logo new
Book a demo
Log in
Start Free Trial

TimelinesAI LGPD Compliance - Brazil

Last updated: January 29, 2026

TimelinesAI is committed to protecting the personal information of our Brazilian customers in compliance with Brazil’s Lei Geral de Proteção de Dados (LGPD). This page explains how our existing data protection framework, built for GDPR compliance, also satisfies LGPD requirements.
 
TimelinesAI LLC is a U.S.-based SaaS provider. Our data processing practices are governed by our standard Terms of Service and Data Processing Agreement, which apply to all customers globally.
 

1. Our Approach to LGPD Compliance

 
TimelinesAI’s data protection practices are built on GDPR compliance, which shares similar principles with LGPD. We process personal data lawfully, securely, and transparently, following the principles of purpose, necessity, and accountability.
 

2. Roles and Responsibilities

 
Under LGPD:
Customer acts as the Controller(Controlador) — decides how and why
personal data is processed
TimelinesAI acts as the Operator(Operador) — processes data only according
to customer instructions
 

3. Data Processing Agreement

 
Our standard Data Processing Agreement (DPA) is compliant with GDPR Article 28 and covers Brazilian customers. The DPA is part of our Terms of Service and applies automatically when you use TimelinesAI.
 

4. Security Measures

 
We implement industry-standard security measures to protect personal data:
  • Encryption: All connections use SSL/TLS encryption (A+ grade from
    Qualys/SSL Labs). Data is encrypted in transit and at rest.
  • Access Controls:Role-based permissions limit data access to authorized team
    members only.
  • Regular Backups: Automated daily backups ensure data availability and
    recovery.
  • Security Testing: Mandatory code reviews and periodic security audits.
  • Incident Response: Documented procedures for handling security incidents.
Full details are available at: timelines.ai/security-standards
 

5. Data Infrastructure

 
Our infrastructure is designed for global reliability and security:
 
  • Servers are located in virtual private cloud (VPC) environments with restricted
    security groups
  • Separate testing/development and production environments

Regular monitoring and security updates

6. Data Subject Rights

As a data operator, TimelinesAI supports customers (controllers) in fulfilling data subject rights under LGPD, including:

  • Access — confirmation and access to personal data
  • Rectification — correction of incomplete or inaccurate data
  • Erasure — deletion of data when appropriate
  • Portability — data export in structured format
  • Objection — ability to object to processing

7. Third-Party Service Providers

TimelinesAI uses carefully selected third-party service providers (sub-processors) for
infrastructure, payment processing, and communication services. All sub-processors
are required to maintain appropriate security and data protection standards. We remain responsible for our sub processors’ compliance with data protection obligations.

8. Data Retention

We retain personal data only as long as necessary to provide our services or as required by law. When a customer account is closed, data is made available for export for 30 days, after which it may be deleted according to our data retention policy.

9. Privacy Policy

Our complete privacy practices, including how we collect, use, and protect personal information, are detailed in our

Privacy Policy at: timelines.ai/privacy

Contact Us

For questions about our data protection practices or to exercise data subject rights, please contact:

TimelinesAI Privacy Team
Email: privacy@timelines.ai
Website: timelines.ai

NewTimelinesAI Partner API

Launch a White-Label WhatsApp Solution Under Your Brand

Schedule a Call
X