Privacy Policy | D2 Digital

This Privacy Policy describes how F&C Soluções Digitais LTDA ("D2 Digital", "we", "us", or "our"), operator of ddigital.solutions, collects, uses, stores, shares, and protects personal data of visitors, clients, and end users ("you") who interact with our website, applications, and related services (collectively, the "Services").

By using our Services, you agree to this Policy. If you do not agree, please do not use the Services.

On this page

Who we are
Data we collect
How we collect it
Why we collect it (legal bases)
SMS & A2P communications
Cookies & analytics
How we share data
International transfers
Retention
Security
Your rights (LGPD/GDPR/CCPA)
Children
Changes
Contact & DPO

1. Who we are

F&C Soluções Digitais LTDA, a limited liability company organized under the laws of Brazil, operating under the trade name "D2 Digital" and the domain ddigital.solutions. We act as the data controller for personal data collected through our website and direct Services.

2. Data we collect

We collect the following categories of personal data, depending on how you use our Services:

2.1 Identity & contact data

Full name
Business name (for B2B contacts)
Email address
Phone number (including mobile number for SMS, when you explicitly opt in)
Postal address (only when required for invoicing or service delivery)

2.2 Commercial data

Communications between you and us (email, messaging, forms)
Services requested or contracted
Payment data — processed by Stripe and PayPal. We do not store full card numbers; we store only the last 4 digits and a token reference returned by the payment processor.

2.3 Technical & usage data

IP address (IPv4 or IPv6)
Browser type and version, operating system, device type, screen resolution
Pages visited, session duration, referrer URL
Date and timestamp of each interaction
Consent records (see §5) including IP and timestamp of opt-in

2.4 Publicly available business data (for B2B prospecting)

When we operate as a digital marketing agency for our clients, we may process publicly available business contact data (business email, business phone, business address) obtained from sources such as Google Business Profile, public business registries, or professional directories, strictly for legitimate B2B outreach as permitted by applicable law.

3. How we collect it

Directly from you when you fill out forms on the website, create an account, contact us, or subscribe to communications.
Automatically through cookies, analytics scripts, and server logs when you browse our Services.
From public sources for B2B outreach, as described in §2.4.
From third-party partners such as payment processors (Stripe, PayPal), messaging providers (Twilio, WhatsApp Business API via Evolution API), and email delivery providers — only to the extent strictly necessary to deliver the Services.

4. Why we collect it (legal bases)

We process personal data on the following legal bases (LGPD art. 7, GDPR art. 6):

Performance of a contract — to deliver services you have requested or purchased.
Consent — for marketing SMS/email, cookies that are not strictly necessary, and other optional processing. You can withdraw consent at any time (see §11).
Legitimate interest — for security, fraud prevention, service improvement, and B2B outreach within legal limits.
Legal obligation — to comply with tax, accounting, and regulatory requirements (Brazil, U.S., and other jurisdictions where we operate).

5. SMS & A2P communications — how consent is recorded

How opt-in works. End users opt in by visiting our website and providing their phone number during the account registration or profile update process. They must check a non-pre-ticked checkbox explicitly agreeing to receive automated SMS for account updates, security alerts, and information verification. This consent is recorded in our database along with a timestamp and IP address. Users are informed that they can opt out at any time by replying STOP.

5.1 Message types you may receive after opt-in

Account updates (password changes, profile changes)
Security alerts (new device login, suspicious activity)
Information verification (one-time codes, confirmation requests)
Transactional confirmations related to a service you requested

5.2 Frequency

Message frequency varies based on your account activity. Most users receive fewer than 4 messages per month; high-activity users may receive more.

5.3 Opt-out and help

Reply STOP to any message to cancel all SMS from us. You will receive a single confirmation message and then no further SMS.
Reply HELP to any message for assistance, or email contact@ddigital.solutions.
Opt-out takes effect immediately upon processing and is recorded alongside the original consent record.

5.4 Cost and delivery disclaimers

Message and data rates may apply, depending on your carrier plan.
Carriers are not liable for delayed or undelivered messages.
We use Twilio (sender +1 276 259 3451, U.S. 10DLC registered) as our SMS infrastructure provider. For Twilio's privacy practices, see twilio.com/legal/privacy.

