NeobanklessPrivacy Policy

NEOBANKLESS BRASIL Privacy Policy

Effective as of: July 11, 2025

This Privacy Policy describes how NBS SPSAV LTDA (“Neobankless,” “we”) collects, uses, shares, and protects personal data in connection with its website, promotional pages, pre-registration processes, and interactions with customers and interested parties in Brazil, in accordance with Law No. 13.709/2018 (LGPD) and other applicable regulations.

The current and updated version of this Policy will always be displayed on this page, together with the version number and date of last modification.

Controller in Brazil

NBS SPSAV LTDA
CNPJ: 60.749.581/0001-90
Rua Pequetita, 215 – Ed. Atrium VII, Cj. 142
Vila Olímpia, São Paulo – SP
CEP: 04552-060

1. Data we collect

We may collect and process the following categories of personal data, depending on your relationship with Neobankless:

For sensitive data processing related to identity verification and fraud prevention, we use specialized service providers acting as processors or sub-processors, who are contractually required to adopt protection standards consistent with the LGPD.

2. Legal bases and purposes

We process personal data based on the following legal grounds and purposes, among others compatible with this document:

When legitimate interest is used as a legal basis, we conduct a prior balancing test (“Legitimate Interest Assessment – LIA”), documenting justification, proportionality, and safeguards to ensure that the data subject’s rights and freedoms are preserved.

Processing of sensitive data required for identity verification (including facial biometrics when applicable) is based on Art. 11, II, “a” of the LGPD (compliance with regulatory obligation).

Note: Our AML/CTF and Onboarding Policy provides detailed guidelines for anti–money laundering, counter-terrorism financing, and UN sanctions screening that support part of these processing activities.

3. Cookies and analytics

We use essential cookies for site functionality and, with your consent, analytical cookies for audience measurement and navigation improvement. Our consent banner allows you to accept or reject non-essential cookies at any time.

We may use analytics tools such as PostHog or equivalent, respecting your consent preferences.

4. Data sharing

We may share personal data with:

5. International transfers

Your data may be transferred to other countries (e.g., the United States) due to our technological infrastructure and global service providers. We adopt mechanisms required by the LGPD for such transfers, including appropriate contractual clauses and impact assessments when applicable.

6. Information security

We apply technical and administrative security measures appropriate to the risks involved, including access controls, encryption in transit, environment segregation, and event logging.

No platform is 100% risk-free; we maintain incident response plans and will notify affected users and authorities when required.

In the event of a relevant incident involving personal data, we will notify the ANPD and affected data subjects within a reasonable timeframe consistent with industry best practices.

7. Retention and disposal

We retain personal data for as long as necessary to fulfill the purposes of this Policy, comply with legal/regulatory obligations (including AML/CTF), and exercise our rights.

After these periods, we adopt secure disposal or anonymization procedures.

8. Data subject rights (Art. 18, LGPD)

You may exercise the following rights, as provided by law:

You may exercise your rights via privacy@neobankless.com or a dedicated form (when available). Neobankless will respond within 15 (fifteen) days, at no cost, except in legally permitted situations.

9. Children and adolescents

Our services and pages are not directed at children. Any processing involving adolescents will comply with applicable laws and enhanced safeguards.

10. Data Protection Officer (DPO) Contact

To exercise your rights or ask questions about this Policy, contact our Data Protection Officer (DPO) through official channels. Until a dedicated channel is disclosed, use privacy@neobankless.com.

11. Updates to this Policy

We may update this Policy to reflect regulatory, technological, or operational changes. When significant updates occur, we may display notices on our website. The current version will always be available on this page.

Significant changes may also be communicated via email, website banner, or app notification, when applicable. Each version will include the corresponding date and identifying number.

© 2025 Neobankless. All rights reserved.

Related document: AML/CTF and Onboarding Policy (July 11, 2025)