Circli - Contactos de confianza en WhatsApp

Introduction

The privacy of our users and of the individuals whose data they share is of utmost importance to us. Our platform (hereinafter, "the Platform") is committed to protecting personal data in accordance with applicable data protection laws, particularly Law No. 25,326 on Personal Data Protection of the Argentine Republic, as well as equivalent regulations in force in other South American countries. We also take into consideration Brazil's General Personal Data Protection Law (Law No. 13,709, known as LGPD), as the data we collect may be stored on servers located in Brazil. This Privacy Policy describes what information we collect, how we use it, with whom we share it, and what rights and responsibilities users and data subjects have. By using the Platform, you accept the practices described in this policy and consent to the processing of your personal data in accordance with the terms below.

Personal Data We Collect

We collect only the personal data necessary to carry out the purposes of the Platform. In particular, we may obtain the following categories of data: • Contact data shared by the user: Name and phone number of third parties (for example, professionals such as plumbers or painters) that users choose to add to their "circle" or contact list on the Platform. This data is voluntarily provided by the user through the enabled means (for example, via a WhatsApp message). • Data of the user using the Platform: Basic information of the user necessary to register or link their account to the service, such as their mobile phone number (used for authentication and interaction via WhatsApp) and possibly their name or profile alias. • Additional optional data: Any other information that the user chooses to provide us related to those contacts or the use of the service (for example, descriptive notes, contact's profession category, etc.), in case the Platform enables such functionality in the future. In all cases, we collect this data directly from what the user voluntarily sends us. We do not obtain personal data from other sources without your consent.

Purpose and Use of Data

We use the personal data collected exclusively for the following purposes: • Service provision: To allow users to store, organize, and manage third-party trusted contacts (such as recommended professionals) in their personal circle within the Platform. This includes facilitating the exchange of such information with other people in the user's circle or private group, if the functionality allows, for personal use and collaboration among acquaintances. • Internal operation and improvements: To maintain and improve the operation of the Platform, ensuring the operability of the features offered. For example, we use the data to ensure that added contacts are available when the user needs them, to improve the user interface, or to develop new features (such as a professional directory) based on our users' needs. • Service communications: To contact users to provide technical support, respond to inquiries, send important notifications about the service, or inform about updates to this Privacy Policy or other terms and conditions. • Legal compliance: To comply with legal obligations applicable to us regarding data protection or other regulatory requirements, as well as to respond to requests from government authorities or judicial requirements if they occur. • Non-public use of data: It should be noted that, at this time, the contact information that users share is not made public or visible to people outside the Platform. Third-party contact data provided is used only within the Platform environment and for the private purposes described above. Only authorized users – for example, the user who added the contact and those members of their private circle with whom they choose to share it – can access that information, always within the framework of the purposes for which it was shared. We will not disseminate or openly publish this personal data to third parties or the general public without the corresponding consent of the data owner.

User Consent and Responsibility for Third-Party Data

Since our Platform allows users to share third-party contact information, it is essential that the user has the appropriate authorization from those individuals before providing us with their data. We require that users have legitimate rights to collect, use, and share information about any third party whose data they provide to us. This generally involves obtaining the prior informed consent of the personal data owner for their inclusion on the Platform. Argentine legislation establishes that personal data must not be used or recorded without the owner's consent, except for very limited exceptions. Such exceptions include, for example, when the information comes from publicly accessible sources or is strictly limited lists of certain basic data (name, identification, occupation, etc.), situations that do not cover the sharing of personal phone numbers through our Platform. Therefore, by sharing another person's contact information, you guarantee that you have obtained their authorization to do so or that you have another valid legal basis that allows you to provide us with that data without violating third-party privacy. The user who provides third-party personal data assumes responsibility for the truthfulness, timeliness, and lawfulness of such data and its sharing. If a third party – for example, the professional whose contact was added to the Platform – files a complaint or legal action for the inclusion of their data in our database, said user will be solely responsible for having shared that information without proper permission. In other words, the user agrees to share only third-party data for which they have permission, exempting the Platform from any liability that may arise from sending third-party information without consent. We reserve the right to remove from our systems any third-party personal data that has been provided by a user without proper authorization guarantees.

Data Storage and International Transfers

Personal data collected on the Platform is stored securely on servers and databases. Currently, our storage infrastructure is located in Brazil, so your data may be transferred and stored outside the Argentine Republic and other countries where you reside. By using the Platform, you authorize us to transfer and process your personal data in Brazil and/or other countries where our service providers operate. We are aware that data protection legislation may vary between countries. In the case of international data transfers, we commit to complying with applicable legal requirements to guarantee an adequate level of protection. If your personal data is transferred to a country that does not have data protection standards equivalent to those of your jurisdiction, we will implement appropriate safeguards according to the law – for example, contractual agreements with data processors that ensure confidentiality obligations and robust security measures – to protect your information. Please note that, by accepting this Privacy Policy, you are also giving your express consent for the international transfer of your data to Brazil or other countries under the terms described above, in case such authorization is required by law. This allows us to operate the service globally while maintaining high privacy and security standards in all locations.

