Privacy Policy
Last updated: April 2026
FLOODEV SOFTWARE TECHNOLOGY LTDA ("SawOptima", "we", "our", or "Company"), registered in Brazil, is the data controller for personal data processed through the SawOptima platform. This Privacy Policy describes how we collect, use, store, share, and protect your personal data in compliance with the Brazilian General Data Protection Law (LGPD, Law No. 13,709/2018), the European Union General Data Protection Regulation (GDPR, Regulation EU 2016/679), the California Consumer Privacy Act (CCPA/CPRA), and other applicable data protection legislation.
1. Scope and Application
This Policy applies to all users who access or use the SawOptima platform, regardless of the country of access. By registering or using our services, you acknowledge that you have read and understood this Policy. If you do not agree with any provision, please do not use the platform.
2. Data Controller
The data controller is FLOODEV SOFTWARE TECHNOLOGY LTDA, headquartered in Brazil. To exercise your rights or clarify questions about data protection, please contact us at: contact@sawoptima.com. For users in the European Union, our representative can be contacted through the same channel.
3. Personal Data We Collect
We collect the following categories of personal data: • Registration data: full name, email address, country, and production volume of your operation. • Authentication data: password (stored exclusively in cryptographic hash format, never in plain text). • Usage data: language preferences, interface settings, session history, and access logs. • Technical data: IP address, browser type, operating system, device identifiers, and approximate geolocation data (for automatic language and pricing region detection). • Subscription data: contracted plan, subscription period dates, and Stripe transaction identifiers (we do not store credit card data, this is processed directly by Stripe). • Optimization data: log parameters, part dimensions, and cutting results are processed in real time and are not permanently stored on our servers, unless voluntarily saved by the user in the parts library.
4. Legal Basis for Processing
The processing of your personal data is based on the following legal grounds: • Performance of contract: processing necessary for the provision of contracted services (Art. 7(V), LGPD; Art. 6(1)(b), GDPR). • Consent: where applicable, for marketing communications and optional features (Art. 7(I), LGPD; Art. 6(1)(a), GDPR). • Legitimate interest: for service improvement, platform security, and fraud prevention (Art. 7(IX), LGPD; Art. 6(1)(f), GDPR). • Legal obligation: when necessary for compliance with legal or regulatory obligations (Art. 7(II), LGPD; Art. 6(1)(c), GDPR).
5. Purpose of Processing
We use your personal data for the following purposes: • Creating and managing your user account. • Authentication and secure access control to the platform. • Providing log cutting optimization services. • Processing subscriptions and payments via Stripe. • Automatic language and region detection for experience personalization. • Communicating service updates, contractual changes, and security notifications. • Continuous improvement of the platform, algorithms, and user experience. • Compliance with legal and regulatory obligations.
6. Cookies and Tracking Technologies
We use the following cookie and tracking technologies: • Session cookies (first-party): essential for authentication and maintaining your active session. Strictly necessary — no consent required. • Local storage (localStorage): used to persist your language preference (key: sawoptima-locale) and your cookie preferences (key: sawoptima-cookie-consent). With your consent, we also use: • Google Tag Manager (GTM-PZD8Z9FP): tag management system used to load and control the analytics and advertising scripts listed below. Developed by Google LLC (USA). • Google Analytics (GA4): collects browsing behavior data (pages visited, session duration, traffic source) for statistical and platform improvement purposes. Developed by Google LLC (USA). • Google Ads: conversion tracking and audience creation for serving ads on Google channels. Developed by Google LLC (USA). • Facebook Pixel (Meta Platforms, Inc.): measures conversions and creates custom audiences for advertising campaigns on Facebook and Instagram. You can change your cookie preferences at any time via the cookie banner at the bottom of the site. For permanent opt-out from Google Analytics, visit: https://tools.google.com/dlpage/gaoptout.
