RakeroRakero
Commissions Split PIXAffiliate management and automatic PIX split.Suppliers Open FinanceFrom invoice to payment in 5 minutes.Anomalies Antifraude IAAI agents against fraud in real time.AboutThe team behind the infrastructure.
PlatformBlogAbout
Português English
Start free
Rakero
Products
Commissions Split PIXAffiliate management and automatic PIX split.Suppliers Open FinanceFrom invoice to payment in 5 minutes.Anomalies Antifraude IAAI agents against fraud in real time.
Rakero
PlatformBlogAbout
Language
Português English
Start free WhatsApp

Privacy policy

Effective as of July 2, 2026

See also: Terms of use

This policy explains how Rakero collects, uses, shares and protects personal data in connection with its products and the website rakero.com.br, in compliance with the Brazilian General Data Protection Law (Law No. 13,709/2018, "LGPD"). Please read it carefully. By using our products or browsing the website, you acknowledge that you have read and understood this policy.

This policy was originally written in Portuguese and translated into English for convenience. In case of any discrepancy between the two versions, the Portuguese version prevails.

1. Who we are (controller)

1.1. The controller of the personal data processed under this policy is Rakero Group LTDA, enrolled with the Brazilian corporate taxpayer registry (CNPJ) under No. 65.038.076/0001-51, headquartered in Alphaville, Barueri, SP, Brazil ("Rakero", "we").

1.2. Contact channel for privacy and data protection matters: [email protected].

1.3. Rakero offers B2B products, that is, products aimed at companies:

  • a) Rakero Commissions: management and payment of affiliate commissions;
  • b) Rakero Suppliers: management of the flow from invoice to supplier payment;
  • c) Rakero Anomalies: anomaly detection and anti-fraud powered by artificial intelligence.

1.4. Rakero Suppliers can be purchased on a self-service basis through the website, with a 14-day free trial that requires no credit card. The other products are contracted through our sales team.

2. Rakero's roles: controller and processor

2.1. Rakero acts as a controller when it decides on the processing, for example: customer and user registration data, billing data, access logs, cookies and website analytics.

2.2. Rakero acts as a processor (operator, under the LGPD) when it processes personal data on behalf of and under the instructions of the customer. This is the case for supplier data and invoice data that the customer enters into or uploads to the platform. In these cases, the customer is the controller and is responsible for the lawfulness of the collection of such data; Rakero processes it exclusively to provide the contracted service.

2.3. If you are a supplier of a Rakero customer and have questions about the processing of your data, we recommend contacting the company you do business with (the customer) first. You may also write to [email protected] and we will forward your request to the controller where applicable.

3. Personal data we process

3.1. Registration and account data: name, email, CNPJ or CPF (Brazilian tax numbers) and phone number, provided at sign-up, during the free trial or upon contracting.

3.2. Supplier and invoice data entered by the customer: information contained in supplier records and in tax documents uploaded to the platform, which may include personal data (for example, name, CPF or CNPJ and contact details of individual suppliers). Here Rakero acts as a processor, under clause 2.2.

3.3. Bank data for payment initiation: data required to initiate payments to suppliers via Open Finance, a standard regulated by the Central Bank of Brazil. Authorization of each payment always takes place within the customer's own bank environment. Rakero does not store banking passwords.

3.4. Access logs: application access records, such as date, time and IP address, kept also as a legal obligation (Brazilian Internet Civil Framework).

3.5. Cookies and analytics: browsing data collected through cookies and Google Analytics 4, including navigation events and campaign parameters (UTM). Details in clause 5.

3.6. We do not request and have no interest in collecting sensitive personal data (such as health data, racial origin or religious belief). Do not enter this type of data into the platform.

4. Purposes and legal bases

4.1. We process personal data for the following purposes and under the following legal bases:

PurposeDataLegal basis (LGPD)
Create and manage your account and provide the contracted services, including the 14-day free trialRegistration data, data entered by the customerPerformance of a contract or preliminary procedures (art. 7, V)
Process billing, issue tax documents and comply with accounting, tax and regulatory obligationsRegistration data, billing data, tax documentsCompliance with a legal or regulatory obligation (art. 7, II)
Initiate payments to suppliers via Open FinanceBank data for payment initiationPerformance of a contract (art. 7, V) and compliance with the Central Bank of Brazil regulatory framework
Keep application access recordsAccess logsCompliance with a legal obligation (art. 7, II)
Ensure platform security, prevent fraud and abuse, improve the products and measure website performanceLogs, cookies, analytics dataLegitimate interest (art. 7, IX), always preceded by a balancing test confirming the prevalence of the interests and the data subject's reasonable expectations, with the right to object
Send transactional and product lifecycle emails (for example, confirmations, trial and billing notices)Registration dataPerformance of a contract (art. 7, V)
Send non-essential marketing communications and product newsRegistration dataConsent (art. 7, I), revocable at any time
Exercise rights in judicial, administrative or arbitration proceedingsData relevant to the caseRegular exercise of rights (art. 7, VI)

4.2. Transactional and lifecycle emails are inherent to the service and do not depend on consent. Non-essential communications, such as marketing, always include an unsubscribe option (opt-out) and can be stopped at any time without affecting the service.

5. Cookies and analytics

5.1. We use two categories of cookies:

  • a) Essential cookies: required for the website and the platform to work, such as authentication and session security. They cannot be disabled without compromising the service;
  • b) Analytics cookies: used by Google Analytics 4 to measure audience, navigation events and campaign attribution (UTM parameters), always focused on usage statistics.

