Privacy Policy
Transparency, security, and compliance with the LGPD in the processing of personal data of clients, leads, visitors, and partners of OPOP.
Version 1.0•Last updated: April 22, 2026
1. Who we are
OPOP Marketing is a digital marketing agency headquartered in Patos/Paraíba, registered under CNPJ No. 18.347.099/0001-68, providing paid traffic management, organic content management, branding, website creation, and visual identity services.
This Privacy Policy applies to all personal data processed by OPOP in its relationships with clients, leads, website visitors, and business partners, in full compliance with the General Data Protection Law (LGPD — Law No. 13,709/2018).
Data controller:
OPOP Marketing
Email: legal@opop.marketing
Website: opop.marketing
2. What data we collect
2.1 Data you provide directly
- Identification: full name, company name, CNPJ/CPF
- Contact: email, phone/WhatsApp
- Professional data: job title, company, industry
- Financial data: billing and payment information necessary for contract execution
- Account access data: credentials or access permissions to platforms (Google Ads, Meta Ads, TikTok Ads, etc.) shared for service delivery
2.2 Automatically collected data
- Browsing: IP address, browser type, pages visited, time spent, source of access
- Device: operating system, screen resolution, device identifiers
- Cookies and similar technologies: tracking pixels, session identifiers
2.3 Third-party and platform data
When you hire our paid traffic services, you grant us access to performance data and metrics from your campaigns on advertising platforms (Google, Meta, TikTok). This data is processed exclusively for the execution of the contracted services.
3. How we use your data
| Purpose | Legal basis (LGPD) |
|---|---|
| Respond to inquiries, requests, and quotes | Legitimate interest (Art. 7, IX) |
| Execute service contracts | Contract execution (Art. 7, V) |
| Issue invoices and comply with tax obligations | Legal obligation (Art. 7, II) |
| Manage and optimize the client's marketing campaigns | Contract execution (Art. 7, V) |
| Send commercial communications and OPOP updates | Legitimate interest / Consent (Art. 7, I and IX) |
| Improve our website and services based on browsing data | Legitimate interest (Art. 7, IX) |
| Prevent fraud and ensure operational security | Legitimate interest (Art. 7, IX) |
| Comply with legal or regulatory requirements | Legal obligation (Art. 7, II) |
4. How we share your data
OPOP does not sell, rent, or transfer personal data to third parties. Sharing only occurs in the following situations:
4.1 Operational suppliers and partners
To deliver our services, we use platforms that may have access to data:
| Platform / Tool | Purpose |
|---|---|
| Google Ads / Google Workspace | Campaign management, communication, and documents |
| Meta Ads | Campaign management on Facebook and Instagram |
| TikTok Ads | Campaign management on TikTok |
| Kommo CRM | Client and lead relationship management |
| n8n | Internal process automation |
| Evolution API | WhatsApp communication |
| Lovable / development platforms | Website and landing page creation |
All these suppliers have their own privacy policies and are subject to the laws applicable in their countries of operation.
4.2 Legal obligation
We may share data with public authorities, regulatory bodies, or by court order, always within the limits required by law.
4.3 Rights protection
In cases of judicial, extrajudicial, or arbitral defense of OPOP's or third parties' rights and interests.
5. International data transfer
Some of the platforms we use have servers located outside Brazil (United States, European Union, among others). Where applicable, we adopt the safeguards provided in Art. 33 of the LGPD, including contracting with suppliers that ensure an adequate level of protection or that use standard contractual clauses.
6. How long we keep your data
| Situation | Retention period |
|---|---|
| Contact data and leads without a contract | Up to 12 months after the last contact, or until consent is revoked |
| Client data during the contract | For the duration of the contractual relationship |
| Client data after contract termination | Up to 5 years (civil statute of limitations) |
| Tax and financial data | As required by law (minimum 5 years — Law 9,430/96) |
| Browsing data | Up to 6 months, unless otherwise required by law (Brazilian Internet Framework — Law 12,965/14) |
After the applicable period, the data is irreversibly deleted or anonymized.
7. Cookies and tracking technologies
Our website uses cookies and similar technologies for:
- Basic functioning: maintaining active sessions and user preferences
- Analytics and performance: understanding how visitors navigate (e.g., Google Analytics)
- Marketing and remarketing: displaying relevant ads on other platforms (e.g., Meta pixel, Google Ads tag)
- Social media integration: sharing buttons and widgets from external platforms
You can manage or disable cookies in your browser settings. Disabling certain cookies may affect the browsing experience.
8. Your rights as a data subject
Under Articles 17 to 22 of the LGPD, you have the right to:
- Access: know which of your data we hold and how we use it
- Correction: request the update of incomplete, inaccurate, or outdated data
- Deletion: request the deletion of data processed based on consent
- Portability: receive your data in a structured format for transfer to another supplier
- Consent revocation: withdraw consent at any time, without affecting prior processing
- Objection: object to processing based on legitimate interest
- Information about sharing: know with whom we share your data
- Review of automated decisions: request a review of decisions made solely by automated means
To exercise any of these rights, contact us at legal@opop.marketing. We will respond within 15 business days.
9. Data security
We adopt appropriate technical and organizational measures to protect your data against unauthorized access, loss, alteration, or improper disclosure, including:
- Access control with authentication and role-based permissions
- Use of encrypted connections (HTTPS/TLS)
- Restricting access to personal data only to employees who need it to perform their duties
- Periodic review of access and internal policies
In the event of a security incident that may pose a relevant risk to data subjects, we will notify the National Data Protection Authority (ANPD) and the affected subjects within the applicable timeframe, in accordance with Art. 48 of the LGPD.
10. Data Protection Officer (DPO)
The person responsible for the processing of personal data at OPOP is:
João Neto
Email: legal@opop.marketing
11. Changes to this Policy
This Policy may be updated at any time to reflect operational, legal, or regulatory changes. The "last updated" date at the top of this document indicates when the current version came into effect.
For substantial changes, we will notify active clients by email at least 15 days in advance. Continued use of our services after the changes take effect implies acceptance of the new version.
12. Jurisdiction
This Policy is governed by the laws of the Federative Republic of Brazil. For dispute resolution, the jurisdiction of the district of Patos — Paraíba is hereby elected, with express waiver of any other, however privileged it may be.