Legal
Privacy Policy.
1. Who we are
This Privacy Policy describes how Sereia.io collects, uses, stores, shares and protects personal data from data subjects who interact with the sereia.io website and with our services.
- Data Controller: 333 TURISMO LTDA, a Brazilian limited liability company, registered under CNPJ No. 58.464.065/0001-78, headquartered at Rua José Alves Morgado, 69, Apt 109, Cond Green Tower, Jatiúca, Maceió/AL, Brazil, ZIP 57.036-620.
- Operating brand: Sereia.io.
- Data Protection Officer (DPO): Carlos Endrigo · endrigo@sereia.io.
2. Data we collect
2.1 "Schedule" lead form
When you fill out the form on our homepage, we collect:
- Full name
- Company / hotel group
- Corporate email
- WhatsApp or Telegram (optional)
- Topics of interest (Revenue Management, Digital Marketing, Digital Sales)
- Free-text message (optional)
2.2 Cookies and browsing data
- Essential cookies: required for the site to function (Cloudflare security, language preference).
- Analytics cookies (optional): none active at this moment. When activated, we will request renewed consent.
- Technical data collected automatically: IP address, device type, browser, operating system, pages visited, date and time, referrer URL — used for security and aggregated anonymized statistics.
3. Purposes of processing
We process your personal data for the following purposes, always grounded in a legal basis under Brazil's General Data Protection Law (Lei nº 13.709/2018 — LGPD):
| Purpose | LGPD legal basis |
|---|---|
| Reply to your contact submitted via the form | Consent (Art. 7, I) + Pre-contractual procedures (Art. 7, V) |
| Schedule meetings and send commercial materials | Pre-contractual procedures (Art. 7, V) |
| Execution of the services agreement (once signed) | Contract execution (Art. 7, V) |
| Security, fraud and abuse prevention | Legitimate interest (Art. 7, IX) |
| Compliance with legal and tax obligations | Legal obligation (Art. 7, II) |
4. Sharing with third parties (sub-processors)
To operate the site and serve you properly, we share your data — under contractual confidentiality and security obligations equivalent to this Policy — with the following technology sub-processors:
| Sub-processor | Purpose | Country |
|---|---|---|
| Vercel Inc. | Website hosting | USA |
| Cloudflare Inc. | DNS, DDoS protection, caching | USA |
| FormSubmit.co | "Schedule" form delivery | USA |
| Google LLC (Google Workspace) | Corporate email endrigo@sereia.io | USA |
| Telegram FZ-LLC | @minhasereia messaging (when applicable) | UAE |
| Meta Platforms / Google LLC (Ads) | Advertising (when active, with consent) | USA |
International data transfers are performed under the hypotheses of Art. 33 of LGPD (Standard Contractual Clauses and adequate safeguards offered by providers).
5. Data retention
| Category | Retention period |
|---|---|
| Leads not converted into a contract | 24 months from last contact |
| Contracted clients (during the relationship) | Entire contract duration |
| Contracted clients (post-termination) | 5 years for mandatory tax/accounting archiving |
| Site access logs | 6 months (Brazilian Internet Framework, Art. 15) |
| Backups | Same as primary category + 30 days |
6. Your rights (Art. 18 LGPD)
As a data subject, you have the right, at any time, to request:
- Confirmation of the existence of data processing
- Access to your personal data
- Correction of incomplete, inaccurate or outdated data
- Anonymization, blocking or deletion of unnecessary or excessively processed data, or data processed in violation of LGPD
- Data portability to another provider
- Deletion of data processed under consent (subject to Art. 16 exceptions)
- Information about entities with which Sereia.io has shared your data
- Information about the possibility of not providing consent and its consequences
- Withdrawal of consent
How to exercise your rights
- Email: endrigo@sereia.io (attn: DPO)
- WhatsApp / Telegram: +55 (33) 98727-5652
- Response time: up to 15 business days
7. Security
We adopt reasonable technical, administrative and organizational measures to protect your personal data against unauthorized access, loss, alteration or destruction, including:
- HTTPS connection (TLS) throughout the site
- Multi-factor authenticated access to corporate accounts
- Contractual confidentiality and security obligations imposed on sub-processors
- Continuous security monitoring
In the event of a security incident involving your personal data, we will notify you and the Brazilian Data Protection Authority (ANPD) within the timeframes set forth in Art. 48 of LGPD.
8. Cookies — details
Essential cookies
Required for the site to function. They cannot be disabled:
- __cf_* · Cloudflare · security and fraud prevention
- __sereia_consent · stores your choice in the cookie banner (legitimate interest)
Analytics cookies (optional)
Currently no analytics cookies are active. When we activate Google Analytics, Meta Pixel or similar tools, we will update this Policy and request renewed consent on the banner.
9. Children and adolescents
The Sereia.io website is exclusively intended for B2B professionals 18 years of age or older. We do not intentionally collect data from children or adolescents. If you believe we have collected such data, please contact us immediately at endrigo@sereia.io for deletion.
10. Changes to this Policy
This Policy may be reviewed periodically to reflect legal, regulatory or operational changes. The last update date appears at the top of this page. Material changes will be communicated by email to registered data subjects.
11. Jurisdiction and applicable law
This Policy is governed by Brazilian law, in particular Law 13.709/2018 (LGPD), the Brazilian Internet Framework (Law 12.965/2014) and the Consumer Defense Code (Law 8.078/1990).
The jurisdiction of Maceió/AL, Brazil is hereby elected to settle any disputes arising from this Policy, with express waiver of any other, however privileged it may be.
12. Contact
- Data Protection Officer (DPO): Carlos Endrigo
- Email: endrigo@sereia.io
- WhatsApp / Telegram: +55 (33) 98727-5652
- Postal address: Rua José Alves Morgado, 69, Apt 109, Cond Green Tower, Jatiúca, Maceió/AL, Brazil, ZIP 57.036-620
- Brazilian Data Protection Authority (ANPD): www.gov.br/anpd
Privacy Policy v1.0 · May 14, 2026 · 333 TURISMO LTDA · CNPJ 58.464.065/0001-78