Neexo Tecnologia
PT
Back to website
Legal information

Privacy Policy

How Doar Agora processes personal data related to registrations, tithes, donations, Mass intentions, campaigns, WhatsApp, email, payments, security and platform use.

Last updated: May 27, 2026

1. Who we are and how roles work

Doar Agora is a platform by Neexo Tecnologia, a brand of BRVOZ Neexo Technology e Telecomunicações LTDA, focused on registrations, communications and digital fundraising for churches, parishes and institutions.

This Policy explains how personal data may be collected and processed when using the platform, also serving as Doar Agora’s privacy and LGPD notice.

As a rule, Neexo provides technology, infrastructure and support. The church, parish or institution using the platform is responsible for its relationship with members, contributors, campaigns, communications and fundraising purposes. Depending on the context, the institution may act as data controller and Neexo as processor, without prejudice to Neexo’s own responsibilities when it processes data for security, support, improvement, platform administration or compliance with legal obligations.

2. Personal data that may be collected

  • Identification and registration data: name, date of birth, contributor number, pastoral group, relationship with the institution, language, suggested contribution amount and other fields provided by the user or configured by the institution.
  • Contact data: phone number, WhatsApp, country/phone code, email, email confirmation or validation, contact preferences and information required to send messages.
  • Contribution and payment data: contribution type, amount, recurrence, linked institution, campaign, Mass intention, status, history, Pix, QR Code, copy-and-paste Pix, transaction identifiers, receipts, bank or gateway returns and related administrative records.
  • Campaign and specific form data: quantity, address when required by the campaign, notes, responsibility acceptance, acceptance IP, texts shown at the time of participation and other information requested by the campaign.
  • Communication data: messages sent or received by WhatsApp, email or forms, message templates, links sent, confirmations, failures, message identifiers, delivery status, read status when available and technical records required for sending.
  • Referral or third-party data: phone number or contact of an indicated person, institution link, sending status and minimum records required to control the referral and prevent abuse, when this feature is used.
  • Technical and security data: access date and time, IP address, browser, device, logs, login attempts, attempt limits, protected temporary codes, validation tokens, trusted devices, administrative records and security events.
  • Administrator and operator data: name, email, WhatsApp, permissions, access records, administrative actions, two-factor authentication and data required to operate the institution dashboard.
  • Support and contact data: name, email, phone number, institution, message sent, attachments eventually provided and support records.

3. Sensitive data and religious context

Because the platform is used by churches, parishes and religious institutions, some data may reveal community participation, religious affiliation, religious interest, contribution, Mass intention, pastoral group, campaign or interaction with a specific institution.

Such data may be sensitive or deserve enhanced care. Therefore, it must be processed only for the purposes informed, with restricted access, compatible security measures and respect for data subject rights.

When data about children or teenagers is provided, the institution and the person submitting the data must ensure that they have proper authorization and that the processing serves the best interests of the minor, where applicable.

4. Purposes of processing

  • Create, locate, update and protect registrations of members, contributors, donors, campaign participants, administrators and operators.
  • Validate access by WhatsApp, email, temporary code, secure link or another authentication mechanism.
  • Process tithes, donations, Mass intentions, campaigns, public contributions, receipts, QR Codes, links and payment confirmations.
  • Send operational, transactional and security communications, including access codes, validations, payment links, reminders, campaign notices, confirmations, receipts, birthday messages when enabled and support.
  • Allow the institution to monitor fundraising, manage its base, configure campaigns, organize communications and provide support to members and contributors.
  • Prevent fraud, abuse, unauthorized access, automated use, intrusion attempts, security failures and disputes.
  • Generate administrative, financial, operational and audit reports for the institution when necessary.
  • Comply with legal, regulatory, tax, accounting, contractual obligations, authority requests and regular exercise of rights.
  • Improve stability, performance, usability, security and platform features.

5. Legal bases used

Date processing may rely, as applicable, on performance of a contract or preliminary procedures, compliance with a legal or regulatory obligation, regular exercise of rights, legitimate interest, credit protection and fraud prevention, consent where required and other bases provided by applicable law.

