Request a free tryout

Privacy Policy

Last updated: Sep 30, 2025 

Siteware values the privacy of users and the security of its customers’ information. Therefore, by agreeing to use Siteware’s services and applications, you are entrusting us with the processing and sometimes safekeeping of confidential information and some personal data. In this way, it is our duty to act responsibly and with commitment to the information entrusted to us. 

Siteware is an IT company that provides specialized tools to simplify performance management in organizations, primarily in the Software as a Service (SaaS) model. Our apps are used by many companies around the world. 

Here we show how data is treated throughout the information lifecycle: collection, processing, retention, protection and management; highlighting what can be considered as personal data by the strictest market standards. 

The Siteware platform is only available to organizations (B2B), our customers, and for business purposes only. Our customers’ employees are the users of the systems we offer. The personal data that is processed by the systems we offer is linked only to the professional activities of these users (see shared responsibility models). 

As a SaaS provider, Siteware collects and processes the data on behalf of the organizations that hire us. In this model, our customer is the “data controller” and Siteware acts as the “data processor”, primarily through our offerings. 

In this way, the data processing will be carried out in accordance with the instructions established by our customers and in compliance with the applicable legislation. If you are an employee, former employee or supplier of one of our clients and have any questions or wish to exercise any of your rights as a personal data subject, we ask that you contact the responsible client directly. 

When you hire our solution, browse our website, fill out our business forms, or interact with our channels, social networks, and our help center, Siteware will act as a “data controller” in relation to the personal data provided by you. 

If you (customer or user or visitor to our website) do not agree to the terms presented here, please do not use the Siteware platform or access our website. By using our applications and/or website, you declare that you are aware of the content of this Policy and will be legally bound by all the conditions set forth herein. 

When there is a change in how our software treats what may be considered personal data, we will modify and disclose the revision of this policy. 

Details of this policy are presented below. We also encourage you to read the company’s other policies and codes of conduct. If you have any questions, please contact our Personal Data Officer at the e-mail: [email protected] 

Best regards

assin Privacy Policy

The Siteware platform is composed of applications that enable the execution of strategic management and the monitoring of goals with the purpose of improving business management (from the C-level to the factory floor). Below are some examples of the modules available: 

Corporate Performance: Monitoring of Strategic Objectives, KPIs and OKRs allowing the top-down deployment of goals, botton-up consolidation of results. 

Individual Performance: Calculation of managers’ bonuses based on goals achieved. Skills Assessment, Feedback and Individual Development Plan. 

Opportunities for Improvement: Continuous improvement of processes, through methodologies for the Analysis and Resolution of Problems with Action Plans. 

Meeting Management: Monitoring of the entire life cycle of a meeting, from the call, proposal of the agenda, preparation and approval of the minutes and the monitoring of the agreed deliberations. 

Visual Management (exclusive to the STRATWs One offer): Creation of Management Dashboards and Reports. 

Project Portfolio Management (exclusive to the STRATWs One offer): Project Portfolio Management through a framework that has the best practices in project management. 

The modules are natively integrated. Platform adoption is flexible. They share the same philosophy and a common core. Our clients typically start by using 2 or 3 modules and gradually hire others. 

What information do Siteware apps collect? How are they used and shared?

Basically, the information is collected to help the leaders of organizations monitor corporate performance. The data is shared only in the context of the organization that hires us, through the formal communication channels determined by it (emails, internal reports, panels, meetings, etc.). 

Due to the nature and purpose of our applications, most of the data is corporate. This information usually is: goals, KPIs, tasks, results calculation, action plans, projects and meeting minutes. 

It is important for customers and users to know that some data, considered personal by the most restrictive concepts, are manipulated in our software, especially those related to the attributions of users in the performance of their professional activities. 

 

What can be considered as personal data? How are they used and shared?

By the strictest standards, “personal data” is any information that can be used to identify the “user”, directly or indirectly, alone or in conjunction with other information. This includes data such as: corporate login and/or full name, email address, phone number, photo, device IDs, some cookie identifiers, network identifiers, and location identifiers. 

Given the above definition, some of our apps’ information is characterized as personal data. In user registration, the following fields are mandatory: user name/login and email. The optional fields, when available, are typically: CPF/ID, telephone, cell phone, birthday, marital status, gender, registration/enrollment, management unit, leadership position, occupation, immediate superior, date of admission, date of admission to the function and photo. 

System administrators on the client can choose, at the time of creating a user, whether or not to populate the optional fields in the profile, if they are available. Users can update their registration. 

Siteware’s B2B platform does not store or request more sensitive personal information. In  the SaaS Premium1 versions  , the software allows the use of federated identity (which we recommend). In this case, access is guaranteed by the customer’s corporate directory, without the need to store the access password. 

