Privacy Policy.

This Policy applies to all personal data processed in connection with our business intermediation activities — including principals and counterparties in intermediation engagements, website visitors who submit enquiries, and any individuals whose data we process. In business intermediation, personal data is often intertwined with commercially sensitive business information: the identity of the parties to a potential deal, the nature of the business being brokered, the commercial terms under negotiation. This Policy addresses both dimensions with the confidentiality that the intermediation sector requires.

A. Data of principals and counterparties in intermediation engagements:

• Name, title and contact details (email, phone/WhatsApp) of the business representative or individual entering into an intermediation or agency arrangement with us.
• Company name, CNPJ or relevant tax identification number — for the NFS-e (service invoice) and for formal agency or intermediation agreements.
• Commercial information shared for the purpose of the engagement — the nature of the business, the services or businesses being intermediated, deal terms and conditions, market and competitive information shared in confidence during the engagement process.

B. Data for NFS-e (service invoice):

• CPF or CNPJ of the service recipient — required for the NFS-e with ISS São Paulo. For corporate clients, CNPJ and registered company name.

C. Website enquiry data:

• Name, company, email and brief description of the engagement when submitting an enquiry through the website.
• Technical data — IP address, browser type and pages visited.

• Prefeitura de São Paulo (ISS) / SEFAZ-SP / Receita Federal: NFS-e for every engagement — electronic transmission with the recipient's CNPJ or CPF as required by law.
• SPED EFD — electronic tax bookkeeping: Consolidated fiscal records as required by the Receita Federal.
• Counterparty disclosure (integral to the engagement): In business intermediation, facilitating the connection between parties necessarily involves disclosing relevant information about each party to the other — but only to the extent required for the specific engagement and with the knowledge of the parties involved in the intermediation mandate.
• PROCON-SP / Senacon: When required in consumer disputes.
• Legal authorities: When required by court order or administrative authority.

USDI Internacional operates from Itaim Bibi, São Paulo, and serves clients with domestic and international engagements. For engagements with an international dimension, personal and commercial data may be shared with counterparties or facilitating parties in other jurisdictions — but only to the extent required to carry out the specific engagement and in accordance with Art. 33 of the LGPD. Tax records (NFS-e, SPED) are processed exclusively in systems certified by the Receita Federal and SEFAZ-SP, in Brazil.

• Engagement documentation (intermediation agreements, correspondence, term sheets): Retained for 5 years after the close or termination of the engagement — to support any disputes over the intermediation fee or the terms of the mandate.
• Commercial information shared in confidence (deal-specific): Retained only for the duration of the engagement. At engagement close, commercially sensitive information that is not part of the formal documentation is deleted — unless required for fee recovery or dispute resolution purposes, and retained only for that period.
• NFS-e and fiscal records (ISS São Paulo / SEFAZ-SP): Minimum 5 years as required by Brazilian tax law.
• Website enquiries without engagement: Up to 1 year from the date of enquiry.
• Website analytics: Aggregated and anonymised after 12 months.

• Commercial information of clients stored in systems with access restricted to the engagement team only;
• Digital A1/A3 certificate for NFS-e issuance, certified by the Receita Federal;
• Communications via email and WhatsApp handled with professional confidentiality — commercial information never shared outside the engagement team;
• Website encrypted (HTTPS);
• Incident response procedures in accordance with LGPD Art. 48.

• Confirmation and Access (Art. 18, I–II): Confirm whether we process your data and receive a copy of your personal data held by us.
• Deletion (Art. 18, IV): Request deletion of personal data — subject to retention obligations for NFS-e/SPED (5 years) and engagement documentation (5 years).
• Portability (Art. 18, V): Receive your personal data in a structured format.
• Complaint to the ANPD (Art. 18, §1º): Lodge a complaint at www.gov.br/anpd.

We respond within 15 business days.

Our website may use cookies for essential functionality and aggregated performance analysis. We do not use behavioural tracking or advertising cookies. Preferences can be managed through your browser settings.

Our services are directed exclusively at businesses and adult individuals acting in a professional capacity. We do not engage with or collect data from persons under the age of 18. If we become aware that we have inadvertently collected data from a minor, we will delete it promptly.

This Policy may be updated to reflect changes in our activities, in the LGPD, in ANPD guidance, or in the tax legislation of São Paulo. Material changes will be communicated by email to active clients.

All privacy requests should be directed to our Data Protection Officer (LGPD Art. 41):