Orbital transparency
You know what we collect, for what purpose and with whom we share — no hidden fine print.
Legal · Privacy · Transparency
Your privacy is not a detail. It is architecture.
At Xmondo, personal data is handled with the same rigor we apply to product, brand and code. This policy explains — clearly and completely — what we collect, why, for how long and what your rights are.
Our pact with you
Four principles guiding every form, cookie and integration in the Xmondo ecosystem.
Control in your hands
Rights of access, correction, deletion and consent withdrawal one click away from our team.
Security by design
Technical and organizational measures proportional to risk, with data minimization and restricted access.
Respect for the data subject
We collect only what is necessary to respond, improve experience and comply with legal obligations.
How your data travels through the Xmondo universe
You browse
You access pages, service landings, forms or official Xmondo channels.
We collect the minimum
Only necessary data: voluntary contact details, language preferences, cookies and aggregated metrics.
We use with purpose
To respond to requests, measure site performance, improve content and comply with the law.
We protect end to end
Secure storage, controlled access, limited retention and guaranteed data subject rights.
1. Data controller
The controller of personal data processed on this site and related digital channels is Xmondo Digital (“Xmondo”), a digital strategy agency operating in Brazil and Italy.
Websites: xmondo.com.br and xmondo.it. For privacy and data protection inquiries, use the channels listed in section 14 of this policy.
2. Scope of this policy
This policy applies to personal data processing through the Xmondo institutional website, service landing pages, contact forms, editorial evaluation (Xmondo Editora), analytics integrations and other digital features operated directly by Xmondo.
It does not cover client websites, e-commerce stores or platforms built by Xmondo — each project has its own controller’s privacy policy.
3. Personal data we may collect
Collection varies according to your interaction with the site. We process only adequate, relevant and limited data.
Data categories:
- Identification and contact data: name, email, phone/WhatsApp and message content — when you submit contact or editorial evaluation forms.
- Browsing and device data: IP address, browser type, pages visited, session duration, traffic source and cookie identifiers — collected automatically by analytics and site operation tools.
- Preferences: selected language and i18n redirect cookie (i18n_redirected).
- Security technical data: IP and timestamp for rate limiting on form submissions, abuse prevention and error logs.
- Communication data: interactions via WhatsApp, email or social networks when you contact us through external channels listed on the site.
4. Purposes of processing
We use personal data exclusively for legitimate and informed purposes:
- Respond to commercial inquiries, questions and diagnostic requests submitted via forms.
- Evaluate manuscripts and Xmondo Editora leads, when applicable.
- Operate, maintain and improve the site, including performance, usability and content.
- Measure audience, conversions and aggregated behavior through Google Analytics.
- Ensure security, prevent fraud, spam and misuse of forms.
- Comply with legal and regulatory obligations and exercise rights in judicial or administrative proceedings.
- Communicate Xmondo news, services and content — only when there is an adequate legal basis and, when required, consent.
5. Legal bases (LGPD / GDPR)
Personal data processing by Xmondo is based on legal grounds under Brazilian LGPD (Law 13,709/2018) and, where applicable, GDPR:
- Consent: non-essential analytics cookies and marketing communications, when applicable.
- Pre-contractual procedures: handling commercial requests initiated by you.
- Legitimate interest: site security, aggregated analytics, experience improvement and abuse prevention — always with rights balancing.
- Legal obligation: when required by competent authority.
- Regular exercise of rights: defense in judicial, administrative or arbitration proceedings.
6. Cookies and similar technologies
Cookies are small files stored in your browser. We use essential cookies for site operation and analytics cookies to understand how visitors use our pages.
You can manage cookies in your browser settings. Disabling essential cookies may affect features such as language preference.
By continuing to browse after viewing our cookie notice, you agree to use as described in this policy — you may change preferences at any time.
7. Data sharing
Xmondo does not sell personal data. Sharing occurs only when necessary to operate the site and provide our services:
- Infrastructure and hosting providers for the site.
- Google LLC (Google Analytics) — audience and behavior metrics.
