Last updated: October 22, 2025
A Green Bridge Facility – GBF (“GBF”)¹ is the controller responsible for operating the digital platform known as Know Your Territory or KYT-e (hereinafter referred to simply as the “Platform” or the “Service”).
This Privacy Policy (“Policy”) governs how GBF collects, uses, stores, shares, and protects Users’ Personal Data on the Platform, in compliance with Law No. 13.709/2018 (General Data Protection Law – LGPD), Law No. 12.965/2014 (Brazilian Civil Rights Framework for the Internet), as well as complementary resolutions and regulations from the National Data Protection Authority (ANPD).
By using the Platform, the User confirms they have read and understood this Policy. If the User does not agree with its terms, they must stop using the Platform immediately; use without express agreement is prohibited.
¹ The Green Bridge Facility (GBF) is a project incubated under the Igarapé Institute (CNPJ 14.051.935/0001-01), and is responsible for the technical and operational management of the KYT-e Platform. For the purposes of this Policy, the GBF acts as a strategic Operator affiliated with the Institute, under the terms of Article 5, item VII, of Law No. 13,709/2018 (LGPD), carrying out processing activities on behalf of and under the sole responsibility of the Igarapé Institute, which remains the sole Controller to the data subjects and the National Data Protection Authority (ANPD).
For the purposes of this Policy, the following definitions apply:
“Green Bridge Facility – GBF”: A project incubated and managed by the Igarapé Institute, which is responsible for the technical and operational management of the Platform.
“User”: Any natural person who accesses or uses the Platform, in any capacity (free or paid). Every Client is considered a User, but not every User is necessarily a Client.
“Client”: A natural person or legal entity that purchases paid services, premium modules, advanced reports, or any other products made available by the Platform.
“KYT-e Platform” or “Service”: Digital system called Know Your Territory – KYT-e, operated by Green Bridge Facility – GBF, intended for the gathering, analysis, and dissemination of information about territorial opportunities and risks.
“Personal Data”: Information related to the identified or identifiable natural person, such as, but not limited to: name, email address, IP address, geolocation data.
“Sensitive Personal Data”: Information defined by the LGPD as that relating to racial or ethnic origin, religious beliefs, political opinions, affiliation with a trade union or religious, philosophical, or political organization, data concerning health or sexual life, genetic or biometric data, when linked to a natural person.
“Legal Basis”: Legal basis for processing personal data, under the terms of Articles 7 and 11 of the LGPD (for example, contract execution, fulfillment of legal obligations, Controller’s legitimate interest, Data Subject’s consent, among others).
“Anonymized Data”: Data relating to a data subject who cannot be identified, considering the use of reasonable and available technical means at the time of its processing. Anonymized data is not considered Personal Data, unless the process can be reversed through reasonable efforts.
“Database”: A structured set of personal data, established in one or more locations, in electronic or hard copy format.
“Application Access Logs”: A set of information relating to the date and time an internet application was used from a specific IP address, pursuant to Article 15 of Law No. 12,965/2014 (the Brazilian Civil Framework for the Internet).
“Data Subject”: The natural person to whom the Personal Data being processed refers.
“Anonymization”: Use of reasonable and available technical means at the time of processing, through which data can no longer be directly or indirectly linked to an individual.
“Consent”: Free, informed, and unambiguous consent given by the Data Subject for the Processing of their Personal Data for a specified purpose, except in cases where the LGPD waives this requirement.
“Blocking”: Temporary suspension of any Processing operation, through the safeguarding of the Personal Data or the Database.
“Elimination”: Exclusion of data or a set of data stored in a database, regardless of the procedure used.
“International Data Transfer”: Transfer of personal data to a foreign country or international organization of which Brazil is a member.
“Data Sharing”: Communication, transfer, dissemination, interconnection, or making Personal Data available to third parties, whether public or private, to the extent necessary and proportionate to the legitimate purpose informed to the Data Subject, pursuant to the LGPD and this Policy.
“Personal Data Processing” ou “Processing”: Any operation performed with Personal Data, such as collection, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, deletion, evaluation or control of the information, modification, communication, transfer, dissemination, or extraction.
“Controller”: The natural or legal person, whether public or private, responsible for decisions regarding the Processing of Personal Data – in this case, GBF.
“Operator”: A natural or legal person, whether public or private, that processes Personal Data on behalf of the Controller.
“Data Protection Officer” ou “DPO”: The individual designated by the GBF to act as the communication channel between the Controller, the Data Subjects, and the ANPD.
“Cookies”: Files or technologies that collect information about the User’s browsing on the Platform, which may be essential, performance, functional, or marketing cookies, as specified in our Cookie Policy.
