Brazil
LGPD · Lei 13.709/2018
Full compliance with the General Data Protection Law. Data isolation in Brazil, documented DPA and subprocessors.
Security by design
Legal compliance and data protection from day one.
Acta operates in compliance with the LGPD and regional equivalents. Native multi-tenant architecture, end-to-end encryption, and a complete audit trail.
Four pillars of security
Native multi-tenant
Complete data isolation per organization. New tenant provisioning in under an hour. Isolated failures do not impact other tenants.
Strong authentication
Firebase Auth + WebAuthn (Passkeys) + 2FA. Passwordless login with biometrics, protected sessions, and automatic rotation.
Data and retention
Google Cloud Brazil region (southamerica-east1). Encryption in transit (TLS 1.3) and at rest (AES-256). Automatic daily backups.
Audit trail
Every action (AI, user, system) recorded with timestamp, justification, and responsible party. Ready for oversight and regulatory compliance.
Regional compliance
Ready for four Latin American countries.
Argentina
Ley 25.326
Aligned with the Ley de Protección de los Datos Personales. Ready for provincial direct contracting.
Chile
Ley 19.628
Aligned with the Ley sobre Protección de la Vida Privada. Compatible with direct dealing and framework agreement (ChileCompra).
Uruguay
Ley 18.331
Aligned with the Ley de Protección de Datos Personales y Acción de Habeas Data. Ready for direct purchasing (TOCAF).
Operational transparency
Evidence, not promises.
Versioned terms
Versioned terms of use and privacy policy, with an acceptance history per user.
DPA available
Data processing agreement (DPA) available for review by the client's legal team.
Subprocessors
Up-to-date list of subprocessors (Google Cloud, Firebase, Gemini, OpenAI) with purpose and location.
Incident response
Documented continuity plan and a notification process within 72h in the event of an incident.