Privacy Policy and Data Processing
Last updated: October 31, 2025
1. Introduction and Commitment
Welcome to Sommie ("Sommie", "we", "our"). Your privacy is our priority. This Privacy Policy ("Policy") demonstrates our commitment to protecting your personal data and explains, transparently, how we collect, use, store, share, and protect information from users ("You") of our products and solutions, including but not limited to: Sommie, Barist.Ai, Feira Fácil, and Farm Direct (collectively, "Services").
This document has been prepared in accordance with the Brazilian General Data Protection Law (LGPD - Law No. 13.709/2018) and other applicable legislation. By using our Services, you acknowledge that you have read, understood, and agree to the terms of this Policy.
2. Key Definitions (LGPD)
Personal Data
Any information related to an identified or identifiable natural person.
Sensitive Personal Data
Data about racial or ethnic origin, religious belief, political opinion, union membership or membership in a religious, philosophical or political organization, data concerning health or sex life, genetic or biometric data.
Data Subject
You, the natural person to whom the personal data refers.
Controller
Sommie, who is responsible for decisions regarding the processing of personal data.
Processing
Any operation carried out with personal data, such as collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, filing, storage, elimination, evaluation or control of information, modification, communication, transfer, dissemination or extraction.
Data Protection Officer (DPO)
Person appointed by Sommie to act as the communication channel between the controller, data subjects and the National Data Protection Authority (ANPD).
3. What Data We Collect and For What Purpose
We collect only the data strictly necessary to provide, maintain, and improve our Services. Below, we detail the types of data and their purposes, considering the specifics of each application:
Types of Data Collected and Their Purposes
| Data Type | Examples | Primary Purpose |
|---|---|---|
| Registration Data | Full name, email, phone number, encrypted password, profile photo (optional). | Create and manage your account, authenticate access, send transactional communications (e.g., sign-up confirmation, password recovery), and ensure account security. |
| Usage and Device Data | IP address, browser/OS type and version, device identifier, access logs, pages and features accessed, time on page, performance and crash reports. | Monitor Service performance, identify and fix bugs, run statistical analyses to improve user experience, prevent fraud, and ensure platform security. |
| Transaction and Payment Data | Order history (Barist.Ai, Feira Fácil, Farm Direct), items purchased, amounts, transaction date/time. (We do not store full credit card data; processing is handled by secure partners). | Process orders and payments, manage deliveries, issue invoices, process refunds, and maintain a history for your control and our support. |
| Location Data | Delivery address (Feira Fácil, Farm Direct), GPS location (with your permission) for specific features (e.g., finding nearby producers). | Enable product delivery, personalize the experience (e.g., show local offers), and optimize logistics. |
| Preferences and User-Generated Content | Product preferences (e.g., coffee type in Barist.Ai, wine type in Sommie), shopping lists (Feira Fácil), product or seller reviews, messages exchanged with support or other users on the platform. | Personalize recommendations and your experience in the Services, moderate content, and provide customer support. |
4. Legal Bases for Data Processing
Every data processing activity carried out by Sommie is based on one of the legal bases provided for in the LGPD:
Contract Performance (Art. 7, V)
We use this basis to process data essential to the provision of our Services, such as registration and transaction data.
Consent (Art. 7, I)
For sending marketing communications, the use of non-essential cookies and, especially, for processing sensitive personal data, we will request your free, informed, and unambiguous consent.
Legitimate Interest (Art. 7, IX)
We process usage and device data to analyze and improve our Services, prevent fraud, and personalize your experience, while always balancing your rights and freedoms.
Compliance with Legal or Regulatory Obligation (Art. 7, II)
We may process data to comply with legal obligations, such as issuing invoices or responding to court orders.
5. Sharing Data with Third Parties
Sommie does not sell your personal data. Sharing occurs only when necessary for the operation of our Services, with partners that also meet high compliance standards, such as:
Cloud Infrastructure Providers
To host our systems and store data securely (e.g., Amazon Web Services, Google Cloud).
Payment Processors
To process your transactions securely (e.g., Stripe, Pagar.me).
Analytics and Performance Tools
To help us understand the use of the Services and improve the experience (e.g., Google Analytics).
Logistics Partners
To enable delivery of products purchased in Feira Fácil or Farm Direct.
Public Authorities
In case of legal obligation or court order.
We contractually require all our partners to follow data protection standards and use information only for the agreed purposes.
6. International Data Transfers
Some of our partners (such as cloud providers) may be located abroad. In such cases, Sommie ensures that international data transfers are carried out to countries that provide an adequate level of data protection or through specific contractual clauses that ensure compliance with the LGPD.
7. Your Rights as a Data Subject
The LGPD guarantees you a set of rights regarding your personal data. At any time, you may request:
Confirmation of Processing
You can ask Sommie to confirm whether we process your personal data.
Access to Your Data
Request access to your personal data that we hold and understand how it is being used.
Data Rectification
Request the correction of incomplete, inaccurate or outdated data to keep your information accurate.
Anonymization, Blocking or Deletion
Request anonymization, blocking or deletion of unnecessary, excessive or unlawfully processed data.
Data Portability
You can request the portability of your personal data to another service or product provider, as regulated by the ANPD.
Deletion of Personal Data
Request deletion of personal data processed with your consent, except when legal retention is required.
Information about Sharing
Request information about public or private entities with whom Sommie has shared data.
Refusal or Revocation of Consent
You have the right to be informed about the possibility of not providing consent, as well as to revoke it at any time and understand the consequences of this decision.
To exercise any of these rights, contact our Data Protection Officer (DPO) via the email indicated in Section 11.
8. Data Security and Storage
Your data is stored in a secure and controlled environment. We adopt best practices and technical and administrative security measures to protect your data against unauthorized access, loss, alteration, or destruction.
Encryption
All sensitive data is protected by modern encryption protocols, ensuring confidentiality and integrity of information during transit and storage.
Access Control
Access to information is restricted to properly authorized employees and partners, following the principle of least privilege.
Firewalls and Monitoring
Our systems are protected by firewalls and continuously monitored to detect and prevent suspicious activity or unauthorized access attempts.
Data Retention
We will retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by legal or contractual obligations or requests from competent authorities.
9. Use of Cookies
We use cookies and similar technologies to enhance your browsing experience, remember preferences, and analyze the performance of our Services.
Essential Cookies
Necessary for the basic functioning of the site, authentication and session security.
Preference Cookies
Allow the site to remember information about your choices, such as language or region, to provide a personalized experience.
Performance Cookies
Collect information about how visitors use the site, helping to improve features and performance.
Marketing Cookies
Used to display relevant ads and measure the effectiveness of advertising campaigns. You can manage or disable cookies in your browser settings, noting that this may affect some features.
10. Changes to this Privacy Policy
This Policy may be updated at any time to reflect improvements to our Services or changes in legislation. When we make relevant changes, you will be notified by email or through a prominent notice in our applications.
Last Update Date
The current version of this Policy was updated on October 31, 2025. We recommend that you check this page periodically to stay informed about how we protect your data.
11. Contact Us - Data Protection Officer (DPO)
Data Protection Officer (DPO): Camilo
Contact email: dpo@itrois.tech
Thank you for trusting Sommie. We are available to clarify any questions.