“Reports”: Products generated by the Platform (including compilations, indexes, dashboards, and analytical summaries) from GBF’s own and/or public sources, whose structure, selection, and organization are protected and owned by GBF. The User/Client is granted a non-exclusive, non-transferable license for internal use, according to this Policy, the Terms of Use, and other applicable contractual documents, without prejudice to the rights concerning third-party/source raw data.
The functioning of the KYT-e Platform depends on the processing of certain information provided by the Users themselves or generated automatically through the use of the Service. Data collection only occurs under the circumstances and for the purposes described in this policy, in a manner that is proportionate and limited to what is necessary to ensure security, personalization, and appropriate features.
The categories of collected data are organized as follows:
2.1. Registration Data
2.2. Platform Usage Data
2.3. AI Chat Interaction Data
2.4. Sensitive Personal Data
2.5. Location and Preference Data (where applicable)
2.6. Cookies and Similar Technologies
2.7. Support and Communication Data
Records may also be stored for auditing, security, and legal compliance purposes..
It should be noted that GBF administrators do not have access to the individual content of a specific User’s private conversations, except when forms are filled out or messages are sent directly to GBF administrators, in which case confidentiality is maintained. Access is limited only to anonymized and aggregated data, used strictly for system performance and development purposes.
The processing of Personal Data by the KYT-e Platform is limited to purposes that are legitimate, specific, and necessary for the Platform’s operation, User security, and compliance with legal obligations.
Registration data is used to create and maintain the User’s account, authenticate access, and personalize the experience.
Usage data, such as IP addresses and access logs, are intended to ensure the security of the Platform, prevent fraud, and comply with Article 15 of Law No. 12.965/2014 (Brazil’s Civil Framework for the Internet).
Newsletters, institutional communications, and marketing materials will only be sent with the User’s prior, specific, and explicit consent, which can be revoked at any time, as stipulated in this Policy.
Interactions with the artificial intelligence assistant are stored to facilitate responses to queries and improve system quality.
The message history is analyzed only in an anonymized and aggregate form, without individual access by the administrators.
The Platform does not request Sensitive Personal Data and advises Users not to enter it in free-text fields. If voluntarily provided, this data may be deleted or anonymized, in compliance with the principle of data minimization.
Location data and preferences, such as searched territories or areas of interest, are processed to generate reports and comparisons. Cookies and similar technologies are used to ensure the Platform functions, measure performance, and, with consent, carry out marketing activities.
Finally, support and communication data are processed to fulfill requests, maintain records, and comply with legal obligations.
The processing of the aforementioned information is legally grounded in Articles 7 and 11 of the General Data Protection Law, particularly concerning the execution of a contract, compliance with a legal obligation, the Controller’s legitimate interest, and the data subject’s consent, as applicable to each situation.
GBF may share Personal Data collected by the KYT-e Platform only under circumstances strictly necessary to fulfill its legitimate purposes, in compliance with the General Data Protection Law.
Sharing will always be done in a controlled and proportionate manner, safeguarding the security of information and User privacy.
Data processing by third parties will occur in the capacity of operators contracted to act on behalf of GBF, such as information technology service providers, cloud hosting, technical support, usage analysis tools, and third-party cookies.
Operators are subject to specific contractual obligations that ensure data processing is done exclusively for the purposes defined by the Controller and in compliance with applicable legislation.
If cloud hosting services or providers located outside of Brazil are used, international transfers of Personal Data may occur. In such cases, GBF will ensure compliance with the requirements set forth in Articles 33 to 36 of the General Data Protection Law, including appropriate contractual clauses and equivalent protection guarantees.
Additionally, Personal Data may be shared with administrative, regulatory, or judicial authorities when there is a legal or regulatory obligation, a court order, an administrative request, or when necessary for the regular exercise of the GBF’s rights.
In the event of any institutional changes, project integration, strategic partnership, or transfer of management of the KYT-e Platform to another entity, Personal Data may be transferred to the new responsible party, provided that compatible protection guarantees are observed and after prior notification to the Data Subjects, in accordance with applicable legislation.
User Personal Data will under no circumstances be sold or transferred independently to third parties for purposes unrelated to those described in this Policy.
When sharing occurs, it will adhere to the principle of minimization, limited to what is strictly necessary for the purpose involved.
GBF adopts appropriate technical and organizational measures to protect the Personal Data processed by the KYT-e Platform against unauthorized access, loss, alteration, or improper disclosure or dissemination.
These measures include, among others, the use of encryption, profile-based access controls, security logging, backup policies, and incident response protocols.
Personal Data is stored on servers contracted by GBF, located either in Brazil or abroad. In any event, GBF will ensure that any international data transfer complies with the requirements set out in Articles 33 to 36 of the General Data Protection Law.
