Data Retention Policy

This Data Retention and Disposal Policy explains how Alma Intel retains and disposes of customer data to ensure consistency. This policy is guided by Alma Intel’s security requirements, including compliance with applicable laws and regulations like the Lei Geral de Proteção de Dados (LGPD).

This policy applies to all assets used by Alma Intel personnel or those accessing its applications, infrastructure, systems, or data. All personnel must read, accept, and follow all Alma Intel policies and plans.

The time period for which Alma Intel retains customer data depends on its purpose. Alma Intel must retain customer data for as long as an account is active or as stated in the agreement(s) between Alma Intel and the customer. Alma Intel may retain data for longer if required by law or regulation.

The provided document specifies that Alma Intel may use customer data, including data and metadata from conversations between sellers and buyers for the services specified in the contract. Alma Intel is also permitted to use this data in an anonymized and non-identifiable manner for training, improvement, or development of its own models, algorithms, or solutions, but is prohibited from commercializing or disclosing it in a way that allows direct identification of the customer or its clients.

Alma Intel commits to ensuring any data used for these purposes is properly anonymized, in compliance with the LGPD (Brazilian Privacy Protection Law).

Alma Intel must dispose of customer data within 30 days of a request from a current or former customer or in accordance with the customer’s agreement(s) with Alma Intel. Alma Intel may, however, retain and use data necessary for legal obligations, dispute resolution, and enforcement of agreements.

A limited number of Alma Intel employees should have access to delete customer data. Upon an employee's or contractor's termination, all company-owned devices will be collected and sanitized before re-issuance.

Alma Intel’s business needs, local situations, laws, and regulations may occasionally require an exception to this policy. If an exception is needed, Alma Intel management will determine an acceptable alternative approach.

Any violation of this policy may result in disciplinary action, up to and including termination of employment. The disciplinary process is also a deterrent to prevent employees and contractors from violating organizational security policies.

This document is subject to review and update at least annually to maintain organizational security objectives and meet regulatory requirements.

This document is maintained by: Alma Intel
This document was last updated on: September 15th, 2025