Privacy Policy
Last updated: April 12, 2026
This Privacy Policy describes how L&B Consulting Ltda (“VERSO Studio”, “we”), registered in Brazil under CNPJ 49.032.836/0001-67, headquartered in Curitiba/PR, collects, uses, stores, and protects personal data of visitors and clients of versostudio.io. We comply with Brazil's General Data Protection Law (Law 13,709/2018 — LGPD).
1. Data we collect
- Contact form: name, email, WhatsApp (optional), and the message you send.
- Admin area (staff only): email, name, bcrypt password hash. Passwords are never stored in clear text.
- Access logs: IP, user-agent, timestamp, action, for security, audit and legal compliance.
- Strictly necessary cookies: a single HTTP-only session cookie used to authenticate the admin area. No tracking, marketing or analytics cookies.
2. Purpose
- Reply to inquiries and send commercial proposals.
- Deliver contracted web design and development services.
- Keep legally required records (LGPD Art. 37).
- Protect the system from fraud and abuse.
3. Legal basis
Processing is based on consent (LGPD Art. 7, I) via the opt-in checkbox on the contact form; on contract execution (Art. 7, V) for accepted proposals; and on legitimate interest (Art. 7, IX) for security logs.
4. Retention
Lead data is retained for 2 years after last contact, or until erasure is requested. Contract data follows the legal retention term (typically 5 years). Audit logs are kept for 12 months.
5. Sharing
We do not sell or rent your data. We share only with:
- FormSubmit — delivers email notifications when a form is submitted.
- Hosting provider (Railway/Vercel) — stores the database and runs the application.
- Public authorities, when legally required.
6. Your rights (LGPD Art. 18)
- Confirm processing exists.
- Access your data.
- Correct incomplete, inaccurate, or outdated data.
- Anonymize, block or delete unnecessary or excessive data.
- Port data to another provider.
- Delete consented-based data.
- Obtain information about data sharing.
- Revoke consent.
To exercise any of these rights, contact us via the channels in Section 8. We respond within 15 calendar days.
7. Security
Technical and administrative controls: TLS throughout, bcrypt (cost 12) for passwords, __Host-prefixed session cookies (HttpOnly, Secure, SameSite=Lax), security headers (CSP, HSTS, X-Frame-Options), rate limiting, and audit logging of admin actions.
8. Contact and Data Protection Officer
Controller: L&B Consulting Ltda — Curitiba/PR, Brazil.
DPO: Leonardo Battiston Campos.
Email: hello@versostudio.io
WhatsApp: +55 (41) 93618-3688
9. Changes
This policy may be updated to reflect legal or operational changes. The date at the top indicates the current version.