Furthermore, it should be noted that hosting providers act as contracted operators, subject to specific contractual obligations regarding security and confidentiality.
Personal Data will be retained for the time necessary to fulfill the purposes described in this Policy, to execute contracts signed with Users or Clients, and to comply with applicable legal and regulatory obligations. Specifically:
The User may request the deletion of their Personal Data at any time, in accordance with Article 18 of the General Data Protection Law.
Data linked to inactive accounts may be retained for the period necessary to fulfill the purposes described in this Policy, and after that period, it will be deleted or anonymized, observing the hypotheses outlined in Article 16 of the General Personal Data Protection Law.
However, GBF may retain certain information when necessary to comply with a legal or regulatory obligation, the regular exercise of rights in judicial, administrative, or arbitration proceedings, or in other cases provided for in Article 16 of the General Data Protection Law.
In cases where there is no longer a legal basis for retention, the data will be securely deleted or anonymized, preventing the identification of the data subject.
Although GBF takes appropriate technical and organizational measures to protect the Personal Data processed by the KYT-e Platform, with high protection standards, it is not possible to guarantee complete security against all incidents, including those resulting from illicit actions by third parties. Therefore, the User must acknowledge that no electronic transmission or storage system is absolutely secure.
Under the General Data Protection Law, Users of the KYT-e Platform, as holders of personal data, have the following rights:
Exercising these rights must be requested through the Data Protection Officer’s (DPO) official contact channel, as indicated in Section 7 of this Policy.
To ensure security, GBF may request additional information to confirm the requester’s identity before fulfilling the request.
Requests will be reviewed and responded to within the deadlines established by the General Data Protection Law and complementary regulations from the National Data Protection Authority (ANPD).
In certain cases, fulfilling the request may be justifiably refused, especially when it involves compliance with a legal or regulatory obligation or the proper exercise of rights.
For questions related to this Privacy Policy, the processing of Personal Data performed by the KYT-e Platform, or to exercise the data subject’s rights provided in Law No. 13,709/2018 (General Data Protection Law – LGPD), pursuant to Article 41 of the LGPD, the User may contact GBF’s Data Protection Officer (DPO).
The Data Protection Officer is responsible for receiving communications from data subjects and the National Data Protection Authority (ANPD), taking steps to respond to requests, and guiding data protection compliance practices within GBF.
Contact can be made through the following institutional email address: contato@greenbridgefacility.com
GBF commits to analyzing all requests received and responding within the deadlines stipulated by applicable law, and may request additional information to verify the requester’s identity and ensure the security of the responses.
The KYT-e Platform is not intended for individuals under 18 years of age, and it does not intentionally collect Personal Data from minors. If GBF becomes aware that information has been provided by minors without proper legal authorization, such data will be deleted or anonymized in accordance with the General Data Protection Law.
GBF may modify this Privacy Policy at any time to reflect legislative, regulatory, technological, or operational changes, as well as to enhance transparency regarding the Processing of Personal Data carried out by the KYT-e Platform.
Users will be notified of any significant changes via a prominent message on the Platform itself or, where applicable, by email to their registered address, with reasonable advance notice before the new version takes effect.
We recommend that the User periodically review this Policy to stay informed about how their Personal Data is being handled. Continued use of the Platform after changes take effect will be considered acknowledgment and agreement to the new terms, except in cases where specific consent is required, which will be duly requested.
This Privacy Policy constitutes the entire instrument governing the Processing of Personal Data within the scope of the KYT-e Platform, superseding any prior or parallel communications on the same topic.
The eventual nullification, invalidity, or ineffectiveness of any provision of this Policy will not affect the others, which will remain in full force and effect.
GBF’s failure to exercise any right or power will not constitute a waiver, and it may exercise it at any time.
The KYT-e Platform may contain links or references to third-party websites and services. GBF has no control over the content, practices, or policies of such sites and assumes no responsibility for them. Users are advised to carefully read the privacy policies for each external site they access.
The parties will make reasonable efforts to resolve any disputes administratively before resorting to the Judiciary. Nothing in this Policy restricts the Data Subject’s right to file a complaint directly with the National Data Protection Authority (ANPD) if they believe their rights have not been properly observed.
This Policy is governed by the laws of the Federative Republic of Brazil, particularly Law No. 13,709/2018 (General Personal Data Protection Law) and Law No. 12,965/2014 (Brazilian Internet Civil Framework).
The competent jurisdiction for resolving any doubts or disputes arising from this Policy shall be the District Court of the State Capital of Rio de Janeiro, with express waiver of any other, however privileged that jurisdiction may be.