When Siteware applications are used by a user, their activities are recorded for auditing purposes. This is considered as personal data by the most restrictive precepts. Here’s an example: 

When the value of a KPI is manually changed in the system, the name of the user who made the change is recorded, reflecting the professional activities linked to his role. This serves  commonly demanded logs (time and date + username + action + value). Example: at 09:30 am on Aug/02/19 user X changes KPI Y to value Z. 

There are other situations where users’ activities are recorded. They are: access to the system, tasks, attached files, workflows, meetings, and other system objects. As in the previous example, this information is used for auditing purposes. 

The collection, use, and sharing of information is related to performance management and may vary according to the modules used by customers. Check which modules of Siteware applications are being used by your company. Below are the most common functionalities of each module and some typical audit logs: 

The Corporate Performance module  brings together strategic, tactical, and operational indicators in a single place, extracting information from other systems or ERP’s used in the company. Information can be fed automatically by interfaces or manually by defined users (generating logs). In this module, it is possible to monitor the result of strategic planning in real time, involving all employees around the improvement of results, regardless of the management model used.  

The Individual Performance  module helps in the development and retention of talents. With it, it is possible to evaluate performance and compensate employees for the result. It has the function of Results Program (VR), Competency Assessment for the development of Individual Development Programs (IDP) and 9 Box Matrix. 

The Meeting Management  module  supports the entire life cycle of a meeting: from scheduling, setting the agenda, inviting attendees, creating the agreed tasks, to drafting and approving the minutes. In line with the GTD (Getting Things Done) methodology, it allows the monitoring of defined tasks (creation and execution log). 

The Sight Management module  automates the sight management process, which makes management transparent and focused on what really matters. Through dashboards or reports, he gathers the information from the indicators with the aim of sharing them with the entire team. This may include viewing results by indoor LCD TVs in common areas. In this way, it is possible to increase engagement, productivity, and improve the relationship between all areas of the company.  

The Improvement Opportunities  module (or Action Plans and FCA’s in Valorae Goals) conducts the analysis and solution of problems, making the company implement the continuous improvement of processes through universal methodologies, such as: PDCA, FCA, Ver & Agir, DMAIC, among others. In addition, this module provides support for obtaining and maintaining key certifications by grouping analysis into Corrective Actions and Improvement Actions. Forms can be created in this module and tasks defined (changes are logged). Users access the tasks assigned to them, as well as the approval flow (logged in). 

The Project Portfolio Management  module (there is no counterpart in Valorae) allows you to monitor the evolution of a project, change management, deliveries and their costs, in addition to having a graphical and consolidated view of the status of the entire project portfolio. Projects can be created and schedule set (change logged). Users access projects and schedules in the units assigned to them. C-level leadership and executives can see the entire portfolio. 

How is information accessed in Siteware applications? Who has access?

Once the user enters a valid name and password in a web browser, a secure connection is established using HTTPS (Hypertext Transfer Protocol Secure). After authentication, the user can access the company’s business units to which they have permission granted by the system administrator on the client. 

Siteware applications can only be accessed by a valid corporate email/ID. Login can use  customer single sign-on mechanism  (in the premium  SaaS version with federated identity). Only authorized customer employees and contractors can access the system. 

Siteware may eventually access the customer’s environment for support and maintenance. Access is restricted to some members of the support team (for the investigation of specific issues) and by members of the product team (for fixes and updates). Permissions are restricted by access control policies based on the role of these Siteware employees. Accesses are recorded. 

 

How is information protected in Siteware applications?

Siteware treats customer and user information as confidential and adopts high security standards to protect this data by deploying multi-layered security measures. 

Siteware applications use world-class security technologies, and all data is encrypted (in transit and at rest). Additionally, our customers can hire2: Web application firewall with DDoS protection, among other options. Our software undergoes vulnerability analysis and penetration testing on a regular basis. 

Siteware takes extra measures to protect customer data from unauthorized or unlawful processing, accidental or unlawful destruction, accidental loss, unauthorized alteration, unauthorized disclosure or access, misuse, and any other unlawful form of data processing in our possession. 

In case of any security breach in the environments made available to our customers, we provide all the support required by law. Security breach is understood as the possibility of exposing information that compromises the confidentiality or integrity of your stored data. It is worth mentioning that all data exchange takes place through a secure SSL communication channel encrypted with digital signatures. 

How long do Siteware apps retain this information?

The information is retained in the software for an indefinite period of time, as long as the customer maintains the contract with Siteware. In the event of contract termination, the information remains available for 30 days. After this period, the data will be backed up. From then on, the entire SaaS instance (application, database, and storage) will be terminated and deleted. For security, this backup is retained for one year and then destroyed. 

What other data collection tools do Siteware apps use?

Our apps use cookies to collect data and improve the user experience on our web app. Siteware also uses third-party analytics tools (such as Google Analytics, PowerBI, Mixpanel, etc.) to measure engagement with the system. 

