investigação avançada
Effective Date: May 16, 2026 Version: 2.0
Sherlockeye Tecnologia Ltda. (hereinafter referred to as "Sherlockeye") is a Brazilian company committed to protecting the privacy and security of its users. This Privacy and Security Policy defines how we collect, use, protect, and disclose personal and sensitive information when our services are used.
Our platform is built on Vercel and Cloudflare, integrated with Framer for web experience, Mixpanel and Google Analytics for usage analytics, and Clerk for secure registration and authentication.
Registered in Brazil under CNPJ 57.793.041/0001-08, Sherlockeye provides solutions for collecting and analyzing publicly available data associated with usernames, email addresses, phone numbers, and other digital and social identifiers. Our services are intended for professionals and institutions with legitimate digital analysis purposes, including public safety agencies, established media organizations, and cybersecurity intelligence specialists.
1. Data Minimization and Purpose Limitation
Sherlockeye collects only the data strictly necessary for account management, service delivery, and platform improvement. This includes registered email addresses and service usage metrics, such as the number of API queries. Searches are performed in real time by consulting public sources. Sherlockeye does not collect or store target-specific research data beyond what is encrypted and linked to the user's account.
2. Legal Basis for Data Processing (LGPD Art. 7)
Sherlockeye processes personal data under the following legal bases, as established by Brazil's Lei Geral de Proteção de Dados (LGPD):
Data Category | Purpose | Legal Basis |
|---|---|---|
Account data (email, credentials via Clerk) | Account creation, authentication, and service access | Performance of contract (Art. 7, V) |
Service usage metrics (API queries) | Service delivery and billing | Performance of contract (Art. 7, V) |
Encrypted search logs | Delivery of OSINT search results | Performance of contract (Art. 7, V) |
Analytics data (Mixpanel, Google Analytics) | Platform improvement and behavior analysis | Consent (Art. 7, I) |
Infrastructure data (Cloudflare, Vercel) | Security, performance, and reliability | Performance of contract (Art. 7, V) |
Users may withdraw consent for analytics data processing at any time without affecting their ability to use the platform. See Section 9 for opt-out options.
3. Encrypted Search Log
All searches and their results are stored in encrypted format for a maximum period of 30 days, after which they are automatically deleted. Sherlockeye does not log or identify research subjects. Users are responsible for saving their results locally, as stored information is not automatically updated. A new search must be performed to obtain current data.
4. Third-Party Services and International Data Transfers
Sherlockeye relies on the following third-party service providers to deliver and improve our platform. Several of these providers are based in the United States. In accordance with LGPD Art. 33, these international data transfers are carried out on the basis of necessity for the performance of the contract between Sherlockeye and its users.
Each provider maintains its own privacy policy. We encourage users to review them to understand how their data is processed.
Provider | Country | Purpose | Privacy Policy |
|---|---|---|---|
Cloudflare | USA | Infrastructure, DDoS protection, CDN | |
Vercel | USA | Hosting and deployment | |
Framer | USA | Web experience and landing pages | |
Clerk | USA | User authentication and session management | |
Mixpanel | USA | Product analytics and usage tracking | |
Google Analytics | USA | Web traffic and behavior analytics |
We do not share personally identifiable information with analytics providers beyond what is technically necessary for their operation. Analytics data is collected anonymously or pseudonymously.
5. User Responsibilities
Users must consider the applicable legal and ethical standards in their jurisdictions when using the platform. Sherlockeye assumes no liability for the use of data obtained through its services. It is the user's sole responsibility to ensure that their use is compliant with all applicable laws, regulations, and guidelines, including those governing the collection and processing of third-party personal data.
6. Data Security Measures
Sherlockeye implements industry-standard security measures to protect personal data against unauthorized access or misuse, including encryption at rest and in transit, access controls, and regular security reviews. Users are also encouraged to securely manage their API tokens and login credentials, and to report any suspected security incidents to our team at contact@sherlockeye.io.
7. Information We Collect
We collect the following categories of information:
Account data — email address and account credentials, used for account management and support, processed via Clerk.
Service usage data — metrics such as the number of API queries made.
Analytics data — anonymized or aggregated behavioral and traffic data collected via Mixpanel and Google Analytics, based on user consent.
