share your data with
To deliver the Service, Brasil Co. shares personal data with a small number of carefully chosen processors (operadores), each acting on our instructions and under contractual data-protection commitments:
- Trillium Solutions Ltd (United Kingdom) — operates the Rumo platform infrastructure (web servers, application logic, message routing, database storage). Processes your personal data on Brasil Co.'s instructions under the platform operation and licensing agreement.
- Anthropic, PBC (United States) — provides the Claude large-language-model API used to generate Rumo's responses. Receives conversation content strictly for the purpose of generating a reply, subject to Anthropic's published data handling terms.
- Meta Platforms, Inc. / WhatsApp Ireland Ltd — provides the WhatsApp Business Cloud API, the messaging channel through which Rumo communicates with you. Message content traverses Meta's infrastructure.
- Asaas (Brazil) — payment processor. Receives payment-related data (CPF/CNPJ, payment method, transaction amounts) for the purpose of processing charges and issuing NFS-e.
- DigitalOcean, LLC (United States) — cloud infrastructure provider on which the Rumo application is hosted, under contract with Trillium Solutions Ltd.
We do not sell your personal data. We do not share it with advertisers. We do not use your messages to train third-party AI models without your explicit consent.
7. International data transfers
To deliver the Service, part of your personal data is necessarily transferred outside Brazil:
- To the United Kingdom — where Trillium Solutions Ltd operates the platform infrastructure. The UK has a data protection framework (UK GDPR and the Data Protection Act 2018) that Brasil Co. assesses as providing appropriate safeguards.
- To the United States — where Anthropic, PBC (AI inference), Meta Platforms, Inc. (WhatsApp) and DigitalOcean, LLC (hosting) are based. For these recipients, we rely on the providers' own contractual data-protection commitments and on standard contractual clauses where applicable.
- To Ireland — where WhatsApp Ireland Ltd operates parts of the WhatsApp infrastructure for international users.
Legal bases for international transfer: LGPD Art. 33, II (transfer necessary for the execution of a contract to which the data subject is a party) and LGPD Art. 33, V (transfer authorised by the data subject through specific and highlighted consent, given by your continued use of the Service after the first-message notice and this Policy).
8. How long we keep your data
- Live conversation buffer: most recent twenty messages, retained while you are an active user.
- Conversation archive: older messages are retained for the lifetime of your account so we can serve you reliably across long gaps.
- Context profile and preferences: retained while your account is active.
- Tax and accounting records (issued invoices, receipts, payment records): retained for 5 (five) years after issue, as required by Brazilian tax law (Receita Federal). This period is mandatory and cannot be shortened at the data subject's request.
- On DELETE: when you send the DELETE command, the conversation content, context profile and preferences associated with your account are erased irreversibly. Tax records that correspond to payments already made remain retained for the legal 5-year period described above. Limited operational logs (without message content) may persist for a short period for security and audit purposes before being purged on schedule.
9. Your rights
Under the LGPD (Art. 18) you have the right to:
- confirmation that your data is being processed, and access to it;
- correction of incomplete, inaccurate or out-of-date data;
- anonymisation, blocking or deletion of data that is unnecessary, excessive, or processed in breach of the LGPD;
- portability of your data to another service or product provider, upon express request;
- deletion of personal data processed on the basis of your consent (the DELETE command is the fastest route);
- information about the public and private entities with which Brasil Co. has carried out shared use of your data;
- information about the option not to give consent and about the consequences of refusal;
- withdrawal of consent at any time;
- lodging a complaint with the National Data Protection Authority (ANPD) at gov.br/anpd.
To exercise any of these rights, contact the Data Protection Officer (DPO) at the email given in section 1.
10. Security
We apply appropriate technical and organisational measures to protect your personal data, including encryption in transit (TLS), administrative access controls, operational audit logs, standard hosting-provider protections at rest, and regular review of our security practices. No system is perfectly secure, but we take the custody of your data seriously.
11. Cookies
The rumo.to website uses a single first-party functional cookie
(rumo_lang) to remember your chosen language. See our
Cookie Policy for full details.
12. Children
Rumo is for adults. We do not knowingly collect personal data from anyone under 18. If you believe a minor has used the Service, contact the Data Protection Officer (DPO) and we will erase the data.
13. Changes to this policy
We may update this policy from time to time. If we make a material change we will notify you via WhatsApp and — if you have an email address registered with us — also by email, before the change takes effect. The most recent version is always available at this URL.
14. How to contact us and complaints
For any privacy question or to exercise your rights under the LGPD, contact our Data Protection Officer (DPO) at [DPO email to be confirmed — suggested: privacidade@rumo.to].
Complaints to the ANPD. You also have the right to lodge a complaint with the National Data Protection Authority (ANPD), the competent supervisory body, at gov.br/anpd.