Privacy
Policy

Ribon's Privacy Policy

Last update: June 04, 2025.

Hello Ribon Community!

First of all, thank you very much for your interest in learning more about Ribon. Feel free to reach out if you have any questions (:

At Ribon, privacy and security are priorities, and we are committed to being transparent about the processing of our users' and customers' personal data. Therefore, this Privacy Policy explains how we collect, use, and transfer information from customers or others who access or use our platform.

By using our services, you understand that we will collect and use your personal information in the ways described in this Policy, under the Data Protection rules (Brazil's General Data Protection Law, Federal Law No. 13,709/2018, also known as "LGPD"), the consumerist provisions of Brazilian Federal Law 8.078/1990 and other rules of the applicable legal system.

In this sense, this Privacy Policy (“Policy”) explains in a clear and accessible way how your information and data will be collected, used, shared and stored through our systems.

Acceptance of our Policy will occur when you access or use Ribon's website, app, or services. By creating an account, the user declares that they have read, understood, and agreed with the Privacy Policy and the Terms of Use, which are available for consultation at the time of registration. Continuing with the registration implies that you expressly agree with the terms, indicating that you are aware and in full agreement with how we will use your information and data.

This Policy is divided as follows for easier understanding:

What information Ribon collects;
How Ribon uses the collected information;
How, when, and with whom Ribon shares your information;
What rights you have over the information we collect;
How Ribon protects your information;
Activity logging;
Updates to this privacy policy;
Ribon’s responsibilities;
How to contact Ribon;
Applicable law.

This document should be read in conjunction with our Terms of Use, which provide an overview of our platform. If you have any questions or need to address any issue related to this Policy, please contact our Data Protection Officer, DATA GUIDE CONSULTORIA E SOLUÇÕES EM PROTEÇÃO DE DADOS LTDA, at dpo@ribon.io.

To enable the provision of services and improve user experience, our website and app collect and use the following types of information:

1.1. Information you provide to us.

Registration and contact information: When you register on Ribon, we collect personal data such as your first and last name, email, phone number, and other personal data you choose to provide, including a profile picture and your position at your company in case of a Business Plan. If you have created an account, you can log in to review and update your information and preferences.

Connection through third-party services: When you connect or log in to Ribon using third-party services (e.g., Facebook, Google, Apple), we may collect the data you provide through these services, such as your name and email address. We will respect your privacy settings and request authorization to collect such data.

Transaction information: If you become a Ribon Ambassador by subscribing to our plans or make a direct donation to any of the projects available on the Ribon platform using a direct payment method such as a credit card (or other payment methods available at the time — such as PIX, Google Pay, Apple Pay, among others), we will collect payment-related information for our Services, such as your credit/debit card details, billing address, and other transaction-related data, either directly or through our payment provider. Additionally, when you make payments on Ribon, payment data such as the date and time, amount, and other transaction details may be stored and used for purposes including fraud prevention. This enables us to provide you with a safe and secure environment for your transactions.

Credit card data: Ribon does not store credit card data. All credit card information is encrypted and sent directly to the payment processors, which comply with PCI security standards, in accordance with the security requirements set by major international credit card brands.

Communications, surveys, and reviews: We also collect information when you communicate with us, whether through emails or other messages you send us, interactions via the website or app, or exchanges through social media. If we ask you to provide feedback by completing a survey or submitting a testimonial or comment, we will collect any information you choose to share.

1.2. Information generated when you use our services.

To analyze, customize, and improve the user experience, we collect the following information:

Access logs: Ribon automatically collects access logs to the application, which include the IP address of the device used to access Ribon’s services. This data is mandatorily collected in accordance with Brazilian Law 12.965/2014, but will only be provided to third parties with your express authorization or through a legal request.

Usage data: We collect information about your interactions with Ribon, such as browsing data within the app (which parts of the app you accessed and how you interacted with the screens).

Technical data: We collect technical data, such as URL information, network connection, provider, and device information, which are collected through your equipment or connected device, if you authorize. Your authorization can be revoked at any time; however, this may deactivate some of the platform’s functionalities.

Device characteristics: Like most applications, to function properly, Ribon automatically collects data about your device's characteristics, such as its operating system, version, hardware information, language, internet signal, and battery status.

Communications with Ribon: When you communicate with Ribon, we collect information about your communication, including metadata such as the date, IP, and time of communications, as well as all the content and any information you choose to provide.

Communications with other users: When you communicate with other users of Ribon, we collect information about your communication, including metadata such as the date, IP, and time of communications, as well as all the content and any information you choose to provide.

Cookies and similar technologies: We use cookies, which are text files generated and stored on your browser or device by websites, apps, and online advertisements. Cookies may be used for the following purposes: authenticating users, remembering user preferences and settings, and understanding user behaviors and interests.

