Privacy Policy

When you visit our marketing site, sign up, or use Tudo for your own personal account, Tudo, Inc. is the controller of your personal data.

When you use Tudo as part of a workspace someone else owns (your employer or a client), the workspace owner is the controller of the data they put into Tudo, and we are their processor. Their privacy notice governs that data; ours covers the account-level information we hold about you directly.

Reach our privacy team at privacy@usetudo.com. Brazilian residents can contact our DPO at the same address.

We collect three categories of data:

• Account information you give us — name, email, profile picture, language, password hash, and (for paid accounts) billing address and card metadata via Stripe.
• Usage data generated by the Service — pages and features you use, timestamps, IP address, browser, OS. Used for product analytics, security, and debugging.
• Customer Data you put into the Service — board items, comments, files, contacts. We process this only on the workspace owner's instructions.

We do not collect special-category data (health, race, religion, etc.) by design. If you put such data into Customer Data, the workspace owner is responsible for the appropriate legal basis under LGPD / GDPR.

Under the GDPR (EU/UK), the LGPD (Brazil), and the CCPA/CPRA (California), every processing activity needs a lawful basis. Ours are:

• Performance of contract — to deliver the Service you signed up for (account creation, billing, hosting your data, sending transactional emails like sign-in confirmations or trial reminders).
• Legitimate interests — to keep the Service secure, prevent abuse, improve the product, and run minimal product analytics.
• Consent — for non-essential cookies, marketing communications, and optional integrations.
• Legal obligation — to comply with tax, accounting, anti-fraud, and data-protection laws.

Active accounts: as long as your account is active, plus 30 days after cancellation. During the 30-day grace period you can cancel deletion or download your data.

Inactive marketing-list contacts: 24 months after last engagement, then deleted.

Tax-relevant invoice data: retained for the period required by Brazilian and US tax law (typically 5–7 years), even after account deletion.

Backups: encrypted database backups are kept for 30 days on a rolling basis, then permanently destroyed.

We share data only with vendors who help us run the Service (subprocessors), and only to the extent necessary. The full list — names, purpose, and location — is published at tudo.com/legal/subprocessors.

We do not sell your personal data. We do not share it for cross-context behavioral advertising. Where the law gives you the right to opt out of "sales" or "sharing" (CCPA/CPRA), there is nothing to opt out of — we don't do it.

We may disclose data when required by a valid legal request (subpoena, court order). In those cases we notify the affected workspace owner where legally permitted.

Tudo's primary data hosting is in the United States. When data of EU/UK or Brazilian residents is processed in the US, we rely on the EU Standard Contractual Clauses (SCCs), the UK International Data Transfer Addendum, and ANPD-recognized safeguards under LGPD Art. 33. Our DPA includes the SCCs by default.

You have the right to:

• Access the personal data we hold about you.
• Correct inaccurate data.
• Delete your account and personal data ("right to be forgotten").
• Export your data in a portable format (JSON).
• Object to processing based on legitimate interests.
• Withdraw consent at any time, where consent was the basis.
• Lodge a complaint with your local data-protection authority (ANPD in Brazil, your EU Member State authority, the ICO in the UK, your Attorney General in the US).

You can exercise the first four rights from Settings → Profile → Your data right inside Tudo. For everything else, email privacy@usetudo.com — we respond within 15 days, and at most 30 days as allowed by LGPD.

Data in transit is encrypted with TLS 1.2+. Data at rest is encrypted at the database and storage layers. Passwords are stored as Argon2 hashes — we never see them.

Access to production systems is restricted to a small number of named personnel under least-privilege controls and is logged. We run a security disclosure program at security@usetudo.com.

Our SOC 2 Type I audit is in progress; ISO 27001 is on the roadmap. The current status is published on the Trust Center.

We use a small number of first-party cookies. Necessary cookies (authentication, theme, CSRF) are always on. Analytics and marketing cookies are off by default and require your explicit consent via the cookie banner.

You can change your choices any time via the "Cookie preferences" link in the footer of any page.

Tudo is not directed at children under 16. We do not knowingly collect data from children. If you believe a child has signed up, write to privacy@usetudo.com and we will delete the account.

We may update this Privacy Policy from time to time. Material changes are announced by email to workspace owners at least 30 days before they take effect. The "Effective" date at the top of this page always reflects the current version.