Weni by VTEX

Privacy Policy

Privacy Policy

Last Update: May 05, 2025

Introduction
WENI’s privacy policy aims to detail how the organization handles personal data of clients and employees, to demonstrate the means used to ensure security and privacy in the handling of personal data, and to define guidelines and responsibilities.

WENI’s policy is based on best privacy practices, recognized frameworks, and the organization’s values.

Personal Data Protection Legislation Terms

Personal Data
“Personal data” refers to information that identifies or can identify a natural person (individual). Personal data is typically provided to WENI by the data subject or third parties.

Personal data may, in exceptional cases, include information related to a particular sensitive condition of the data subject.

Sensitive Personal Data
“Sensitive personal data” includes data on racial or ethnic origin, religious beliefs, political opinions, union membership or affiliation with religious, philosophical, or political organizations, as well as data related to health, sexual life, genetic or biometric data, when linked to an individual (natural person).

Generally, WENI does not collect or process sensitive personal data.

However, sensitive personal data may be entered by users or third parties on the WENI platform. For more details, refer to the Sensitive Personal Data section of this Privacy Policy.

Data Subject
The natural person to whom the processed personal data refers.

Personal Data Controller
The “Controller” is the individual or legal entity responsible for decisions regarding the processing of personal data.

Personal Data Processor
The “Processor” is the individual or legal entity that processes personal data on behalf of and in the interest of the Controller.

Regarding the processing of personal data on the WENI platform by contracting companies, WENI acts solely as a Data Processor.

Data Protection Officer (DPO)
The “Data Protection Officer” or DPO is the person appointed by the processing agent to act as a communication channel between the organization, data subjects, and the National Data Protection Authority (ANPD).

For WENI’s contractual purposes, the DPO’s contact is listed at the end of this document.

Scope of this Privacy Policy – Data Subjects
For the purposes of this Policy, data subjects include any individual who uses or has personal data associated with the WENI platform or who falls under one or more of the following conditions:

  • Legal representative or proxy of a legal entity contracting with the WENI platform;
  • Any other identifiable or identified person interested in the WENI platform who visits the pages of the site weni.ai.

1. Personal Data Processing
WENI processes personal data based on legal grounds of regular rights in a contract and the data subjects’ consent.

However, personal data may be collected, stored, and processed without the subject’s consent in cases permitted by law, including:

  • Compliance with legal or regulatory obligations;
  • Shared data processing necessary for the implementation of public policies by public administration as provided by laws or regulations;
  • Conducting research studies by research organizations, ensuring anonymization of sensitive personal data where possible;
  • Exercising rights in judicial, administrative, or arbitration proceedings;
  • Protecting the life or physical integrity of the subject or a third party;
  • Fraud prevention and user security in identity verification and authentication processes in electronic systems.

Upon first navigating WENI’s site or when our Privacy Policy is updated, users will be prompted to consent to the collection and processing of their personal data.

Whenever necessary, consent may be requested again for specific actions or to further secure users’ data.

WENI primarily processes personal data to provide its services and digital platform to its clients and users.

In addition to providing its digital platform, personal data may also be processed for purposes such as:

  • Communication between WENI and the data subject;
  • Non-automated decision-making processes that account for the data subject’s or WENI’s legitimate interest, as per legal or regulatory parameters;
  • Compliance with data protection laws, regulations, and frameworks, as well as judicial or administrative requests from the Judiciary or relevant government agencies, such as the National Data Protection Authority (ANPD);
  • Protecting our operations, trade secrets, or proprietary information, and safeguarding against potential harm, including defending our business against credit fraud, under article 7, item X of the General Data Protection Law (LGPD).

As previously noted, WENI processes personal data for various purposes, all in compliance with regulatory principles under the LGPD, such as purpose, adequacy, and necessity.

2. Processing Sensitive Personal Data
As a rule, WENI does not collect, process, or store sensitive personal data. However, on rare occasions, sensitive personal data may be collected and processed by WENI, upon explicit request and necessity from the contracting client.

In all cases, WENI restricts access to sensitive personal data only to individuals directly involved in the platform’s maintenance and related systems, or those acting in WENI’s legitimate interest to fulfill regulatory or legal obligations or to exercise its rights as a data processing agent, always adopting best practices for personal data protection.

