psicoDesk Privacy Policy

Last updated:01/12/2025

Welcome to psicoDesk. Your privacy is very important to us. This Privacy Policy explains how we collect, use, store, protect, and share your data when you use the app’s features: Schedule, Reports, and Finances.

1. Information We Collect

We may collect the following types of information: Personal identification data: name, email, contact information, user identifiers, and login credentials. Financial data: session prices, completed and pending payments, and financial records linked to professional practice. Schedule data: appointment times, commitments, session packages, basic patient information (name, dates, contact, depending on what you enter). Report data: content you create in reports, edits, history, preferences (report types, formats). Technical and usage data: device type, operating system, device identifier, usage data (for example, how often you access certain features), error logs. Location and synchronization data (if applicable): if synchronization with external calendars or devices is enabled, location or time zone metadata may be collected.

2. Purpose of Data Use

We use your data to: Manage your calendar — allow creating, editing, and canceling appointments; synchronize between devices; enable notifications (if implemented). Create, store, edit, and display reports — maintain security, history, and version control. Manage finances — record payments, values, and statuses; generate summaries and provide accurate financial insights. Authenticate and authorize access — ensure that only you (or authorized persons) can access your data. Improve the app — understand how it is used, fix errors, optimize performance and features. Comply with legal or regulatory obligations, when required.

3. Data Storage and Protection

Sensitive data (reports, patient personal data) will be handled confidentially. Your data and sensitive data will be stored on secure servers with proper technical and organizational protection (encryption, backups, access control). Access to your data is protected by authentication (login/password or other chosen methods). We employ security measures to prevent unauthorized access, leaks, or data loss.

4. Data Sharing

We do not sell your data. We share information only: when necessary to provide scheduling, reporting, or financial services; if required by law or court order; in cases of security or fraud investigation; with trusted third parties who work with us (hosting providers, payment processors, etc.) under confidentiality agreements.

5. Your Rights

Depending on your location and applicable laws, you may have the following rights: access the personal data we collect; correct or update inaccurate data; delete your data (when no longer necessary or legally permitted); limit or object to certain types of processing; request data portability (receive your data in a portable format); withdraw consent if processing is based on consent; opt out of notifications or marketing communications (if applicable).

6. Data Retention

We will retain your data while your account is active or as necessary to provide services. If the account becomes inactive, we will retain your data for 1 year. After this period of inactivity, the data will be deleted. We may also retain data for additional periods as required to meet legal obligations or resolve disputes. If you delete your account, we will remove or anonymize your sensitive information, unless legal or contractual obligations require otherwise.

7. Patient Privacy

If you enter patient data in reports or calendar: You are responsible for ensuring that you have consent or authorization to store and process such data. We recommend collecting only the data necessary for your professional purposes. Be careful when sharing or exporting reports to ensure personal information remains protected.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users through the app or by email when significant changes occur. The 'Last updated' date will be revised accordingly.

9. LGPD and GDPR Compliance

psicoDesk complies with Brazil's General Data Protection Law (LGPD - Law 13.709/2018) and the European Union's General Data Protection Regulation (GDPR - EU 2016/679). Legal basis for processing: Explicit user consent for collection and processing of personal data. Contract execution for service provision (schedule, reports, finances). Legitimate interest for service improvement and fraud prevention. Compliance with legal obligations when applicable.

10. Cookie Policy

psicoDesk uses cookies only for analytics and user experience improvement. Analytical cookies: We use Google Analytics to understand how visitors use our website. This data is anonymized and used exclusively to improve our services. You can accept or reject analytical cookies through the consent banner. Rejecting analytical cookies does not affect application functionality. Essential cookies: Necessary for basic website functioning (authentication, session). Do not require consent as they are strictly necessary. Your cookie data is not sold or shared with third parties for marketing purposes. You can manage your cookie preferences at any time through your browser settings.

11. International Data Transfers

Your data may be stored and processed on servers located outside Brazil or the European Union, through the following providers: Firebase/Google Cloud (United States) - Has adequacy certification and standard contractual clauses approved by the European Commission. Stripe (United States) - Certified under Privacy Shield and has GDPR-compatible DPA. We ensure all providers maintain adequate data protection levels as required by LGPD and GDPR.

12. Data Protection Officer (DPO)

For data protection matters, you can contact our Data Protection Officer: Email: psicodesk.info@gmail.com. The DPO is responsible for ensuring LGPD/GDPR compliance and handling data subject requests.

13. Data Breach Notification

In case of a data breach that may pose a risk to your rights and freedoms, we will notify: Competent authorities (ANPD in Brazil, supervisory authorities in EU) within 72 hours after becoming aware of the breach. Affected users without undue delay, providing information about the nature of the breach and measures taken. We maintain documented internal procedures for identifying, investigating, and responding to security incidents.

14. Data Retention Period

Active account data: Retained while account is active. Inactive account data: Retained for 1 year after last activity, then automatically deleted. Financial data: Retained for 5 years to comply with tax and contractual obligations. Backup data: Kept for up to 30 days in automatic backups, then permanently deleted. You can request immediate deletion of your data at any time through the account deletion feature or by contacting our DPO.

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users through the app or by email when significant changes occur. The 'Last updated' date will be revised accordingly.

16. Contact

If you have questions, concerns, or requests regarding your data privacy, please contact us:

E-mail: psicodesk.info@gmail.com