1.3. Information from other sources.

This may include:

Data collected from other platforms: Ribon may interact with other platforms and services, such as social media and payment providers. Some of these services may share information about you with us, which we will collect to provide you with a better experience, continuously improve our services, and offer new features. This may include user authentication, remembering user preferences and settings, and understanding user behaviors and interests.

Integration data: Ribon sends processed data to integration partners, but it does not collect any information unrelated to the tickets released by these partners.

Business Plan subscription information: To provide you with our services under the Business Plan, we may collect your Personal Data directly from your employer or another entity granting you access to Ribon’s Business Plan. This data may include your full name, corporate email address, employee ID or another personal identifier, and/or your status as an active employee.

1. Information we collect

It is worth remembering that we highly value your privacy: all your data and information are treated as confidential, and we will only use them for the purposes described here and authorized by you, mainly to allow you to fully utilize Ribon, always aiming to improve your experience as a user.

We use your personal data to provide you with our services, manage and administer your access to the Business Plan, manage your Ribon Ambassador Subscription, respond to your inquiries, and deliver a more relevant experience when using our services. If linked to a Business Plan, we may use this personal data to contact you or to cross-reference it with other personal data we may hold about you, in accordance with this Policy.

2.1. Authorized uses

We may use your data for the following purposes:

Allow you to access and use all Ribon functionalities;
Confirm Business Plan registration through your employer;
Provide the services and offer the products contracted and improve the use and experience of Ribon's apps and websites;
Administer your Ribon Ambassador Subscription, or allow you to make a direct donation to one of the projects available on Ribon using our platform;
Identification, authentication, and verification of requirements for contracting Ribon’s services;
Respond to inquiries and support requests, send messages about support or service, such as alerts, notifications, usage push, and updates;
Communications about products, services, promotions, news, updates, events, and other topics you might be interested in;
Enable your participation in activities we organize related to the services, such as sweepstakes, competitions, surveys;
Analyze user traffic in our apps;
Create new services, products, and functionalities;
Generate statistics, studies, surveys, and reports relevant to activities and behavior using products or services;
Diagnose and fix problems with Ribon’s Platform and Services;
Prevention and resolution of technical or security issues, detection and prevention of fraud, spam, and security incidents;
Verification or authentication of information provided by you, including comparing data collected from other sources;
Understanding user behavior and creating behavioral profiles to better tailor the service to your tastes and interests;
For any purpose you authorize at the time of data collection;
Compliance with legal obligations.

Any eventual use of your data for purposes that do not comply with this prerogative will be only done with your prior authorization.

2.2. Retention, transfer, and deletion of data

Ribon retains your personal data only for as long as necessary for the purposes established in this Policy. The data will be retained while your account is active, and in the case of termination of the commercial relationship, for 5 (five) years, to meet LGPD requirements.

We may transfer, store, and process your personal data outside your country of residence for organizational purposes, always following security and protection measures according to applicable laws.

All collected data will be deleted from our servers when you request it through a free and easy process, or when they are no longer necessary or relevant for us to provide our services, except when there is any other reason for its maintenance, such as a legal obligation or the need to preserve these for Ribon's rights.

In cases where you request the deletion of your data, the email with your history will be anonymized for research or statistical purposes, in which case we may use this information without prior notice, and the account deletion will be effective within 15 (fifteen) calendar days from your request.

2.3. Monitoring

Ribon reserves the right to monitor the entire platform, primarily to ensure that the rules described in our Terms of Use are being followed, or if there is no violation or abuse of applicable laws.

2.4. User exclusion

Ribon reserves the right to exclude any user, regardless of type, if this Policy or the Terms of Use are not respected. We value good relationships with users and recognize their right to seek to understand the reasons and even contest them, which can be done via the following email: dpo@ribon.io.

2. How we use your information

We may share your personal data as described in this Privacy Policy or when we provide you with prior notice and, to the extent required by applicable law, obtain your consent. Ribon may share your personal data with the following parties for the reasons discussed below:

Integrations. Ribon may share the information it collects with integration partners. When your donation is made through an integration, it has access to the following data: donation impact, name and details of the nonprofit (such as images of nonprofits and the cause), and DONOR USER EMAIL. Through this document, you expressly authorize such sharing.

Sponsor of the Ribon Business Plan Services. We may share certain personal data (including but not limited to your name, email address, subscription, plan cost, and administrative details) with your employer or another third party offering you access to Ribon's Business Plan. If your sponsor allows and opts to participate in any challenge or competition, we may share your data for the specific use and disclosure of the program, such as allowing your sponsor to share a leaderboard.

