Wally Logo
Legal document

Privacy Policy

Learn how we protect your personal data on the Wally platform.

Your data is sacred

We are fully transparent about how we collect, use and protect your information. You have complete control.

1. Who we are

Data Controller:EQUALLYZE Solutions Ltda.CNPJ: 58.507.687/0001-36Location: Brasília - DF, Brazil

Privacy & GDPR Contact:
privacidade@equallyze.com
+55 (61) 99134-3859

2. Data we collect

We collect only data necessary to provide our services efficiently, securely and in legal compliance. We never collect data we don't need.

  • Identification Data: Name, email, telephone provided voluntarily when creating an account or requesting analysis;
  • Audit Data: URLs of websites submitted for accessibility analysis (public data);
  • Browsing Data: IP address, browser, OS, pages visited, device type, access times (via cookies and logs);
  • Payment Data: Card information (processed by certified gateway, never stored by us);
  • Communication Data: Content of emails and messages you send us (for support and feedback).

❌ What we do NOT collect: Wally does not collect personal data from end users of audited websites. We do not track third-party users.

3. Purposes of data use

We use your data to:

  • ✓ Perform accessibility analyses as requested;
  • ✓ Provide technical support and customer service;
  • ✓ Process payments and manage subscriptions;
  • ✓ Improve algorithms and machine learning (anonymised data);
  • ✓ Send communications about updates, security and compliance;
  • ✓ Comply with legal and regulatory obligations (GDPR, audits, etc.);
  • ✓ Detect fraud and illegal activities.

4. Legal basis for processing (GDPR Art. 6)

Our processing of personal data is based on the following legal grounds:

  • Performance of Contract (Art. 6(1)(b)): To provide services you have contracted;
  • Consent (Art. 6(1)(a)): Which you provide when registering;
  • Legal Obligation (Art. 6(1)(c)): To comply with EAA, GDPR, tax law;
  • Legitimate Interest (Art. 6(1)(f)): Improve security, prevent fraud, enhance products.

5. Data sharing

Your data is shared only when necessary, with trusted partners:

  • Data Processors: Hosting, security, email providers (all with data processing agreements);
  • Public Authorities: Only when ordered by competent legal authority;
  • Acquisitions: In case of merger/acquisition, your data will be transferred with prior notice.

🛡️ We NEVER sell your data. We never trade, rent or sell personal information to third parties.

6. International data transfers

Some of your data may be processed or stored outside the UK/EU (e.g., AWS servers, Vercel).

We ensure all transfers comply with recognised protection mechanisms:

  • Standard Contractual Clauses (SCCs) updated per European Commission decision (2021/914)
  • UK Data Bridge / EU-US Data Privacy Framework for transfers with certified companies
  • Compliance with UK GDPR, EU GDPR and applicable local legislation

7. Data Subject Rights (GDPR)

You have rights! Under GDPR, you can exercise the following rights regarding your data:

  • Right of Access: Request confirmation and copy of all your data;
  • Right to Rectification: Correct incomplete, inaccurate or outdated data;
  • Right to Erasure (Right to be Forgotten): Request permanent deletion of your data;
  • Right to Anonymisation: Request that your data be anonymised;
  • Right to Portability: Receive your data in structured format for transfer;
  • Right to Withdraw Consent: Withdraw consent at any time;
  • Right to Object: Object to data processing for specific purposes.

How to exercise your rights: Send an email to with your request. We will respond within 30 days.privacidade@equallyze.com

8. Data Security

We implement robust technical and administrative measures to protect your data against unauthorised access, leaks, alterations or destruction:

  • TLS/SSL Encryption: All data in transit is encrypted via HTTPS connections;
  • Encryption at Rest: Stored data is encrypted with AES-256;
  • Access Control: Principle of least privilege + multi-factor authentication (MFA);
  • 24/7 Monitoring: Systems continuously monitored to detect threats;
  • Regular Backups: Daily backup with geographic replication;
  • Security Testing: Quarterly penetration audits and vulnerability scans.

9. Data Retention

We keep your data only for as long as necessary:

  • Account Data: Kept whilst your account is active + 30 days after cancellation;
  • Audit Data: Kept according to your plan (12-24 months);
  • Access Logs: Kept for 90 days for security;
  • Legal Data: Kept as required by law (up to 7 years for tax purposes).

10. Cookies and Similar Technologies

We use cookies to improve your experience:

  • Essential Cookies: Authentication, security and platform operation (required);
  • Analytics Cookies: Google Analytics to understand usage (you can disable);
  • Marketing Cookies: Only with your prior consent.

You can manage or disable cookies in your browser settings. Some cookies are essential for platform operation.

11. Updates to this Policy

This Privacy Policy may be updated periodically to reflect legal, technical or operational changes.

We will post the date of the last update at the top of this page. If changes are materially significant, we will notify you by email.

12. Contact & Data Protection Officer (DPO)

For privacy questions, to exercise your rights or report incidents:

Data Protection Officer:privacidade@equallyze.com+55 (61) 99134-3859

You can also report incidents to the supervisory authority:

Information Commissioner's Office (ICO)
ico.org.uk (opens in new tab)

Last updated: 20 de março de 2026