Decision infrastructure built with privacy, security, and governance from the ground up.
Updated June 2026.
Last updated: June 2026
Introduction
At Sinky, we believe that trust is a fundamental requirement for any responsible decision-making system.
That is why privacy, information security, data governance, and responsible artificial intelligence are principles embedded in the architecture of our platform from day one.
We operate in compliance with the Lei Geral de Proteção de Dados Pessoais (LGPD), the General Data Protection Regulation (GDPR), and all other regulatory requirements applicable to our clients' operations.
As a SOC 2 Type II certified company, we adopt technical, organizational, and operational controls designed to protect data, ensure transparency, and promote the responsible use of technology.
Our Commitment
Sinky was created to help organizations transform critical decisions into auditable, explainable, and scalable processes.
To achieve this, we treat privacy and data protection as core pillars of our infrastructure.
Our commitment encompasses:
Privacy by Design
Security by Design
Data Governance
Responsible Artificial Intelligence
Transparency and Explainability
Continuous Monitoring
Regulatory Compliance
Continuous Improvement of Security Controls
Protecting our clients' and users' data is not merely a legal obligation. It is an essential part of how we build our products.
Data Processing Roles
Depending on the context, Sinky may act as either a Controller or a Processor of Personal Data.
When We Act as Controller
Sinky acts as a Controller when it determines the purposes and means of data processing related to its own corporate activities.
Examples include:
Event registrations
Demo requests
Commercial inquiries
Recruitment and hiring
Partner relationships
Vendor management
Website browsing
Institutional communications and marketing
In these cases, Sinky is responsible for the decisions related to the processing of personal data.
When We Act as Processor
In the majority of platform implementations, Sinky acts as a Processor of Personal Data.
This means we process information exclusively on behalf of, and under the instructions of, our clients.
Examples include:
Credit workflows
Onboarding processes
Fraud prevention
Compliance
Risk monitoring
Due diligence
Collection processes
Operational decision automation
In these situations, the client is the Controller of the data and Sinky acts as the Processor, as defined by the LGPD.
Legal Bases
All data processing carried out by Sinky is supported by an appropriate legal basis and legitimate purpose.
Depending on the context, the legal bases relied upon may include:
Contract performance
Pre-contractual procedures
Compliance with legal or regulatory obligations
Regular exercise of rights
Legitimate interest
Credit protection
Consent, where applicable
The specific legal basis varies according to the nature of the processing activity.
Data Subject Rights
The LGPD guarantees data subjects a number of rights related to their personal data.
At any time, you may request:
Confirmation of the existence of processing
Access to personal data
Correction of incomplete, inaccurate, or outdated data
Anonymization, blocking, or deletion of data processed in non-compliance with applicable legislation
Data portability, where applicable
Deletion of data processed on the basis of consent
Information about data sharing
Information about the possibility of withholding consent
Withdrawal of consent
Review of automated decisions, where applicable
Requests will be reviewed in accordance with applicable legal and regulatory requirements.
Security & Data Protection
Sinky maintains a comprehensive information security program based on internationally recognized standards.
Key controls in place include:
SOC 2 Type II Certification
Data encryption in transit and at rest
Role-Based Access Control (RBAC)
Multi-Factor Authentication (MFA)
Environment segregation
Vulnerability management
Continuous monitoring
Event logging and auditing
Security incident management
Backup and disaster recovery
Periodic access reviews
Controls are continuously evaluated and enhanced to keep pace with evolving technological and regulatory risks.
Responsible Artificial Intelligence
Sinky develops AI-native solutions to support critical business decisions.
The use of AI on our platform adheres to the following principles:
Transparency
Explainability
Human Oversight
Governance
Security
Accountability
Sinky's AI capabilities are designed to support decision-making processes and do not fully replace human analysis where required by legislation, regulation, or clients' internal policies.
Certain services used by Sinky may involve international data processing.
When this occurs, we adopt appropriate contractual, organizational, and technical measures to ensure adequate levels of protection, in compliance with:
LGPD
GDPR
Standard Contractual Clauses
Applicable regulatory requirements
Transparency & Documentation
Sinky maintains specific documentation related to privacy, security, and data governance.