5.2. You can disable analytics cookies at any time through your browser settings (blocking or deleting cookies) or through tracking-blocking extensions. Disabling them does not prevent you from using the website.

6. Sharing and sub-processors

6.1. We do not sell personal data. We share data only with service providers acting as sub-processors, to the extent necessary to provide the service, in the following categories:

  • a) cloud infrastructure providers;
  • b) payment institutions regulated by the Central Bank of Brazil;
  • c) transactional email delivery providers;
  • d) AI-powered tax document processing providers.

6.2. All sub-processors are subject to contractual obligations of confidentiality, security and purpose limitation compatible with this policy and with the LGPD.

6.3. We may also share data when required by law, by order of a competent authority or for the regular exercise of rights.

7. International data transfers

7.1. Our cloud infrastructure providers are located in the European Union. This constitutes an international transfer of data to a jurisdiction that provides an adequate level of data protection, pursuant to article 33 of the LGPD.

7.2. In addition, we adopt contractual and technical safeguards with these providers to ensure that the data receives protection compatible with that required by the LGPD.

8. Retention and deletion

8.1. We keep personal data for the duration of the contract and for as long as necessary to fulfill the purposes of this policy.

8.2. After the contract ends, we delete or anonymize the data, except where retention is legally required, in particular:

  • a) tax documents and related records: 5 years, as required by Brazilian tax legislation;
  • b) application access logs: for a minimum period of 6 months, pursuant to article 15 of the Brazilian Internet Civil Framework;
  • c) data needed for the regular exercise of rights: for the applicable statute of limitations.

9. Data subject rights

9.1. Under articles 18 and 20 of the LGPD, you may request, at any time:

  • a) confirmation of the existence of processing and access to your data;
  • b) correction of incomplete, inaccurate or outdated data;
  • c) anonymization, blocking or deletion of unnecessary or excessive data or data processed in breach of the LGPD;
  • d) portability of the data to another service provider;
  • e) deletion of data processed based on consent;
  • f) information about data sharing;
  • g) withdrawal of consent;
  • h) objection to processing based on legitimate interest;
  • i) review of decisions made solely on the basis of automated processing of personal data (article 20 of the LGPD), through the same channel described in clause 9.2.

9.2. How to exercise your rights: send your request to [email protected], stating your registered name and email. We may request additional information to confirm your identity before fulfilling the request.

9.3. We will respond within 15 days from receipt of the request. When an immediate response is not possible, we will explain the reasons and, where applicable, the timeline for fulfillment.

9.4. When Rakero acts as a processor (clause 2.2), we will forward the request to the customer acting as controller and support them in responding.

10. Information security

10.1. We adopt technical and administrative measures proportionate to risk to protect personal data, including TLS-protected connections between the user and the platform, role-based access control and logging of relevant operations on the platform.

10.2. No system is fully immune to incidents. In the event of a security incident that may result in relevant risk or harm to data subjects, we will notify the Brazilian National Data Protection Authority (ANPD) and the affected data subjects, as provided by the LGPD.

11. Data protection officer

11.1. The channel of the person in charge of personal data processing (data protection officer, article 41 of the LGPD) is [email protected]. Through this channel you can address any matter related to this policy, your rights as a data subject or the LGPD.

12. Children and adolescents

12.1. Our products are aimed at companies and are not directed at children or adolescents. We do not knowingly collect data from individuals under 18 years of age. If we identify an account in this condition, it will be deleted.

13. Information about Rakero Suppliers (commercial transparency)

13.1. For clarity about the self-service product, the conditions in force on the date of this policy are: 14-day free trial with no credit card; plans by company type, MEI (R$ 160/month or R$ 1,536/year) and PME (R$ 300/month or R$ 2,880/year, with a 20% discount on the annual plan); limit of up to 500 invoices per month per company; cancellation at any time, with no penalty; in case of payment failure, access is maintained for 7 days, after which it may be suspended.

13.2. Commercial conditions may change as set out in the terms of use and on the pricing page at rakero.com.br. This clause is informational and does not replace the terms of use.

14. Changes to this policy

14.1. We may update this policy to reflect legal, regulatory or product changes. The current version will always be available at rakero.com.br, with the effective date indicated at the top.

14.2. In case of a relevant change, we will notify you through the registered contact channels or through a notice on the platform.

15. Authority, governing law and venue

15.1. This policy is governed by Brazilian law, in particular the LGPD. The Brazilian National Data Protection Authority (ANPD) is the authority responsible for overseeing personal data protection in Brazil, and you may file complaints with it.

15.2. The courts of the judicial district of Barueri, SP, Brazil are elected as the venue to settle disputes arising from this policy, without prejudice to venues that are legally mandatory under public policy rules.

15.3. This policy was written in Portuguese and translated into English for convenience. In case of any discrepancy, the Portuguese version prevails.

Questions? Write to [email protected].

Rakero Group

B2B infrastructure for operations in Brazil. Payments, data and compliance in a single platform.

Products

CommissionsSuppliersAnomalies

Resources

API DocsPlatformBlog

Company

AboutContactLinkedIn
© 2026 Rakero Group LTDA® · CNPJ 65.038.076/0001-51 · Alphaville, Barueri, SP, BrazilTerms of use · Privacy policy