Promotional communications, campaigns, proactive messages or non-essential messages may depend on consent, permission, a legitimate prior relationship or another valid basis, depending on the channel, content and applicable law.

When consent is the legal basis used, the data subject may request its withdrawal, subject to practical consequences and the need to retain data for legal obligations, security or exercise of rights.

6. WhatsApp, email and automated messages

The platform may send messages by WhatsApp, email and other digital channels for authentication, registration validation, billing, reminders, confirmations, receipts, campaign notices, birthdays, support, security and other purposes related to service use.

WhatsApp sending may use Meta’s WhatsApp Business Platform, including approved message templates, message identifiers, sending, delivery, read and failure statuses, technical sending content and records required for audit and support.

Users may request interruption of non-essential communications, including by replying through the channel when available or using the institution’s or Neexo’s contact channels. In referrals, the indicated person may ignore the message or request not to receive further contacts. Messages necessary for security, authentication, execution of a request made by the user, compliance with a legal obligation or transaction confirmation may continue to be sent when indispensable.

The institution using the platform must respect unsubscribe, blocking, objection or interruption requests, and maintain appropriate permissions to send communications to its members, contributors and contacts.

7. Date sharing

Date may be shared with the church, parish or institution responsible for the page used by the user; with banks, payment institutions, gateways, Pix providers and payment methods; with hosting, database, security, email, WhatsApp, messaging, storage, technical analysis, support and maintenance providers; and with public authorities when there is a legal obligation or valid request.

Sharing occurs to the extent necessary to perform the services, maintain the platform, send communications, process payments, prevent fraud, comply with legal obligations, protect rights or respond to legitimate requests.

Neexo does not sell personal data. Date must not be used by the institution for a purpose incompatible with the purpose informed to the member or contributor.

8. International transfers

Some technology, hosting, messaging, email, security, payment or support providers may process data outside Brazil or use global infrastructure.

When an international transfer occurs, Neexo will seek to use providers, contracts and measures compatible with applicable law and personal data protection.

9. Information security

Technical and administrative measures are adopted to protect data against unauthorized access, loss, alteration, misuse, improper disclosure and security incidents.

Possible measures include authentication, temporary codes, hashes, permission controls, logs, attempt limits, trusted devices, validations, backups, encryption where applicable and segregation of administrative access.

No digital platform is completely immune to risk. Therefore, users and institutions must also protect their devices, accounts, passwords, emails, phones and administrative access.

10. Date retention

Date is kept for as long as necessary to fulfill the purposes described in this Policy, perform the service, serve the institution, comply with legal, tax, accounting, regulatory and contractual obligations, prevent fraud, resolve disputes and protect rights.

Temporary codes, tokens and validation records may have limited life, but some logs, receipts, contribution history, payment records, audit and security records may be kept for a longer period when necessary.

Backups and technical records may remain for an additional period until secure replacement or deletion according to the platform’s technical cycles.

11. Date subject rights

Under applicable law, the data subject may request confirmation of processing, access, correction, updating, anonymization, blocking, deletion, portability, information about sharing, review of automated decisions where applicable, objection and withdrawal of consent.

Some requests may depend on identity validation, technical analysis, preservation of necessary data and participation of the institution responsible for the relationship with the data subject.

When the request involves data maintained by the institution, Neexo may forward, support or guide the institution according to each party’s role in the processing.

12. Cookies, preferences and local records

The platform may use cookies or local records for operation, security, language, session, authentication, preferences, abuse prevention and experience improvement.

Blocking essential cookies may affect login, validation, registration, payments, forms and other platform features.

13. Updates to this Policy

This Policy may be updated to reflect changes in the platform, integrations, communications, legislation or security and privacy practices. The update date will be indicated on this page.

14. Contact

Requests related to privacy, LGPD, data subject rights, unsubscribe, interruption of messages or questions about data processing may be sent through the official contact channels available on the Doar Agora website or through the responsible institution.