Privacy Policy.

This Policy applies to all personal data processed by our fashion and accessories retail store — including customers who make in-store or online enquiries, persons who contact us via WhatsApp or online form and website visitors. Most in-store transactions are anonymous; data collection is more substantive only when customers request NF-e/NFC-e issuance, make online enquiries or contact us directly.

Our fashion and accessories retail store involves minimal personal data collection in most interactions:

• NF-e / NFC-e data (upon request): Name and CPF or CNPJ — collected only when a customer requests a nota fiscal for their purchase. This is the primary data collection scenario in our store.
• Exchange and warranty data: Name, contact details, purchase description and NF-e reference — collected when a customer requests an exchange or asserts a CDC warranty right for a garment or accessory.
• Contact and enquiry data: Name, phone number and message — when customers contact us via WhatsApp or our online form regarding stock availability, sizing, special orders or general enquiries.
• Electronic payment data (incidental): Electronic payments processed via PCI-DSS certified card terminals. Card data never retained by the store.
• Technical website data: IP address, browser type, pages visited and access times.

In-store customers who pay in cash or card without requesting a NF-e/NFC-e and without contacting us directly are served with no personal data collection whatsoever.

We do not sell or commercially exploit customer data. Sharing occurs only in the following situations:

• SEFAZ-RS / Receita Federal: Tax data for NF-e / NFC-e issuance and applicable federal and state tax compliance — only when a customer requests a nota fiscal.
• PROCON-RS: When required in a consumer dispute mediation under the CDC — for example, an exchange refusal or warranty dispute.
• Legal authorities: When required by a competent judicial or administrative order.

Our retail operations are in Guaíba, RS. Primary storage of any customer data is in Brazil. Any technology platforms used for communication or website purposes that operate on international servers do so only under the guarantees of Art. 33 of the LGPD or recognised adequacy mechanisms.

• NF-e / NFC-e and fiscal records: Minimum 5 years under federal and state tax legislation (CTN, Art. 174; SEFAZ-RS).
• CDC warranty period — clothing and accessories: Articles of clothing and accessories are non-durable goods under CDC Art. 26, II — the statutory 90-day warranty period applies. Exchange and warranty records are retained for up to 2 years from the purchase date for dispute documentation.
• Contact and enquiry data: Up to 1 year from last interaction if no purchase was made.
• Website analytics: Aggregated and anonymised after 12 months.

• Customer NF-e and CPF data accessible only to store management — not shared externally beyond fiscal compliance;
• WhatsApp enquiry communications handled with discretion;
• PCI-DSS certified card terminals for all electronic payments — card data never retained;
• Encryption in transit (HTTPS) for website and digital communications;
• As a Ltda, formal internal data handling protocols are maintained;
• Incident response procedures and breach notification in accordance with LGPD Art. 48.

• Confirmation and Access (Art. 18, I–II): Confirm whether we hold your data and receive a copy — for example, NF-e records associated with your CPF.
• Correction (Art. 18, III): Request correction of inaccurate data.
• Anonymisation / Blocking / Deletion (Art. 18, IV): Request restriction or deletion — subject to fiscal NF-e retention obligations.
• Portability (Art. 18, V): Receive your data in a structured format.
• Deletion of consent-based data (Art. 18, VI): Request deletion of data processed by consent.
• Information on sharing (Art. 18, VII): Find out which entities your data has been shared with.
• Withdrawal of Consent (Art. 8º, §5º): Withdraw consent at any time.
• Complaint to the ANPD (Art. 18, §1º): Lodge a complaint at www.gov.br/anpd.

We respond within 15 business days. Personal data we hold is limited — primarily NF-e records for customers who requested a nota fiscal and exchange/warranty records.

Our website may use cookies for essential functionality and aggregated performance analysis. We do not use behavioural tracking cookies for advertising without prior consent. Preferences can be managed through browser settings.

Our boutique welcomes customers of all ages. We stock some items suitable for teenagers and young adults. We do not collect personal data from children under 13 — in-store purchases by minors are anonymous transactions attributed to the adult paying. For any NF-e request, the data subject is the adult providing the CPF, not the minor. We never use customer data for marketing to children.

In the ordinary course of fashion and accessories retail, we do not collect or process sensitive personal data as defined in LGPD Art. 5º, II (race, health, biometrics, religion, political affiliation, etc.). CPF data collected for NF-e purposes is a tax identification number, not sensitive personal data, and is used exclusively for fiscal compliance. We do not combine CPF or purchase data to build customer profiles or purchase histories.

This Policy may be updated to reflect changes in our activities, the LGPD, ANPD guidance or applicable tax legislation. Material changes will be communicated via our website or directly to active enquiry contacts by WhatsApp.

All privacy requests, questions and complaints should be directed to our Data Protection Officer (Encarregado — LGPD Art. 41):