Your data is handled with security, transparency, and full compliance with applicable regulations.
Last updated: June 2026
1. Introduction
Sinky Inc. and its affiliates ("Sinky", "we", "our") value privacy, security and transparency in the processing of personal data. This Privacy Policy describes how we collect, use, store, share and protect personal information in the context of using the Sinky platform and our websites, applications, APIs, integrations, products and related services.
Sinky is a global AI-native decision infrastructure platform that enables organizations to create, operate, automate, monitor and evolve critical business decisions in processes such as credit, fraud, compliance, onboarding, risk, portfolio monitoring and corporate operations.
This Policy was prepared in compliance with:
LGPD (Brazilian General Data Protection Law)
GDPR (General Data Protection Regulation)
CCPA (California Consumer Privacy Act), when applicable
Other applicable data protection legislation
By using our services, you declare that you have read and understood this Policy.
2. Who We Are
Sinky is a technology company specializing in decision infrastructure, offering a SaaS platform for automation, intelligence and governance of business decisions.
In most operations carried out through the platform, Sinky acts as a Processor of personal data on behalf of its clients, who remain responsible for defining the purposes and legal bases for processing.
In certain specific situations — such as marketing, recruitment, commercial relationships and institutional operations — Sinky may act as a Controller of the personal data processed.
3. Data We Collect
3.1 Registration Data
Name
Email
Phone
Title
Company
Country
Preferred language
3.2 Corporate Data
Legal name
Tax ID
Corporate registration information
Corporate structure
Public company information
3.3 Platform Usage Data
IP address
Access logs
Date and time of use
Device identifiers
Browser
Operating system
Navigation events
Actions performed within the platform
3.4 Integration Data
When authorized by the client, data may originate from:
Credit bureaus
Open Finance / Open Banking
ERP systems
CRM systems
Anti-fraud systems
Public databases
Government databases
Third-party APIs
Identity providers
Client internal systems
3.5 Financial and Documentary Data
Bank statements
Financial statements
Balance sheets
Income statements
Tax returns
Contracts
Corporate documents
Financial receipts
3.6 Sensitive Data
Sinky does not intend to collect or process sensitive personal data. If processing of sensitive data is necessary for a specific operation conducted by the client, such processing will occur exclusively under documented client instructions and in compliance with applicable legislation.
4. How We Use Data
Personal data processed by Sinky may be used for the following purposes:
Service delivery
Platform operation
Authentication and access control
Creation and execution of decision flows
Risk assessment
Fraud prevention
Compliance and anti-money laundering
Portfolio monitoring
Customer support
Technical support
Information security
Legal compliance
Auditing
Platform operational improvements
5. Artificial Intelligence
Sinky provides features based on Artificial Intelligence, Machine Learning and statistical models to support corporate decision-making processes. These resources may be used for:
Generating recommendations
Risk classification
Document analysis
Decision explainability
Automated summaries
Operational suggestions
Pattern detection
Inconsistency identification
The recommendations produced by the platform constitute decision support mechanisms. The final decision to approve, deny, escalate, review or execute any action remains the responsibility of the client and their authorized users.
Sinky does not make binding automated decisions on behalf of clients without their parameterization and express authorization.
6. AI Model Training
Sinky does not use client data for training public foundational AI models.
Data processed on the platform is not shared with AI providers for general model training purposes, unless expressly and specifically authorized by the client.
When AI models are used, Sinky will adopt adequate technical, contractual and operational controls to preserve the confidentiality of processed information.
7. Legal Bases
Data processing may occur based on:
Contract execution
Legal obligation compliance
Regular exercise of rights
Legitimate interest
Consent
Credit protection
Fraud prevention
Other legal bases provided by applicable legislation
8. Data Sharing
Data may be shared with:
Contracted service providers
Cloud infrastructure providers
Authentication providers
Monitoring and security tools
Integration partners
Government authorities
Regulatory bodies
Judicial authorities
All sharing occurs observing principles of necessity, proportionality and security. Sinky does not sell personal data.
Sinky may use subprocessors and technology partners to enable the delivery of its services.
Sinky operates globally and may carry out international data transfers to countries where cloud providers, technology partners, service providers, and operational infrastructures are located.
Whenever applicable, we will adopt legally recognized mechanisms to ensure adequate protection for transferred data.
10. Information Security
Sinky maintains a formal information security program based on policies, processes and controls aimed at protecting its assets and data. Measures include:
Encryption at rest and in transit
Role-based access control (RBAC)
Multi-factor authentication (MFA)
Vulnerability management
Environment segregation
Continuous monitoring
Risk management
Access auditing
Event logging
Incident management
In June 2026, Sinky completed an independent SOC 2 Type II audit regarding Security controls applicable to the Sinky AI-Native Decision Infrastructure Platform.
Despite the efforts employed, no system can guarantee absolute security.
11. Data Retention
Data will be maintained for the period necessary for:
Service delivery
Legal obligation compliance
Regular exercise of rights
Regulatory requirements
Audit evidence preservation
After applicable periods expire, data may be deleted or anonymized.
12. Data Subject Rights
Under applicable legislation, data subjects may request:
Processing confirmation
Data access
Information correction
Anonymization
Blocking
Deletion
Portability
Consent revocation
Information about sharing
Requests may be sent through the channels indicated in this Policy.
13. Cookies and Similar Technologies
We may use cookies and similar technologies for:
Platform operation
Security
Authentication
Performance measurement
Statistics
Experience personalization
Users can manage cookies through browser settings.
14. Third-Party Links
Our websites and applications may contain links to third-party services. Sinky is not responsible for the privacy practices adopted by third parties. We recommend reading their respective privacy policies.
15. Children
Sinky's services are not intended for individuals under 18 years of age. If we identify improper processing of minors' data without an adequate legal basis, we will take measures for its removal.
16. Policy Changes
This Policy may be updated periodically. When relevant changes occur, we will adopt reasonable measures to communicate with users and clients.
The most current version will always be available on our official channels.
17. Contact and Data Protection Officer
Questions related to privacy and data protection may be sent to:
Sinky will respond to requests within legally applicable timeframes.
18. Applicable Law
This Policy shall be interpreted in accordance with applicable data protection legislation, including LGPD, GDPR and other relevant regulations applicable to services provided by Sinky.