Skip to main content
BR-ACC is operated with a public-interest and transparency posture for analysis of publicly available records, with strict minimization and access controls. Under Lei 13.709/2018 (LGPD) Article 7, processing of publicly available data for public interest is permitted when conducted with appropriate safeguards.
This baseline is operational guidance and does not replace formal legal advice.

Public-Safe Defaults

BR-ACC enforces privacy-first configuration in all public deployments: 
PRODUCT_TIER=community
PUBLIC_MODE=true
PUBLIC_ALLOW_PERSON=false
PUBLIC_ALLOW_ENTITY_LOOKUP=false
PUBLIC_ALLOW_INVESTIGATIONS=false
PATTERNS_ENABLED=false
VITE_PUBLIC_MODE=true
VITE_PATTERNS_ENABLED=false

What These Defaults Protect

SettingProtection
PUBLIC_MODE=trueActivates all public-safe filters
PUBLIC_ALLOW_PERSON=falseBlocks person-level lookup and entity exposure
PUBLIC_ALLOW_ENTITY_LOOKUP=falseRestricts direct entity search by personal identifiers
PUBLIC_ALLOW_INVESTIGATIONS=falseDisables investigation mode that may expose sensitive data
PATTERNS_ENABLED=falseDisables pattern analysis features

What Telemetry and Logs Are Collected

BR-ACC may collect operational telemetry for reliability and abuse prevention:
  • Request metadata (timestamp, route, status, latency)
  • Rate-limiting events and security signals
  • Platform errors and diagnostic traces

What Is Not Collected

In public-safe mode, BR-ACC does not intentionally expose:
  • Person-level entity outputs
  • Personal identifier fields (CPF, partial documents)
  • Person and Partner entities in public responses
BR-ACC does not use platform output as a criminal determination system.

Retention Windows and Access Controls

  • Logs are retained for a limited operational window according to security and incident needs
  • Access to operational logs is restricted to authorized maintainers
  • Sensitive operational infrastructure details are kept in private repositories only

Data Subject Rights

Under LGPD, data subjects have rights to:
  • Access: Request confirmation of processing and access to their data
  • Correction: Request correction of incomplete, inaccurate, or outdated data
  • Deletion: Request deletion review for data no longer necessary for processing purposes
  • Portability: Request data in structured, commonly used format
  • Opposition: Object to processing in certain circumstances

How to Exercise Your Rights

Rights requests are handled through GitHub issue templates:
  1. Privacy Request: For access, deletion, or portability requests
  2. Data Correction Request: For correction of inaccurate data

Submit a Privacy Request

Use our GitHub issue templates to submit privacy or correction requests

Request Handling Process

Required handling steps:
  1. Register timestamp and case ID
  2. Verify request scope and source evidence
  3. Produce a decision log with rationale
  4. Respond within legally required timeframes

Abuse Investigation Logging

When abuse is suspected, BR-ACC may preserve relevant logs for incident analysis and enforcement. Abuse handling follows:

Cross-Border Processing Note

BR-ACC may process infrastructure and collaboration workflows across jurisdictions. Brazil-first LGPD posture remains mandatory for datasets and outputs related to Brazil.

Retention and Deletion Principles

Retention follows operational necessity and legal obligations:
  • Keep only the minimum needed for platform operation, security, and abuse response
  • Avoid retaining unnecessary personal data in public-facing flows
  • Apply correction/removal actions in the next published snapshot cycle when approved

Policy Version

Policy-Version: v1.0.0
Effective-Date: 2026-02-28
Owner: WTG Governance Team

Build docs developers (and LLMs) love

Get started for freeTalk to us