Service Providers. We may share personal data with companies that perform services on our behalf, including suppliers who help us send communications, analyze data, and maintain our websites and the Ribon platform.

All data, information, and content about you are considered assets. Therefore, we reserve the right to include your data among the company’s assets if we participate in negotiations for sale, acquisition, or merger with other companies.

Ribon reserves the right to provide data and information about you, including your interactions, if required by law.

3. Data sharing

You can always choose not to disclose your data, but keep in mind that some of this data may be necessary to use certain features of our applications. Regardless, you will always have rights regarding privacy and protection of your personal data.

Accordingly, below is a summary of all the rights you have under sector-specific data protection laws and the General Data Protection Law (“LGPD”), which include:

Right of access. This right allows you to request and receive a copy of the personal data we hold about you.
Right to rectification. This right allows you to request the correction and/or rectification of your personal data at any time if you identify any inaccuracies. However, in order to carry out the correction, we will need to verify the validity of the information you provide. You can request the rectification of some of your personal data by contacting us at [dpo@ribon.io](mailto:dpo@ribon.io), through the support available in the app, and certain data can be edited directly on the platform.
Right to erasure. This right allows you to request the deletion of the personal data we hold about you. All collected data will be deleted from our servers upon your request or when it is no longer necessary or relevant for us to provide our services, except if there is another reason for its retention, such as a legal obligation to keep the data or the need to preserve it to protect Ribon's rights. To update your personal information or request its deletion from our database, simply send an email to dpo@ribon.io.
Right to object to processing. You also have the right to object to our processing of your personal data in different contexts. In certain situations, we may demonstrate that we have legitimate grounds for processing your data, which override your rights, if, for example, they are essential for providing our applications.
Right to request anonymization, blocking, or deletion. This right allows you to request the suspension of the processing of your personal data in the following scenarios: (a) if you want us to verify the accuracy of the data; (b) when you need us to retain the data even if we no longer require it, as necessary to establish, exercise, or defend legal claims; or (c) if you have objected to the use of your data, but in this case, we need to verify whether we have legitimate grounds to continue using it.
Right to data portability. We will provide you or a third party of your choice with your personal data in a structured and interoperable format.
Right to withdraw consent. You have the right to withdraw your consent regarding the terms of this Privacy Policy. However, this will not affect the lawfulness of any processing carried out prior to the withdrawal. If you choose to withdraw your consent, we may no longer be able to provide certain services.
Right to review automated decisions. You also have the right to request a review of decisions made solely based on the automated processing of your personal data that affect your interests, including decisions aimed at defining personal, professional, consumer, and credit profiles and/or aspects of your personality.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise your other rights). This is a security measure to ensure that personal data is not disclosed to those who do not have the right to receive it. We may also contact you to request further information regarding your request to expedite our response. We will respond to all requests within 15 (fifteen) calendar days. We will always keep in touch to inform you and keep you updated on the progress of your request.

If you have any questions about these matters or about how you can exercise your rights, feel free to contact our Data Protection Officer (DPO), DATA GUIDE CONSULTORIA E SOLUÇÕES EM PROTEÇÃO DE DADOS LTDA, at the email address dpo@ribon.io.

4. Data subjects' rights

All your data is confidential, and only authorized individuals will have access to it. Any use of this data will be in accordance with this Policy. Ribon will make every reasonable market effort to ensure the security of our systems and your data. Our servers are located in different locations to ensure stability and security and can only be accessed through pre-authorized communication channels.

To keep your personal information secure, we use electronic and managerial tools designed to protect your privacy. These tools are applied considering the nature of the personal data collected, the context and purpose of the processing, and the risks that potential breaches could pose to the rights and freedoms of the data subjects. Among the measures we adopt, we highlight the following:

Only authorized persons have access to your personal data;
Your personal data is stored in a secure and suitable environment.

Ribon is committed to adopting the best practices to avoid security incidents. However, it is important to highlight that no virtual page is entirely secure and free of risks. It is possible that, despite all our security protocols, third-party issues may occur, such as cyber-attacks by hackers, or due to negligence or imprudence by the user/customer.

Whenever possible, all your information will be encrypted, except in cases where its use by the platform would be impaired. You may request a copy of your data stored in our systems at any time. We will keep your data and information only for as long as necessary or relevant for the purposes described in this Policy, or for periods pre-determined by law, or until it is necessary to maintain Ribon’s legitimate interests.

Ribon considers your privacy extremely important and will do everything in its power to protect it. However, we cannot fully guarantee that all the data and information you provide on our platform will be free from unauthorized access, especially in the event of improper sharing of the credentials necessary to access our app.