Data Retention

We will retain personal data only for as long as necessary to fulfill the purposes stated in this Privacy Policy, or as required by applicable law. In practical terms: • Third-party contact data that a user has shared will remain stored as long as the user continues to actively use the Platform and has not requested its deletion, unless the data owner themselves (i.e., the contact person) requests its prior deletion, in which case we will proceed to remove it from our database. • If a user decides to delete a certain contact from their circle, we will stop displaying that information on the Platform and will delete it from our systems (unless we must temporarily retain it for a specific legal reason, such as compliance with a regulatory obligation). • If a user closes their account or stops using our services, we will delete or anonymize their personal data and the contacts they have shared, after the maximum necessary retention periods have passed. We will only retain data beyond that period if required by law or for legitimate and limited purposes (for example, to resolve disputes, ensure security, prevent fraud, or enforce our terms, if necessary). We periodically evaluate the information we store and delete that which is no longer necessary for the stated purposes, so as not to retain personal data longer than necessary.

Data Subject Rights

In accordance with applicable data protection laws, individuals whose personal data we process (whether Platform users or third parties whose contacts were shared) enjoy a series of rights over their information. In particular, you have the right to the following: • Right of access: to request and receive information about your personal data included in our database, as well as to know the purposes for which we use it. • Right to rectification: to request the correction or update of your personal data if it is inaccurate, incorrect, or outdated. • Right to erasure (right to be forgotten): to request the deletion or elimination of your personal data from our database when appropriate. • Right to object: to object to the processing of your personal data in certain particular circumstances. • Right to confidentiality: to have your data treated confidentially and not disclosed without your permission. • Right to withdraw consent: in cases where the processing of your data is based on consent given, you have the right to withdraw that consent at any time. You can exercise these rights at any time and free of charge by contacting us through the channels indicated at the end of this Policy. We will respond to requests within the deadlines established by law. In the Argentine Republic, the Agency for Access to Public Information (AAIP) has the authority to handle complaints and claims related to non-compliance with personal data protection regulations.

Data Security

We take the security of your personal data very seriously. We implement appropriate technical and organizational measures to protect information against unauthorized access, alterations, losses, or leaks. These measures include restricted access controls to our databases, encryption of communications where possible, confidentiality policies for our staff, and use of providers that meet adequate security standards, among other precautions. However, you should be aware that no data transmission over the Internet or electronic storage method is completely secure or infallible. While we strive to safeguard your personal information and maintain high security standards, we cannot guarantee absolute security. We recommend that you also take protective measures, such as maintaining the confidentiality of your access credentials and immediately notifying any unauthorized use of your information.

Public Directory and Future Contact Disclosure

Currently, we reiterate that no personal contact data shared on the Platform is visible to the general public. Contacts that a user adds are accessible only to the user themselves and, where applicable, to members of the private circle with whom the user decides to share that information within the Platform. No outside person can see a contact's name or phone number unless authorized by the user who provided that data. In the future, we may implement a public directory of professionals within the Platform, with the aim of allowing plumbers, painters, or other service providers to choose to make their contact information more widely available to attract clients. We want to make clear that the inclusion of any personal data in a public directory will be done only with the express consent of the data owner. We will protect the privacy of contacts until they express their willingness to make their data public. A professional who initially agrees to appear in the public directory may revoke their consent at any time, and in such case we will remove their information from the public listing as soon as possible.

Changes to this Privacy Policy

This Privacy Policy may be updated or modified in the future, for example, to adapt to regulatory changes, incorporate new features on the Platform, or improve our privacy practices. In case of substantial changes, we will notify users through the usual channels (for example, through a notice on our website, in the application, or via email/WhatsApp, as appropriate) and, when required by law, we will obtain consent again if the changes affect the purposes or conditions under which we process personal data. At the end of this document, we will indicate the date of the last update so that you can easily verify when each version comes into effect. We recommend periodically reviewing this Privacy Policy to stay informed about how we protect your information.

Contact

If you have questions, concerns, or requests related to this Privacy Policy or the processing of your personal data, please do not hesitate to contact us through the contact form on the circli.app homepage. We will attend to your inquiry or request as soon as possible and in any case within the corresponding legal deadlines. If you write to us to exercise a particular right over your data, please provide the necessary information that allows us to locate your data in our system and verify your identity. We appreciate your trust in the Platform. Your privacy and that of your contacts is our priority, and therefore we continuously work to protect it in accordance with the highest standards and current legal requirements.