5.5 No sharing of opt-in or phone number data

We do not sell, rent, lease, or share your phone number or mobile opt-in data with third parties or affiliates for their marketing purposes. Phone numbers and consent records are shared only with Twilio (as our telecom carrier) strictly to deliver the messages you have consented to receive.

Full SMS program terms are available at ddigital.solutions/sms-terms.

6. Cookies & analytics

We use cookies and similar technologies for:

Strictly necessary — session, security, load balancing. These cannot be disabled.
Analytics — Google Analytics 4 (measurement ID G-6QHQMEZ51Z) to understand aggregate traffic patterns. IP anonymization is enabled where supported.
Error monitoring — Sentry to capture application errors (no user-submitted form content is transmitted).

You can disable non-essential cookies via your browser settings or our cookie banner (when presented). For Google Analytics opt-out, install Google's opt-out browser add-on.

7. How we share data

We share personal data only with:

Service providers acting as data processors on our behalf, under contract: Stripe & PayPal (payments), Twilio (SMS), Evolution API (WhatsApp), OpenRouter (LLM processing for content generation), Cloudflare (DNS/CDN), Contabo (hosting VDS3), Google (Analytics, Maps APIs), Sentry (error monitoring), SMTP provider for email.
Legal authorities when required by valid legal process (subpoena, court order, regulatory request).
Business transfers — in case of merger, acquisition, or asset sale, data may be transferred to the successor entity under equivalent protection.

We do not sell personal data. We do not share personal data for third-party advertising.

8. International transfers

Our infrastructure is distributed across Brazil, European Union, and the United States. When personal data is transferred outside Brazil, we rely on:

Standard Contractual Clauses (SCCs) or equivalent international data transfer mechanisms for EU/UK residents (GDPR/UK-GDPR).
LGPD-compatible transfer mechanisms (ANPD-approved instruments or adequacy decisions, when applicable).

9. Retention

Account data — retained while your account is active, plus 5 years after closure for tax and commercial law compliance (Brazilian Civil Code art. 206).
Financial records — 5 years minimum (Brazilian tax law).
Consent records (SMS opt-in/opt-out) — retained for the entire lifetime of your relationship with us and for at least 4 years after opt-out, for audit and regulatory compliance (TCPA/Twilio).
Server logs and analytics — up to 14 months in aggregated/pseudonymized form.
Marketing communications — deleted within 30 days after you unsubscribe or withdraw consent (except the minimal record needed to honor the opt-out).

10. Security

We implement technical and organizational measures appropriate to the risk:

TLS 1.2+ for all data in transit
At-rest encryption for databases and backups
HMAC signature validation for all incoming webhooks (payment providers, messaging)
Role-based access control and audit logs on administrative systems
Regular dependency scanning and security patching
Secrets management with rotation policy

No system is 100% secure. If you believe your account has been compromised, contact us immediately at contact@ddigital.solutions.

11. Your rights

Depending on your jurisdiction, you have the right to:

Access — request a copy of the personal data we hold about you
Rectification — correct inaccurate or outdated data
Erasure ("right to be forgotten") — subject to legal retention obligations
Restriction — limit how we process your data
Portability — receive your data in a structured, machine-readable format
Objection — object to processing based on legitimate interest or for direct marketing
Withdraw consent — at any time, for processing based on consent (does not affect lawfulness of prior processing)
File a complaint with the Brazilian Data Protection Authority (ANPD), the relevant EU supervisory authority (GDPR residents), or the California Attorney General (CCPA residents).

To exercise any right, email contact@ddigital.solutions. We respond within 15 days (LGPD) or 30 days (GDPR), extendable by 60 days for complex requests.

12. Children

Our Services are not directed to children under 18. We do not knowingly collect data from minors. If we become aware of such collection, we will delete the data promptly.

13. Changes to this Policy

We may update this Policy to reflect changes in law, technology, or our practices. The "Last updated" date at the top always reflects the current version. For material changes, we will notify registered users by email or prominent notice on the website at least 15 days in advance.

14. Contact & Data Protection Officer

F&C Soluções Digitais LTDA

Trade name: D2 Digital

Website: ddigital.solutions

Email (general & DPO): contact@ddigital.solutions

SMS support: Reply HELP to any message from +1 276 259 3451