Infrastructure data — anonymized network and performance data collected via Cloudflare and Vercel.
Authentication data — login credentials and session tokens managed by Clerk.
When searches involve personal or sensitive identifiers, users are responsible for obtaining appropriate authorization and following privacy best practices.
8. Use and Disclosure of Information
Information collected is used to:
Maintain, operate, and improve our services;
Communicate updates, notices, and service-related information;
Resolve technical issues and ensure platform stability;
Ensure legal compliance and enforce our Terms of Service.
We do not sell personal data. We do not share personal data except in the following circumstances:
When required by applicable law or legal process;
With the explicit consent of the user;
With operational partners under confidentiality agreements, strictly to the extent necessary for service delivery;
In the context of corporate reorganization events, such as mergers or acquisitions, provided that the acquiring entity agrees to uphold the protections described in this policy.
9. Cookies, Tracking Technologies, and Opt-Out
Our platform and third-party services may use cookies, pixels, and similar tracking technologies for analytics and functionality purposes. Analytics tools (Mixpanel and Google Analytics) may set first- or third-party cookies to track session and behavioral data. This data is used in aggregate and does not identify individual users.
You may opt out of analytics tracking at any time:
Google Analytics: Use the Google Analytics Opt-out Browser Add-on or adjust your preferences at Google My Account.
Mixpanel: Submit an opt-out request via Mixpanel's Privacy Portal or use the opt-out mechanism available in your account settings.
You may also configure your browser to refuse cookies; however, doing so may affect the availability or functionality of certain platform features. Opting out of analytics does not affect your ability to use Sherlockeye's core services.
10. Data Retention and Privacy Compliance
Only data essential for service delivery and account management is retained. Encrypted search logs are automatically deleted after 30 days. Sherlockeye complies with global data protection standards, including Brazil's Lei Geral de Proteção de Dados (LGPD) and the European Union's General Data Protection Regulation (GDPR), ensuring that all data collection and processing is grounded in an appropriate legal basis.
11. Your Data Rights
Under the LGPD (Art. 18) and GDPR, you have the right to:
Access — request a copy of the personal data we hold about you;
Correction — request correction of inaccurate or incomplete data;
Deletion — request erasure of your personal data, subject to legal retention obligations;
Portability — request your data in a structured, machine-readable format;
Revocation of consent — withdraw consent for analytics data processing at any time;
Information — request information about the entities with whom your data has been shared.
How to exercise your rights: Send a request to contact@sherlockeye.io with the subject line "Data Rights Request", including your registered email address and a description of your request. We will verify your identity and respond within 7 business days.
12. Data Breach Notification
In the event of a personal data breach that may result in risk or harm to users, Sherlockeye will:
Notify the Brazilian National Data Protection Authority (ANPD) within 72 hours of becoming aware of the incident, in accordance with LGPD Art. 48;
Notify affected users as soon as reasonably practicable, describing the nature of the incident, the data involved, the potential risks, and the measures taken or planned to address the breach.
Users are encouraged to report any suspected security incidents or unauthorized access to contact@sherlockeye.io.
13. Minors
Sherlockeye's services are intended exclusively for individuals aged 18 years or older. We do not knowingly collect personal data from minors. If we become aware that a user is under 18, their account will be suspended and their data deleted promptly. If you believe a minor has registered on our platform, please notify us at contact@sherlockeye.io.
14. Policy Updates and Modifications
This policy may be updated to reflect changes in legal requirements or operational practices. Users will be notified of significant changes via email or a prominent notice on the platform. We recommend reviewing this policy periodically to stay informed. The version number and effective date at the top of this document will always reflect the most current revision.
15. Contact Information
For questions, concerns, or to exercise your data rights, please contact our Data Protection Officer (DPO):
DPO — Sherlockeye Tecnologia Ltda. R. Uruguai, 277 Bairro Centro Histórico, Porto Alegre Rio Grande do Sul, Brazil — CEP 90010-140
Email: contact@sherlockeye.io
Thank you for trusting Sherlockeye. Our commitment is to provide reliable and secure open-source intelligence tools with transparency, ethical accountability, and full respect for your privacy.
