Privacy Policy.

This Policy applies to all personal data processed by our architecture studio — including clients who engage us for residential, commercial, interior or institutional projects, prospective clients who submit project briefs, website visitors and anyone whose data we encounter in the course of delivering architectural services. Architecture projects involve us working closely with property data, client programmes and confidential spatial and financial information — we treat all of this with the discretion the profession demands.

• Client identification and contact data: Full name, CPF or CNPJ, phone, email and address — collected when clients engage our services or sign architectural service contracts (Contrato de Prestação de Serviços de Arquitetura).
• Project brief and programme data: Property address, area, intended use, spatial programme, budget range, design preferences and all information provided by the client to define the scope of the architectural project. This is treated as confidential project information.
• Property data: Site surveys, existing plans, land registry information, zoning data and all technical property information required to develop the architectural project — collected from the client or from public registries.
• Permit and regulatory data: Information required for submissions to the Prefeitura de Barueri, GRAPROHAB, AGEVISA or other regulatory bodies — including client identification, property data and technical project information required by those authorities.
• NFS-e billing data: Name and CPF or CNPJ for NFS-e issuance at project milestones, in compliance with SEFAZ-SP and ISS/Prefeitura de Barueri requirements.
• Photography and visual data: Where site visits, progress photography or reference images are used in project documentation — only of the client's own property and only for project delivery purposes.
• Contact and enquiry data: Name, phone and message when submitting enquiries via our website form or WhatsApp.
• Technical website data: IP address, browser type, pages visited and access times.

• CAU — Conselho de Arquitetura e Urbanismo: Project registration via RRT (Registro de Responsabilidade Técnica) — required by Lei 12.378/2010 for all signed architectural projects. Client and property data submitted as part of the RRT registration.
• Prefeitura de Barueri: Client, property and technical project data required for planning permit submissions (alvará de construção, habite-se) and municipal approval processes in Barueri.
• SEFAZ-SP / Receita Federal: Tax data for NFS-e issuance and fiscal compliance.
• ISS — Prefeitura de Barueri: For ISS obligations on architecture service activities.
• Complementary engineers (structural, electrical, hydraulic, fire safety): Shared on client instruction to enable coordinated project delivery — only the minimum data required for technical coordination is shared.
• PROCON-SP: When required in a consumer dispute under the CDC.
• Legal authorities: When required by a competent judicial or administrative order.

Our architecture practice is based in Barueri, SP. All client project data, drawings and property information are stored in Brazil. Where design software platforms, cloud storage or communication tools operate on international servers, we use only platforms compliant with Art. 33 of the LGPD or recognised adequacy mechanisms. Project drawings and technical documents are transmitted to regulatory bodies and complementary engineers via secure Brazilian channels.

• Architectural project files and drawings (CAU/RRT): Retained for a minimum of 5 years from project completion, in accordance with the CAU technical responsibility framework and applicable statutes of limitation for construction defect liability (Código Civil, Art. 618 — 5 years for construction defects; 10 years for major structural defects). Project files may be retained longer where the nature of the project warrants it.
• NFS-e and fiscal records: Minimum 5 years under federal and state tax legislation (CTN, Art. 174; SEFAZ-SP).
• Client service contracts: Duration of the project plus 10 years for major structural projects, or 5 years for smaller refurbishment and interior projects — consistent with applicable warranty and liability periods.
• Permit submission records: Retained for the full duration required for regulatory compliance — typically the life of the building for permit records.
• Contact and enquiry data (no project commenced): Up to 1 year from last contact.
• Website analytics: Aggregated and anonymised after 12 months.

• Project files, drawings and client data stored in access-controlled systems — accessible only to team members working on that project;
• Digital project files transmitted to regulatory bodies and engineers via secure channels;
• Physical drawings and documents stored securely at our office in Jardim Belval, Barueri;
• Website and digital communications encrypted in transit (HTTPS/TLS);
• PCI-DSS certified payment platforms — card data never retained;
• As a Ltda, formal internal data handling and project confidentiality protocols maintained;
• Incident response procedures and breach notification per LGPD Art. 48.

• Confirmation and Access (Art. 18, I–II): Confirm whether we hold your data and receive a copy — including copies of your own project brief and drawings, which are the property of the client.
• Correction (Art. 18, III): Request correction of inaccurate identification or contact data.
• Anonymisation / Blocking / Deletion (Art. 18, IV): Request deletion — subject to the mandatory CAU project file retention requirements and fiscal retention obligations for NFS-e.
• Portability (Art. 18, V): Receive your data in a structured format — including your project files in a standard format.
• Deletion of consent-based data (Art. 18, VI): Withdraw consent for consent-based processing.
• Information on sharing (Art. 18, VII): Find out which entities your data and project information has been shared with.
• Withdrawal of Consent (Art. 8º, §5º): Withdraw consent at any time for consent-based processing.
• Complaint to the ANPD (Art. 18, §1º): Lodge a complaint at www.gov.br/anpd.

We respond within 15 business days.

Our website may use cookies for essential functionality and aggregated performance analysis. We do not use behavioural tracking or advertising cookies. Preferences can be managed through browser settings.

Architecture service contracts are entered into by adults with legal capacity to contract. We do not intentionally collect personal data from children under 13 directly. Where a residential project involves a family including children, any data we collect relates to the adult contracting client — we do not collect data about children as part of our architectural services.

We do not collect sensitive personal data as defined in LGPD Art. 5º, II in the course of our architecture practice. However, project briefs, property information, spatial programmes and budget data are commercially and personally sensitive — and we treat them as such.

This Policy may be updated to reflect changes in our activities, the LGPD, ANPD guidance, CAU resolutions or applicable tax legislation. Material changes will be communicated via our website or directly to active clients by email or WhatsApp.

All privacy requests, questions and complaints should be directed to our Data Protection Officer (Encarregado — LGPD Art. 41):