Skip to content
Sonarprint
Privacy & data protection

Sonarprint Privacy Notice

This Privacy Notice must be read and interpreted together with the Collaborative Network Privacy Notice.

Last revised: June 3, 2026

Group Link Network S.A.

CNPJ: 10.664.687/0001-13

We are Group Link Network S/A (“GL” or “Group Link”), a Brazilian technology company, registered with CNPJ under no. 10.664.687/0001-13, headquartered at Rua Gomes de Carvalho, no. 1510, Vila Olímpia, ZIP code 04547-005, in the city and State of São Paulo.

One of GL's core values is the protection of personal data and, for this reason, its technology is based on and structured around technical and pseudonymized data, that is, without any information linked to civil data about you, such as, for example, name, RG, CPF or other information that could identify you directly.

This Privacy Notice describes how GL, in its capacity as Data Controller, collects, uses, stores and shares personal data within the scope of the Sonarprint solution.

The data collected via SDK, the security measures, the retention periods for raw data held by GL and the general rights of data subjects are described in the Collaborative Network Privacy Notice, available at www.grouplinkone.com. This Privacy Notice for the Sonarprint solution must be read and interpreted together with the GL Collaborative Network Privacy Notice.

Through this Privacy Notice we will describe the personal data processing practices related to the Sonarprint solution.

What is Sonarprint

Sonarprint is GL's anti-fraud solution that combines the intelligence of GL's Collaborative Network with our Business Partners' need to protect their transactions. GL processes technical device data and delivers structured metrics to our Business Partners.

The decision on the legitimacy of a transaction always rests with our Business Partners. GL is responsible for providing part of the technical inputs that support this decision.

Sonarprint does not expose identifiable personal data to Business Partners. As will be outlined below, GL delivers inferences about device behavior, without precise location coordinates and without direct identifiers. GL does not know the data subject who holds the device.

Roles of Group Link Network in Sonarprint

GL operates in two distinct layers as a personal data processing agent.

GL as Data Controller

GL will be the Data Controller in the collection of technical data via the SDK embedded in its own apps or in those of Business Partners. In this case, GL will determine the purposes and means of processing of any personal data collected.

GL as Data Processor

In turn, GL will be the Data Processor in the delivery of anti-fraud metrics to Business Partners. GL processes data on behalf of the Business Partner who, at that point, becomes the Data Controller, responsible for the decision on whether or not to validate the transaction carried out and for the relationship with the data subject.

This means that for the fraud-prevention decision that affects you as a user of a service, the Business Partner is the responsible Controller. To resolve doubts or to question this decision, you must contact the Business Partner with whom you have a relationship.

What Sonarprint produces from GL's Collaborative Network data

Based on the data collected by the Collaborative Network, GL, through the Sonarprint solution, processes and delivers to Business Partners the following metrics about the device:

  • Pre-processed metrics
  • Post-processed metrics

The processing of personal data carried out by GL as Controller within the scope of Sonarprint has as its legal basis legitimate interest (art. 7, item IX of the LGPD), for the purposes of operating and maintaining the Collaborative Network and developing fraud-prevention solutions based on patterns of device behavior.

The legitimate interest was assessed through a Legitimate Interests Assessment (LIA), the results of which are documented in the Sonarprint Data Protection Impact Assessment. The assessment concluded that the risks to data subjects are mitigated by the technical measures described in item 7 of this Notice and in GL's Collaborative Network Privacy Notice.

GL, in its Sonarprint solution, does not carry out individual commercial profiling. You may object to the data processing carried out at any time, in accordance with the information available in item 8.

With whom we share your personal data

GL, through Sonarprint, shares data only for the purposes necessary for the operation. The table below summarizes the recipients.

Recipient What is shared
Business Partners Pre- and post-processed anti-fraud metrics.
Cloud providers Pseudonymized data necessary for hosting and processing.
Public authorities and regulators Data that may be required by judicial, regulatory or legal order.

GL contractually requires that Business Partners: (i) act as Controllers responsible for the processing of the outputs for anti-fraud purposes; (ii) do not link civil identity data (such as CPF and RG, for example) to the identifier provided by GL; and (ii) inform their data subjects about the existence of the SDK in their own privacy notices.

Security measures

In addition to the security measures described in the Collaborative Network Privacy Notice, Sonarprint adopts the following technical safeguards for its proper processing:

Isolated pseudonymized identifier reversal key

The key that allows the pseudonymized identifier to be reverted to the advertising/device identifier is restricted to GL access, under a documented procedure, triggerable only in response to incidents or by judicial order.

Kill Switch

The SDK has a remote configuration that allows data collection to be disabled without the need to update the app version.

Your rights as a data subject and how to exercise them

Under the terms of art. 18 of the LGPD, the data subject has the following rights:

  • Confirmation: to be aware of whether GL processes personal data of which you are the subject;
  • Access: to access the personal data that GL processes about you;
  • Correction: to have corrected any incorrect or untrue data that GL processes about you;
  • Deletion: to have your personal data deleted, where permitted by law;
  • Objection: to object to the processing carried out;
  • Information on sharing: to be aware of which entities GL shares your data with;
  • Review of automated decisions: to have the possibility of reviewing decisions made solely on the basis of automated processing.

Since GL does not hold direct registration data, such as, for example, name, RG, CPF, date of birth, the right to portability is not applicable within the scope of the Network.

Due to the pseudonymized nature of the Collaborative Network, GL does not hold registration data that would allow it to individually identify the data subject from a generic request.

To exercise the rights of access, correction or deletion, the data subject must provide the advertising identifier of their device in an email to dpo@grouplinkone.com.

The right to object to processing may be exercised at any time by revoking the location and Bluetooth permissions in the device's operating system settings, which immediately ends data collection by the SDK.

If you wish to identify or reset your device's advertising identifier:

  • On Android devices, go to Google Play Store → profile photo → Settings → General → Ads;
  • On iOS devices, go to Settings → Privacy & Security → Tracking.

Contact with the Data Protection Officer

In case of questions, comments or suggestions related to the provisions of this Policy, please contact our Data Protection Officer.

Data Protection Officer (DPO):
Deluca Sociedade Individual de Advocacia
Responsible:
Patrícia Serson Deluca
Contact email:
dpo@grouplinkone.com

Updates to this Privacy Notice

This document was revised on June 3, 2026. GL may change the provisions of this document based on its technical and operational reality. The version in force is the one available on our website (www.grouplinkone.com).