Skip to content
Biatrix Studio

Privacy Policy

Last updated: 2026-05-31

Biatrix Studio ("we", "our", or "Biatrix") values your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our AI-powered corporate roleplay platform.

This policy complies with Brazil's General Data Protection Law (LGPD — Law 13,709/2018) and, where applicable, the European Union's General Data Protection Regulation (GDPR).

1. Data controller

The controller of your personal data is Biatrix Studio, headquartered in São Paulo, SP, Brazil.

2. Data we collect

2.1 Account data

When you create an account, we collect: full name, email, password (encrypted) and, optionally, role and organization.

2.2 Usage data

We automatically collect: IP address, browser, operating system, pages visited, access date/time, and server logs.

2.3 Simulation data

When you run roleplay simulations, we collect: text and/or audio transcripts, AI-generated performance evaluations, performance metrics and session time.

2.4 Cookies

We use cookies to operate the site and improve your experience. See our Cookie Policy for details.

3. Purposes and legal bases

We process your data based on the following legal grounds (LGPD Art. 7 / GDPR Art. 6):

  • Contract performance: to deliver the roleplay service, manage your account and process payments.
  • Consent: marketing communications, analytics/marketing cookies, audio/voice processing during simulations.
  • Legitimate interest: improving services, security, fraud prevention, aggregated performance reports.
  • Legal obligation: complying with regulatory requirements and responding to competent authorities.

4. Data sharing

Your data may be shared with the following processors, strictly for the purposes described:

  • AI providers: Google (Gemini) and OpenAI — natural language processing.
  • Storage: Amazon Web Services (AWS S3) — files and recordings.
  • Email: SendGrid (Twilio) — transactional emails and invites.
  • Infrastructure: hosting and database provider.

We do not sell, rent, or share your personal data with third parties for commercial purposes unrelated to the service.

5. International data transfers

Some processors are located in the US. These transfers rely on Standard Contractual Clauses (SCCs) approved by the European Commission and Brazil's ANPD.

6. Data retention

  • Account data: while the account is active and up to 6 months after closure.
  • Simulation data: up to 24 months or until deletion is requested.
  • Access logs: 6 months (Brazilian Internet Civil Framework — Law 12,965/2014).
  • Billing data: 5 years (Brazilian tax law).

7. Your rights

Under LGPD and GDPR, you have the right to:

  • Access the data we hold about you
  • Correction of incomplete or inaccurate data
  • Deletion of your personal data
  • Portability in a structured format
  • Withdraw consent at any time
  • Object to processing based on legitimate interest
  • Information on whom your data was shared with

To exercise any of these rights, email contato@biatrix.studio. We respond within 15 business days.

8. Security

We adopt technical and organizational measures to protect your data:

  • bcrypt password hashing
  • HTTPS/TLS for communications
  • Role-based access control (RBAC)
  • Access monitoring and auditing
  • Regular backups and infrastructure redundancy

9. Minors

Biatrix Studio is not intended for users under 18. We do not knowingly collect data from minors. If we become aware of such data, please contact us so we can delete it.

10. Changes to this policy

We may update this policy periodically. We will notify you of significant changes by email or in-platform notice. The date of the last update will always appear at the top.

11. Contact and complaints

You also have the right to file a complaint with Brazil's National Data Protection Authority (ANPD) at www.gov.br/anpd.