Privacy Policy — NewUp
NewUp Tecnologia LTDA ("NewUp") respects the privacy and protection of the personal data of visitors, prospects, clients, and other data subjects. This Policy explains how we process personal data, for what purposes, who we share it with, and what your rights are, in compliance with Brazilian Law No. 13,709/2018 (the General Data Protection Law — LGPD).
Last updated: May 28, 2026.
How NewUp acts: Controller and Processor
NewUp processes personal data in two distinct roles, and this determines who you should contact to exercise your rights.
As a Controller, NewUp decides on the processing of data it collects directly: data from people who browse newup.tech, who request a demo, and from its contracting clients.
As a Processor, NewUp processes personal data on behalf of its clients — creditor companies that use our conversational AI platforms, such as NewCob, to communicate with their debtors. In this case, the client is the Controller: it defines the purposes and legal basis of the processing. If one of our platforms contacted you (by phone, WhatsApp, voice, or text) about a debt or contract, the party responsible for your data is the creditor company, and your rights should be exercised with it. NewUp acts only under that company's instructions and the data processing agreement signed between the parties.
The rest of this Policy mainly describes the processing in which NewUp acts as a Controller.
Data we process as a Controller
We collect only what is necessary for the purposes described below.
Data you provide to us:
- name, e-mail, and phone number, when you fill out a contact form or request a demo.
Data collected automatically when you browse the site:
- access records, IP address, and technical device and browser information (logs);
- aggregated usage data for audience measurement, collected without identifying cookies.
How we use this data and on what legal basis
- To respond to contact and demo requests and conduct commercial discussions — performance of preliminary procedures related to a contract, at your request (LGPD, art. 7, V), and legitimate interest (art. 7, IX).
- To secure the site and prevent fraud and abuse — legitimate interest (art. 7, IX).
- To measure audience and improve the site — legitimate interest (art. 7, IX).
- To comply with legal and regulatory obligations — compliance with a legal obligation (art. 7, II).
When processing depends on your consent, it will be requested specifically and may be revoked at any time.
Data we process as a Processor (AI platforms)
When operating platforms such as NewCob, NewUp processes, on behalf of the creditor client, data such as:
- the data subject's identification and contact details (name, document number, phone, e-mail);
- information about the debt or contract under recovery;
- the content and records of interactions conducted by the AI (text messages, WhatsApp, and voice call recordings);
- derived information used to determine the best channel and timing for contact.
The purpose, legal basis, and retention period for this data are defined by the client Controller. NewUp uses it only to provide the contracted service and keeps it segregated per client.
Automated decisions and use of artificial intelligence
Our platforms use AI to determine contact channels, timing, and strategies. You have the right to request a review of decisions made solely on the basis of automated processing that affect your interests (LGPD, art. 20). Since this processing is carried out under the responsibility of the client Controller, the review request must be directed to it.
Who we share data with
NewUp does not sell personal data. We share data only when necessary, with:
- providers that process data on our behalf, such as our hosting and audience-measurement provider (Vercel) and our transactional e-mail provider (Resend);
- technology providers that enable the AI platforms, such as language-model providers and messaging and voice channel providers (for example, WhatsApp);
- public authorities, when required by law or by order of a competent authority.
Processors are contractually required to handle data only under our instructions and to adopt adequate security measures.
International data transfer
Some of these providers store or process data outside Brazil, mainly in the United States. For these transfers, we adopt the mechanisms required by the LGPD and by ANPD Resolution No. 19/2024, including the standard contractual clauses approved by the ANPD, to ensure a level of protection compatible with Brazilian law.
Cookies and similar technologies
The site uses a functional cookie to remember your chosen language (NEXT_LOCALE). Audience measurement is done with a tool that uses no identifying cookies and does not track you across sites, which is why we do not display a cookie banner. If we begin using cookie-based analytics tools, such as Google Analytics, we will request your consent before activating them. You can block or remove cookies in your browser settings, aware that some site functions may stop working properly.
How long we keep data
As a Controller, we keep data for the duration of the relationship with the data subject and for the periods needed to comply with legal obligations or to exercise rights in proceedings. Once the purpose ends, the data is deleted or anonymized. As a Processor, the period is defined by the client Controller in the data processing agreement, and the data is deleted or returned when the service ends.
Security and incident response
We adopt technical and organizational measures to protect data against unauthorized access, loss, or alteration. If a security incident occurs that may create a relevant risk to data subjects, we will notify the ANPD and the affected data subjects under the terms of ANPD Resolution No. 15/2024.
Your rights
The LGPD grants you, at any time, the right to:
- confirm the existence of processing and access your data;
- correct incomplete, inaccurate, or outdated data;
- request anonymization, blocking, or deletion of unnecessary data or data processed in violation of the law;
- request data portability;
- be informed about the sharing of your data;
- revoke consent, where processing is based on it;
- object to processing based on legitimate interest.
To exercise these rights over data for which NewUp is the Controller, contact our Data Protection Officer through the channel below. For data processed on behalf of a creditor client (Processor role), send the request to the responsible creditor company; if you contact us, we will forward the request to it.
Data Protection Officer (DPO)
Questions, requests, and the exercise of rights may be directed to our Data Protection Officer:
National Data Protection Authority (ANPD)
If you believe your data has not been processed in accordance with the law, you may file a complaint with the ANPD (gov.br/anpd), preferably after contacting our Data Protection Officer.
Children and adolescents
NewUp's site and services are intended for companies and professionals and are not directed at minors. We do not knowingly collect data from children and adolescents.
Updates to this Policy
We may update this Policy to reflect changes in our services or in the law. The current version will always be available on this page, with the date of the last update.
Contact and change of control
NewUp Tecnologia LTDA — contato@newup.tech.
In the event of corporate reorganization, merger, or acquisition, personal data may be transferred to the successor entity, maintaining the conditions of this Policy and applicable law.