01 · Who this policy applies to
This policy applies to everyone who uses Olhar — patients seeking guidance and partner clinics — across any of our domains and languages (Portuguese, English and Spanish). By using the platform, you agree to the practices described here.
Olhar is a technology intermediation platform: we connect people to health and aesthetics providers. We are not a clinic, we do not provide a health service and we do not establish a doctor-patient relationship. The preliminary guidance offered by the Iris and Lux intelligences never replaces a professional diagnosis.
02 · What data we collect
Data you provide to us:
- Registration: name, email, phone and, for clinics, company ID (CNPJ), professional council registration (CRM/CRO) and technical lead.
- Contact and support: messages exchanged with the platform and with Iris and Lux.
Data collected automatically:
- Browsing: IP address, device, browser and pages visited.
- Approximate location: derived from your IP to show content and providers relevant to your region. We do not track your precise location.
Sensitive data:
- Related to health and self-image: the preferences and interests you indicate about vision, smile or hair. We treat this data as sensitive personal data (art. 11 of the LGPD), with reinforced protection — detailed in section 05.
Payment data:
Payments are processed by Asaas, our payment partner. Your full card details are handled directly by them, under industry security standards — Olhar does not store your full card number.
03 · Why we process your data
We process data only with a defined purpose and a corresponding legal basis (arts. 7 and 11 of the LGPD):
- Operate the platform and connect you to providers — performance of a contract.
- Create and manage your account and support — performance of a contract.
- Process charges and payouts — performance of a contract and legal/tax obligation.
- Improve the platform experience and security — legitimate interest, always respecting your rights.
- Process sensitive self-image/health data — subject to your specific, highlighted consent.
- Comply with legal and regulatory obligations — legal obligation.
04 · Who we share it with
Olhar does not sell your data. We share only what is necessary, with:
- Partner clinics that you choose to contact — to enable scheduling or care.
- Asaas — to process payments and payouts.
- Infrastructure providers (hosting and databases, such as Supabase and Vercel) — which process data under our instructions and contract.
- Authorities — when required by law or court order.
Each partner accesses only what is strictly necessary for its function and is bound by confidentiality and data protection obligations.
05 · Sensitive data and Iris & Lux
As a self-esteem platform, we may process information related to your health and self-image. This is sensitive data and receives special protection: it is processed with your consent, used only for the stated purposes, and you may withdraw your consent at any time.
Iris and Lux are artificial intelligences and always identify as such. They offer preliminary, educational guidance — never a diagnosis. Conversations may be used to operate and improve the service, always under this policy.
06 · International transfer
Because Olhar operates globally and uses technology providers that may process data outside Brazil, some data may be transferred internationally. In such cases, we adopt the safeguards set out in art. 33 of the LGPD to ensure an adequate level of protection, regardless of where your data is processed.
07 · How long we keep it
We keep your data only for as long as necessary for the purposes of this policy or to comply with legal obligations (for example, tax and accounting periods). Once the purpose ends, data is deleted or anonymized — except where mandatory retention is required by law.
08 · Your rights
The LGPD (art. 18) guarantees you, at any time and free of charge:
- Confirmation: to know whether we process your data.
- Access: to obtain a copy of the data we hold about you.
- Correction: to update incomplete or outdated data.
- Deletion: to request anonymization, blocking or removal.
- Portability: to receive your data in a usable format.
- Sharing: to know with whom we share your data.
- Revocation: to withdraw consent when it is the legal basis.
- Objection: to object to processing you consider improper.
To exercise any right, write to our Data Protection Officer at dpo@olhar.net. We will respond as soon as possible.
09 · How we protect your data
We adopt technical and organizational measures to protect your data, including encryption in transit, row-level access control (Row Level Security), reinforced authentication and the principle of least privilege. No system is 100% immune, but we work continuously to reduce risks and respond quickly to incidents.
10 · Cookies
We use cookies and similar technologies to keep you signed in, remember preferences and understand how the platform is used. You can manage cookies in your browser settings; some are essential for the service to function.
11 · Users outside Brazil
Olhar is available globally. If you access it from outside Brazil, additional rights under local laws may apply, such as the GDPR (European Union) and the CCPA (California). We strive to align our practices with these frameworks; for specific requests, contact dpo@olhar.net.
12 · Financial services (showcase)
Financial services, when available, are processed by a partner institution authorized by the Central Bank of Brazil. Olhar acts as a technology and experience layer and does not hold title to your funds. Financing options are currently being structured: the interest list only stores your contact to notify you when they become available.
13 · Changes to this policy
We may update this policy to reflect changes in the service or in the law. When that happens, we change the effective date at the top and, for material changes, we notify you through the platform's channels. The version in force is always the one published here.