- Email providers (SMTP) and, when configured, Discord webhook for internal contact notifications.
- Public authorities when required by law or court order.
8. International data transfers
Xmondo operates in Brazil and Italy. Some technology providers — such as Google Analytics — may process data on servers outside Brazil.
When international transfer occurs, we adopt safeguards compatible with LGPD, including standard contractual clauses, assessment of destination country protection level or specific consent, as applicable.
9. Retention period
We retain personal data only as long as necessary to fulfill the purposes described in this policy:
- Contact form data: up to 2 years after last contact, unless legal obligation or ongoing commercial relationship.
- Xmondo Editora leads: during editorial evaluation and up to 2 years after last interaction.
- Analytics data: according to Google Analytics retention policies (configurable; default up to 14 months).
- Security logs and rate limiting: up to 90 days.
- Cookies: according to each cookie’s duration — session or persistent as per purpose.
10. Information security
We adopt technical and administrative measures to protect personal data against unauthorized access, loss, alteration or improper disclosure.
Practices include HTTPS connection, system access control, form rate limiting, data validation, anti-spam honeypot and infrastructure monitoring.
No system is 100% immune. In case of a security incident with relevant risk to data subjects, we will communicate as required by LGPD and ANPD.
11. Data subject rights
You have the rights provided in LGPD articles 17–22. Xmondo will respond to requests within a reasonable timeframe and in accordance with applicable law.
To exercise your rights, email hello@xmondo.com.br with subject “Privacy / LGPD” and describe your request. We may request additional information to confirm your identity.
12. Children’s data
The Xmondo site is aimed at business and professional audiences. We do not intentionally collect data from children under 13 without specific and prominent consent from at least one parent or legal guardian.
If you believe we have collected a minor’s data improperly, contact us so we can assess and, if necessary, delete the information.
13. Changes to this policy
We may update this policy periodically to reflect legal, technological or operational changes. The last update date will always be shown at the top of this page.
Relevant changes may be communicated via notice on the site or other appropriate means. We recommend revisiting this page regularly.
14. Privacy contact
Privacy channel: Xmondo Digital
Email: hello@xmondo.com.br (subject: Privacy / LGPD)
Brazil: +55 41 99990-1234 · Italy: +39 366 144 2489
You may also file a complaint with ANPD (Brazil’s National Data Protection Authority) — www.gov.br/anpd.
Your rights at a glance
LGPD guarantees data subjects a robust set of rights. Here is what you can request:
Confirmation
Know whether we process your personal data.
Access
Obtain a copy of data we hold about you.
Correction
Update incomplete, inaccurate or outdated data.
Anonymization
Request anonymization, blocking or deletion of unnecessary data.
Portability
Receive your data in structured format, when applicable.
Deletion
Request deletion of data processed based on consent.
Sharing information
Know which public and private entities we share data with.
Revocation
Withdraw consent at any time without affecting prior lawful processing.
Automated decisions review
Request review of decisions based solely on automated processing.
ANPD complaint
Contact the national authority if you believe your rights were not respected.
Response time: within 15 days, extendable under LGPD when justified.
Processors and third parties
Technology partners that may process data on our behalf or as independent controllers:
Google Analytics (Google LLC)
Traffic analysis, behavior and site conversions.
Google Policy: policies.google.com/privacyFrequently asked questions
Why does Xmondo need my data?
To respond to your contact, evaluate commercial or editorial requests, improve the site and comply with legal obligations. We do not request data beyond what each purpose requires.
Do you sell my data?
No. Xmondo does not sell personal data. We share only with providers essential to operate the site and analytics.
How long do you keep my information?
It depends on purpose: contact forms up to 2 years after last contact; analytics per Google retention; security logs up to 90 days.
How do I exercise my LGPD rights?
Email hello@xmondo.com.br with subject “Privacy / LGPD” describing your request. We will respond within a lawful timeframe.
Privacy questions?
Talk to the team that actually handles your data.
We respond to data subject requests with the same seriousness we give client projects. No maze, no runaround.