In the event of security incidents that may pose a relevant risk or harm to you or any of our users/customers, we will notify those affected and the Brazilian National Data Protection Authority about the occurrence, in accordance with the provisions of the LGPD.

Therefore, you are solely responsible for keeping your access password in a secure location, and sharing it with third parties is prohibited. You agree to notify Ribon immediately, through a secure means, about any unauthorized use of your account, as well as any unauthorized access by third parties to it.

5. Security of information

We may log activities you perform when using our app, website, or blogs, creating, when possible and applicable, logs (records of activities performed on websites, apps, and services) that will include: the IP address, access and actions you performed in the service provided, the date and time of each action performed, and information about the device used, such as the operating system version, browser, and geolocation. We may also use certain technologies, either our own or third-party, to monitor the activities performed while you access our websites and blogs, such as:

Cookies: are internet files that temporarily store what you are visiting on the web. Ribon has cookies in its platform, websites, and blogs and also receives information from partners about cookies inserted on their respective websites. Cookies can be used for various purposes, including remembering you and your preferences, persisting information related to your activities on the visited site, or collecting information that can be used to provide personalized content.

We have third-party cookies enabled on our website. Privacy practices will be governed by the privacy policies and terms of use of these third parties, and we cannot control or be responsible for the privacy practices and content of third parties. Therefore, we emphasize that you can block cookies at any time by enabling a setting in your internet browser, and your ability to limit cookies will be subject to the settings and limitations of your browser. You can also delete existing cookies through the same internet browser settings. If you choose to disable cookies, you can continue to browse our websites and blogs, but some parts of the pages may stop working.

Web beacons: A web beacon is a technique that allows tracking who is visiting a specific web page, identifying behavior across different sites or web servers.

Analytics tools: These tools can collect information such as how you visit a website, including which pages and when you visit them, as well as other sites that were visited before, among others.

All technologies we use will always respect the terms of this Privacy Policy.

6. Activity log

Ribon reserves the right to change this Policy as often as necessary to provide you with greater security, convenience, and to improve your experience. That’s why it’s important to review our Policy periodically. For your convenience, we indicate the date of the last update at the beginning of the document.

If you decide to use and/or access the Services after any changes to the Privacy Policy have been posted, you expressly consent to such changes, and the revised Privacy Policy will apply. We emphasize that the latest version of the Privacy Policy and the Terms of Use will always be available for consultation, explicitly mentioned when logging into your account on the Ribon platform and also in your account’s settings menu.

7. Updates to this Privacy Policy

Ribon provides for the liability of the agents involved in the data processing procedures, in accordance with Articles 42 to 45 of the LGPD. We are committed to keeping this Privacy Policy updated, observing its provisions and ensuring its compliance.

In addition, we also commit to seeking technically and organizationally secure conditions that are apt to protect the entire data processing process. Should the Brazilian National Data Protection Authority require the adoption of measures concerning the data processing carried out by Ribon, we are committed to following them.

8.1. Disclaimer of liability.

Despite high security standards to prevent incidents, no virtual page is entirely free of risks. In this regard, Ribon is not responsible for:

I – Any consequences arising from the negligence, imprudence, or incompetence of users regarding their individual data. We guarantee and take responsibility only for the security of the data processing processes and for fulfilling the purposes described in this document.

We emphasize that the responsibility for the confidentiality of access data lies with the user.

II – Malicious actions by third parties, such as hacker attacks, except in cases of proven deliberate or reckless conduct by Ribon. We emphasize that in the event of security incidents that may cause significant risk or harm to you or any of our users/customers, we will notify those affected and the Brazilian National Data Protection Authority about the incident and will comply with the necessary measures.

III – Inaccuracy of the information entered by the user/customer in the records required for the use of Ribon's services. Any consequences arising from false or maliciously inserted information are the sole responsibility of the user/customer.

8. Our responsibility

According to Brazilian Law No. 13,709/2018, Ribon is considered the “Controller” of your personal data. If, after reading this Privacy Policy, you still have any questions or need to contact us for any reason related to your personal data, you can reach out to our Data Protection Officer, DATA GUIDE CONSULTORIA E SOLUÇÕES EM PROTEÇÃO DE DADOS LTDA, through the channels below:

Email: dpo@ribon.io
Support section on the Ribon App or Platform by following these steps:

Open the Ribon app on your phone or access the platform at https://dapp.ribon.io/ – at the top of the screen, tap the gear icon – click on the “Support” section and get in touch with us.

9. Contact us

This document is governed by and must be interpreted in accordance with Brazil's General Data Protection Law (Federal Law No. 13,709/2018), also known as LGPD, regulates the processing of personal data in the country.

10. Applicable law

Still have questions?