3. Sharing Personal Data with Third Parties
To ensure the proper functioning of its platform and services, WENI may share personal data with third parties.

In any case, WENI only shares personal data collected via its platforms with national and international companies that provide cloud hosting and messaging automation services compliant with best data protection and information security practices.

4. Retention and Processing of Personal Data
WENI ensures that appropriate processes are implemented to manage personal data and to remove, anonymize, or archive it when necessary.

Generally, WENI stores personal data only to:

  • Comply with the purposes outlined in this Privacy Policy;
  • Meet our legal or regulatory obligations, as well as protect our rights under the law.

In any case, personal data subjects or their legal representatives may request the exercise of their rights under the General Data Protection Law.

5. Rights of Data Subjects Regarding Personal Data
The rights reserved for data subjects include:

  • The right to confirm the existence of personal data processing;
  • The right to access personal data processed or stored by us;
  • The right to correct incomplete, inaccurate, or outdated data;
  • The right to anonymize, block, or delete data deemed unnecessary or excessive, under applicable legislation;
  • The right to data portability upon explicit request, in line with the National Data Protection Authority’s resolution, while safeguarding our trade or industrial secrets;
  • The right to delete personal data processed with consent, except in cases permitted by law under Article 16 of the LGPD;
  • The right to be informed about public and private entities with which we share personal data for service delivery, within the scope designated by law and the National Data Protection Authority;
  • The right to be informed of the possibility of not providing consent and the consequences of refusal;
  • The right to withdraw consent, as per Law No. 13.709/2018 – General Data Protection Law.

Requests to exercise these rights should be made through: [email protected].

Please note that WENI reserves the legitimate right to deny the exercise of data subject rights as permitted by law, such as fulfilling a legal obligation or protecting credit.

6. Data Controller and Processor
WENI will act as a Controller solely for personal data collected via its official website https://weni.ai/.

WENI will act as a Processor when processing personal data involves client companies using the WENI platform, which act as Data Controllers.

7. Personal Data Security
WENI commits to adopting appropriate technical, physical, organizational, and legal measures consistent with national data protection laws to safeguard personal data processed.

To this end, WENI uses certified cloud computing and hosting services to ensure maximum data security for users.

In the event of a security incident resulting in the destruction, loss, alteration, unauthorized access, or leakage of personal data, WENI will promptly assess the risks to the data subjects’ rights.

Notification to data subjects and the NATIONAL DATA PROTECTION AUTHORITY (ANPD) will be made in accordance with Article 48 of the General Data Protection Law after a risk assessment.

8. Privacy Policy Changes
Occasionally, there may be changes to our privacy policy during service provision.

If WENI’s privacy policy changes, users will be explicitly informed when they revisit the site or log in to the platform.

WENI is responsible for providing the updated version of the policy to clients upon request.

Our terms of use and privacy and cookies policies are updated in compliance with Law No. 13.709/2018 – General Data Protection Law.

9. When does this Privacy Policy not apply?
This Privacy Policy does not apply to any other solutions and/or services not provided by us.

Be sure to read the privacy policies of each third-party site or service you visit or use. WENI is not responsible for any violation of data subjects’ privacy rights by such sites.

10. International Data Transfer

The personal data collected may be transferred, stored, and processed in data centers located outside the data subject’s country of origin, as necessary to ensure the operation, security, and availability of our services. We currently use cloud infrastructure with data centers located in the following regions:


-> São Paulo, Brazil (sa-east-1)
-> Virginia, United States (us-east-1)
-> Mumbai, India (ap-south-1)
-> Ireland (eu-west-1)

These international transfers are carried out based on appropriate safeguards and in compliance with applicable data protection laws, including the Brazilian General Data Protection Law (LGPD – Law No. 13.709/2018).


The measures adopted include:
-> Specific contractual clauses that ensure the protection and confidentiality of the data;
-> Transfers only to countries that offer an adequate level of data protection, or based on valid legal mechanisms;
-> Internal policies and practices aligned with international standards for information security and privacy.

By using our services, you consent to and acknowledge that your data may be transferred to and processed in countries with different legal frameworks, but always with appropriate protection as described in this Policy.

Contact with the DPO
[email protected]