Facila / Privacy
Privacy as a posture
Privacy isn't compliance.
It's the reason
Facila exists.
We read the most intimate communication in your life — your mother, a client, a doctor. If trust breaks, the product dies. So privacy is the first product requirement, not a checklist.
The eight
What we promise.
- 01
Your data belongs to you. No ifs.
- 02
We don't train models on user data.
- 03
Encryption at rest (AES-256-GCM + KMS).
- 04
Immutable audit log, visible to you.
- 05
Granular consent per channel and per automation.
- 06
Instant pause — one tap.
- 07
Minimal retention (messages: 90d default, configurable 30–365).
- 08
Purpose limitation (LGPD Art. 6, I) — data used only for the product.
LGPD, in practice
All your rights
already shipped.
Brazil's General Data Protection Law gives each person a set of rights. Here's where every one lives inside Facila:
| Right | Where it lives |
|---|---|
| Confirm existence | Settings → Privacy in the app |
| Access your data | “Export data” button |
| Correct data | Edit profile + inline feedback |
| Anonymize / delete | “Delete all” + soft-delete |
| Portability | JSON Schema export |
| Erasure after purpose | Hard-delete in 7 days on request |
| Know who shares it | Subprocessor list below |
| Withdraw consent | Pause Facila or delete account |
15-business-day SLA · privacy@facila.ai
Audio infrastructure
The audio
never leaves
our server.
Transcription runs on a dedicated container inside our private network in São Paulo, using whisper.cpp with a Portuguese-optimized model. OpenAI, Amazon and Google never see a frame of your audio.
01 · Ingest
From WhatsApp into a private Tide bucket.
02 · Transcribe
Whisper.cpp inside a dedicated LXC — ~10s per minute of audio.
03 · Erase
Original audio deleted 7 days after transcription. Automatic.
Per-user keys
Your key.
Your data.
Each user has a unique Data Encryption Key (DEK) generated at signup. It's wrapped with a master key kept in Vault. Your messages are encrypted with your DEK.
DB leaks without KMS?
Data stays unreadable. AES-256-GCM.
Account deleted?
We discard the DEK. Backups become permanently unreadable. LGPD Art. 16.
DBA gone rogue?
Sees nothing without KMS. Privilege separation.
Subprocessors
Who handles your data, openly.
| Service | Data | Region | Retention |
|---|---|---|---|
| Catalisa | WhatsApp messages | BR | Zero retention (contracted) |
| developy.cloud | Whole infrastructure | BR | permanent (Facila operates) |
| OpenAI | Message text (when used) | US | Zero retention via API |
| Anthropic | Message text (when used) | US | Zero retention via API |
| Stripe | Billing (international) | BR/US | per Stripe policy |
| Pagar.me | Pix / BR billing | BR | per Pagar.me policy |
| Sentry | Stack traces, no PII | US | 90 days |
| Posthog (self-host) | Anonymized usage | BR | 12 months |
| Expo Push | Push tokens | US | not stored |
| Resend | Transactional email | US/EU | 14 days |
You can pick your preferred provider in Settings → Advanced: "Catalisa only (BR)" keeps LLMs inside Brazil; or "Anthropic" / "OpenAI" direct.
For the cautious
“I don't trust AI.”
We made a mode for you.
01
"Read only, don't act"
Facila reads and classifies — never sends a thing.
02
"Approve before sending"
Every auto-reply pings you first. [Approve] [Edit] [Cancel].
03
"Show me the prompt"
See the exact prompt sent to the LLM. Full transparency.
Incident response
If something breaks.
- 01DetectSentry + audit anomalies
- 02Contain< 4h
- 03Assess< 24h
- 04NotifyANPD + users < 72h
- 05Post-mortemPublic, anonymized
Report vulnerabilities · security@facila.ai · PGP available
DPO · LGPD
Data Protection
Officer.
- Email privacy@facila.ai
- SLA 15 business days
- ANPD gov.br/anpd
Full policy → privacidade-politica
Convinced?
Join the waitlist