What data is collected on our website? 

When you visit our website, voluntarily fill out our business forms, or interact with Siteware in a variety of ways (such as to request information, answer questions, engage our services, apply for a job, or enter into a partnership, among others), different personal data may be collected. This data includes, but is not limited to: 

Business Contact Details 

Name, surname, corporate email, telephone (whatsapp), company name, position, department, among others that can be requested optionally and provided voluntarily. 

Commercial Contract Data 

Data of the legal representative and the contact responsible for hiring (full name, e-mail, CPF, address, telephone), company, CNPJ, financial data. Also, the data of employees or third parties, responsible for the contract, may be requested. 

Candidate Data 

Name, email, phone number, area of expertise, identification document, Linkedin profile, portfolio and resume. Other additional data may be requested and collected during the recruitment process. 

Cookies 

The Cookies used by Siteware applications collect and encrypt application context information, such as the last business unit accessed by the customer’s web application, thereby improving the user experience. Authentication cookies are also used to validate the secure connection. 

What are the purposes of the processing of personal data?

Siteware, as a controller, processes personal data in accordance with the General Data Protection Law (Law No. 13,709/18), as well as to meet our and yours legitimate interests. In addition, we observe the following specific purposes: 

  • Provide and manage our services or products; 
  • Improve and perfect our services or products; 
  • Process your registration; 
  • Prepare commercial proposals for our services or products; 
  • Comply with contractual, regulatory or legal obligations; 
  • Perform banking integration; 
  • Exercise the right of defense in judicial, administrative or arbitration proceedings; 
  • To comply with decisions of administrative or judicial authorities; 
  • Notify you about changes to our services or products; 
  • Handle complaints, questions and requests through our customer service; 
  • Conduct selection processes; 
  • Perform audits; 
  • Analyze data to improve usability, experience, and interactivity on our website; 
  • To offer and/or provide recommendations more tailored to your needs or interests, including marketing campaigns or simulations; 
  • Conduct communication and relationship marketing research to improve our services; 
  • Use cookies; 
  • Perform maintenance and updating of registration; and 
  • Support and promote our activities. 

 

Your personal data collected by us will be processed, in accordance with current legislation, for the period necessary to fulfill the purposes for which it was collected, as described above, or to comply with applicable legal requirements. 

If you would like more details on how your personal data is processed based on the above purposes, please contact us at the email address of our Personal Data Processing Officer: [email protected]. 

What are my rights as a personal data subject?

You, as a data subject, may contact Siteware, as a data controller, at any time to:  

  • Confirmation of the existence of Processing of your Personal Data;  
  • Obtain information on how to access your Personal Data;  
  • Perform/request the correction of incomplete, inaccurate or outdated data;  
  • Obtain information about the Anonymization, blocking or elimination of unnecessary, excessive or processed data in non-compliance with the LGPD;  
  • Obtain information about the portability of your Personal Data to another service provider, upon express request;  
  • Request the deletion of data processed with your consent, except in the cases of legal custody and others provided for by law;  
  • Obtain information about the public or private entities with which we share your data;  
  • Obtain information about the possibility of not providing your consent, as well as being informed about the consequences, in case of refusal;  
  • Revoke consent for the Processing of your Personal Data, except in the cases provided for in current legislation;  
  • Other rights of the holder of Personal Data, according to current legislation.  

 

To exercise any of your rights set out above, as well as to determine your preferences in the processing and use of your personal data, you can send an email directly to our Personal Data Controller by message to the email [email protected]. 

To act as a communication channel with data subjects and/or the National Data Protection Authority (ANPD), Siteware has appointed Mr. João Batista Lopes as the Person in Charge of the Processing of Personal Data. 

However, we need to clarify that these rights are not absolute and we will not always be able to fully or partially meet their demands. In these cases, we will provide all the necessary clarifications to justify the reasons for the non-compliance, either in whole or in part.   

For security reasons, we will only be able to comply with your request if we are sure of your identity. Therefore, we may request additional data or information to confirm the identity and authenticity of the requester.  

If you are an employee, former employee or supplier of one of our customers and have questions or wish to exercise your rights as a personal data subject, we recommend that you contact the responsible customer directly. 

If the Data Subject, even after requesting the Processing of their Personal Data from us, still understands that their request has not been properly processed, they may petition the National Data Protection Authority (ANPD). 

Google API Services User Data Policy

Use and transfer of information received from Google APIs to any other application will follow the Google API Services User Data Policy, including Limited Use requirements. 

Acknowledge 

Click here to acknowledge: 

Please click here to confirm the science in politics. 

Siteware Standards Server 

For internal use: 

Acesse a política de privacidade da Siteware neste link: 
www.siteware.com.br/politicas-de-privacidade 

ou 

No Servidor de Padrões Siteware: Política de Privacidade