Skip to content
Soaru

Privacy Policy

Version 1.0 — June 10, 2026

This policy explains how Soaru processes personal data, in accordance with the Brazilian General Data Protection Law (Law No. 13,709/2018 — LGPD). It applies to all users of the platform: musicians, clients, and visitors.

Controller: Soaru. Contact channel for privacy matters: contato@soaru.app.

1. What data we collect

  • Registration data: full name, email, phone, and account type (musician, client, or venue).
  • Tax ID (CPF): used to verify musicians' identity and to verify reviews. The tax ID is not stored in plain text — we keep only a hash (an irreversible representation) for verification purposes.
  • Bank and payment data: processed directly by the partner payment processor. Card data does not pass through Soaru's servers and is not stored by us.
  • Profile media: photos, videos, and audio uploaded by musicians to promote their own work.
  • Approximate location: the city and service radius provided by the musician, and the location used by the client when searching by proximity. We do not track location in the background.
  • Usage data: access logs (date, time, IP) required by the Brazilian Internet Civil Framework and technical information necessary for the operation and security of the platform.

2. What we use it for (purposes and legal bases)

  • Operate the platform — registration, search, bookings, payments, and reviews. Legal basis: performance of a contract (art. 7, V, LGPD).
  • Verify identity and prevent fraud — including verification by tax ID. Legal bases: performance of a contract and legitimate interest (art. 7, IX), with minimization measures such as storing only the hash.
  • Comply with legal obligations — retention of access logs, tax and accounting obligations. Legal basis: compliance with a legal obligation (art. 7, II).
  • Improve the product and ensure security — aggregate metrics, error diagnostics. Legal basis: legitimate interest.
  • Marketing communications — only with your consent, which may be withdrawn at any time. Legal basis: consent (art. 7, I).

3. Who we share with

We do not sell personal data. We share data only with processors who need it for the platform to function:

  • Supabase — database, authentication, and file storage;
  • Pagar.me — payment processing, escrow, and payouts;
  • Mux — processing and delivery of profile videos;
  • Vercel — application hosting;
  • Mapbox — maps and address geocoding.

Some of these processors store data outside Brazil. In such cases, the international transfer takes place with the safeguards provided for in arts. 33 et seq. of the LGPD. We may also share data when there is a legal obligation or an order from a competent authority.

4. Your rights as a data subject

The LGPD grants you, among others, the rights to:

  • confirm whether we process your data and access it;
  • correct incomplete, inaccurate, or outdated data;
  • request the anonymization, blocking, or deletion of unnecessary data or data processed in non-compliance;
  • request the portability of your data;
  • know who we share your data with (this policy already lists the processors);
  • withdraw consents and object to processing based on legitimate interest.

To exercise any right, write to contato@soaru.app. We respond within the time limits set by the LGPD. You may also file a complaint with the Brazilian National Data Protection Authority (ANPD).

5. How long we keep it

We keep your data for as long as your account exists. After closure, we keep only what is necessary to comply with legal time limits — for example, access logs (Internet Civil Framework), tax documents, and data needed to exercise rights in legal proceedings, for the applicable statutory periods. After that, the data is deleted or anonymized.

6. How we protect it

  • encryption in transit (HTTPS) across the entire platform;
  • row-level access control in the database (RLS), limiting each user to their own data;
  • tax ID stored only as a hash, never in plain text;
  • card data handled exclusively by the payment processor, in a certified environment.

No system is infallible. In the event of a security incident with relevant risk, we will notify the affected data subjects and the ANPD in accordance with the LGPD.

7. Cookies

We use only cookies and local storage that are essential to the operation of the platform. The details are in the Cookie Policy.

8. Changes to this policy

We may update this policy to reflect changes to the platform or the law. Material changes will be communicated through the platform's channels, with the effective date indicated at the top of the document.

9. Contact

Questions about privacy and data protection: contato@soaru.app. Also see the Terms of Use.