Documents & Data

Last updated: February 13, 2026

Introduction

Your privacy is important to us. It is the policy of REINO GESTAO DE PATRIMONIO E CONSULTORIA LTDA (“Reino Capital”), registered under CNPJ 55.911.132/0001-67, headquartered at Avenida República do Líbano, 251, Suite 1422, Tower 5, Riomar Trade Center, Recife/PE, Brazil, to respect your privacy regarding any information we may collect on the website reinocapital.com.br and other platforms we operate.

This Privacy Policy has been prepared in accordance with Brazilian Law No. 13,709/2018 — the General Data Protection Law (LGPD) — and aims to clearly and transparently inform you about how we process your personal data.

Data Controller

The controller of your personal data is REINO GESTAO DE PATRIMONIO E CONSULTORIA LTDA, a private legal entity that determines the purposes and means of processing the collected personal data.

Purpose

The personal data collected is used for the following purposes:

Cookies

The platform uses cookies to ensure proper website functionality and improve your experience. Cookies are managed by Cookiebot, which allows you to control which cookie categories you wish to accept.

Cookie categories used:

• Strictly necessary: essential for website functionality (authentication, session, security). Cannot be disabled.
• Functional: remember your preferences (language, region).
• Analytical: collect anonymous information about how the site is used for improvement purposes.

Reino Capital does not use advertising, remarketing, or behavioral tracking cookies for marketing purposes.

You can manage your cookie preferences at any time through the consent banner or your browser settings. Disabling certain cookies may impact site functionality.

For a detailed list of all cookies used — including name, provider, purpose, and expiration — please refer to our cookie declaration managed by Cookiebot, accessible via the cookie icon in the bottom corner of the site.

Retention

Personal data will be retained while your account is active and necessary for providing the contracted services. After account closure, data will be retained for the period required by applicable law and then securely deleted.

As a reference, the main retention periods are:

• Financial and tax records (payments, invoices): up to 5 years, as required by Brazilian tax legislation (CTN, Art. 173);
• Application access logs: 6 months, as required by the Brazilian Internet Civil Framework (Law No. 12,965/2014, Art. 15);
• Registration data (name, email, CPF, phone): while the account is active or until deletion is requested by the data subject, unless a specific legal obligation applies;
• Authentication data (sessions, tokens): until session termination or revocation.

Processing of personal data will cease when:

• The purpose for which the data was collected has been achieved;
• The data subject requests deletion and there is no legal obligation justifying retention;
• There is a legal or regulatory determination to that effect.

Security

Reino Capital adopts appropriate technical and organizational measures to protect personal data against unauthorized access, destruction, loss, alteration, or any form of improper processing. Measures adopted include:

• SSL/TLS encryption for all communication between the browser and our servers;
• Database with restricted access and encrypted credentials;
• Card data tokenization via Stripe (sensitive data never passes through our servers);
• Continuous monitoring of vulnerabilities and security incidents.

DPO

Under Art. 41 of the LGPD, we provide the details of the Data Protection Officer:

User Commitment

The user commits to making proper use of the content and information that Reino Capital offers on the platform, including but not limited to:

• Not engaging in activities that are illegal or contrary to good faith and public order;
• Not spreading propaganda or content of a discriminatory, illegal nature, or that violates human rights;
• Not causing damage to the physical (hardware) and logical (software) systems of Reino Capital, its suppliers, or third parties, nor introducing or spreading computer viruses or any other systems capable of causing the aforementioned damage.

Changes

This Privacy Policy may be updated periodically to reflect improvements in our processes or changes in applicable legislation. We recommend consulting this page periodically. The date of the last update will always be indicated at the top of this policy.

Governing Law

This Privacy Policy is governed by Brazilian law, in particular by Law No. 13,709/2018 (LGPD), the Brazilian Internet Civil Framework (Law No. 12,965/2014), and the Consumer Protection Code (Law No. 8,078/1990). The courts of Recife/PE are elected to resolve any issues arising from this document.

Security Incidents

Reino Capital maintains internal procedures for detecting, containing, and responding to security incidents that may compromise personal data. In the event of an incident that may pose a risk or relevant harm to data subjects, we will take the following measures:

• Notification to the Brazilian National Data Protection Authority (ANPD) within a reasonable timeframe, as provided in Art. 48 of the LGPD;
• Notification to affected data subjects, informing them of the nature of the compromised data, the risks involved, and the measures adopted to mitigate the effects of the incident;
• Root cause investigation and implementation of corrective measures to prevent recurrence;
• Incident documentation with a complete record of all actions taken.

Children & Minors

Reino Capital's platform and the financial advisory services offered are intended exclusively for individuals over 18 years of age. We do not intentionally collect personal data from children or adolescents (under 18 years old).

If we become aware that personal data of a minor has been inadvertently collected, we will promptly delete such information and notify the legal guardian, in accordance with Art. 14 of the LGPD and the Brazilian Child and Adolescent Statute (Law No. 8,069/1990).