7. Data Sharing with Third Parties
Your personal data may be shared exclusively with: • Stripe, Inc.: payment processor for subscription management and financial transactions. Stripe operates as an independent data processor, subject to its own privacy policy (https://stripe.com/privacy). • Resend, Inc.: transactional email delivery service used for communications such as account registration confirmation, subscription confirmation, plan changes, and password reset. Resend processes your email address solely for message delivery, operating as a data sub-processor subject to its own privacy policy (https://resend.com/legal/privacy-policy). • Google LLC: data processor for analytics (Google Analytics), conversion tracking (Google Ads), and tag management (Google Tag Manager). Google operates as an independent data controller for advertising purposes. Privacy policy: https://policies.google.com/privacy. Data may be transferred to and processed on Google servers in the USA. • Meta Platforms, Inc.: data processor for conversion tracking and audience creation for advertising campaigns on Facebook and Instagram (Facebook Pixel). Meta operates as an independent data controller for advertising purposes. Privacy policy: https://www.facebook.com/privacy/policy/. • Infrastructure providers: hosting and database services necessary for platform operation, contracted with data protection clauses. We do not sell, rent, or share your personal data with third parties for marketing purposes. We do not make automated decisions or profiling that produce legal effects on the data subject.
8. International Data Transfers
As a globally accessible platform, your personal data may be transferred and processed on servers located outside your country of origin. We adopt the following safeguards: • For transfers from the EU/EEA: we use Standard Contractual Clauses (SCCs) approved by the European Commission, pursuant to Art. 46(2)(c) of the GDPR. • For transfers from Brazil: we observe the provisions of the LGPD (Art. 33) and ANPD guidelines. • All infrastructure providers are selected based on their compliance with international security and data protection standards.
9. Data Retention
Your personal data is retained for the following periods: • Account data: maintained as long as your account is active. After account deletion, data is removed within 30 days, except where retention is required by law. • Session data and access logs: retained for up to 6 months for security and audit purposes. • Transaction data: retained for the period required by applicable tax and accounting legislation (minimum 5 years). • Real-time optimization data: not retained, processed and discarded immediately after result delivery.
10. Data Security
We implement appropriate technical and organizational measures to protect your personal data: • Password encryption using bcrypt algorithm (configurable salt rounds). • Communication exclusively via HTTPS/TLS for all data in transit. • Data isolation between distinct user accounts. • Secure session management with encrypted session tokens. • Payment processing handled entirely by Stripe (PCI DSS Level 1 certified). • Continuous monitoring and regular security updates. While we adopt rigorous measures, no electronic transmission or storage system is 100% secure. We recommend that you keep your password confidential and use strong passwords.
11. Your Rights as a Data Subject
Under the LGPD, GDPR, CCPA, and other applicable legislation, you have the following rights: • Right of access: request information about the personal data we process. • Right of rectification: correct inaccurate or outdated data. • Right of erasure (right to be forgotten): request the deletion of your personal data. • Right of portability: receive your data in a structured, machine-readable format. • Right to object: object to processing based on legitimate interest. • Right of restriction: request the limitation of processing in certain circumstances. • Right to withdraw consent: withdraw previously granted consent without affecting the lawfulness of prior processing. Specific rights under CCPA/CPRA (California residents): • Right to know what personal data is collected and how it is used. • Right to delete personal data collected. • Right to non-discrimination for exercising your privacy rights. • We do not sell personal information as defined by the CCPA. To exercise any of these rights, contact us at contact@sawoptima.com. We will respond to requests within the applicable legal timeframes (15 days, LGPD; 30 days, GDPR; 45 days, CCPA).
12. Children's Privacy
The SawOptima platform is intended exclusively for professional and business use (B2B). We do not intentionally collect personal data from minors under 18 years of age. If we become aware that data from a minor has been inadvertently collected, we will proceed with immediate deletion. If you believe a minor has provided data to our platform, please contact us immediately.
13. Changes to This Policy
We reserve the right to update this Privacy Policy periodically to reflect changes in our practices or legal requirements. Substantial changes will be communicated by email to registered users and through a prominent notice on the platform, with a minimum advance notice of 30 days. The date of the last update will always be indicated at the top of this page. Continued use of the platform after the publication of changes constitutes acceptance of the updated Policy.
14. Contact and Data Protection Officer (DPO)
To exercise your rights, clarify questions, or file complaints related to personal data processing: Email: contact@sawoptima.com Controller: FLOODEV SOFTWARE TECHNOLOGY LTDA Country: Brazil You may also file a complaint with the competent data protection authority in your country: • Brazil: National Data Protection Authority (ANPD) • European Union: Supervisory Authority of your Member State • California, USA: Office of the Attorney General of California