PuxadorPro MDM

Privacy Policy

Last updated: April 16, 2026

1. Introduction

PuxadorPro ("we", "us", "our") operates the PuxadorPro MDM platform, an enterprise mobile device management solution for retail businesses. This Privacy Policy describes how we collect, use, and protect information when businesses use our platform to manage their company-owned mobile device inventory.

2. Information We Collect

2.1 Business Account Information

When a business registers for PuxadorPro MDM, we collect: business name, business registration number (CNPJ), administrator name, email address, and phone number.

2.2 Device Information

For company-owned devices enrolled in the platform, we collect: device IMEI, model, serial number, operating system version, enrollment status, and management policy compliance status. This information is provided by the business administrator who owns the devices.

2.3 Management Logs

We maintain audit logs of all device management actions (enrollment, policy changes, lock/unlock events) for security and compliance purposes.

3. How We Use Information

We use collected information to:

  • Provide device management services to registered businesses
  • Enroll and manage company-owned devices via Android Enterprise
  • Execute device management policies set by business administrators
  • Maintain audit trails for compliance and security
  • Provide customer support and technical assistance
  • Improve our platform and services

4. Data Sharing

We do not sell or rent personal information. We share data only with:

  • Google Android Enterprise: Device enrollment and management data necessary for the Android Management API to function
  • Infrastructure providers: Hosting and database services (Vercel, Supabase) that process data on our behalf under strict data processing agreements
  • Legal requirements: When required by law, regulation, or legal process

5. Data Security

We implement industry-standard security measures including: TLS 1.3 encryption for data in transit, AES-256 encryption for data at rest, Row-Level Security (RLS) for tenant data isolation, regular security audits, and access controls with principle of least privilege.

6. Data Retention

Business account data is retained for the duration of the service agreement plus 12 months. Device management logs are retained for 24 months for compliance purposes. Upon account termination, all managed devices are released from management and associated data is deleted within 30 days.

7. LGPD Compliance

We comply with the Brazilian General Data Protection Law (Lei Geral de Protecao de Dados — LGPD, Law No. 13.709/2018). Data subjects have the right to access, correct, delete, and port their personal data. Requests can be submitted to our Data Protection Officer at privacy@puxadorpro.com.

8. Device User Notification

All devices managed through our platform display a clear notification that the device is under enterprise management. Users of company-owned devices are informed by the business administrator about the management policies in effect before receiving the device.

9. Contact

For privacy-related inquiries:
Email: privacy@puxadorpro.com
Website: puxadorpro.com/enterprise