Privacy Policy

Last Revised: June 20th, 2025

Sweetr Software Inc. (“Sweetr”, “us” or “we”) respects the privacy of all data subjects whose personal information we process in the context of providing our online services available at https://sweetr.dev ↗ to our customers (the “Customer(s)” and the “Services”, respectively), including the privacy of:

data subjects whose Personal Information is included in metadata which our Customers connect to the Services via integrations (e.g. GitHub) (“Customer Content”); and
individual users of our Services, who use the Service on behalf of our Customers (the “Permitted User(s)” or “you”).

This privacy policy (“Privacy Policy”) is incorporated by reference to our Terms of Service, available at: https://sweetr.dev/tos ↗ or to any other agreement executed between the Customer and Sweetr with respect to the Services.

We believe that you have a right to know our practices regarding the personal information we may collect and process in the context of our Services, and we are committed to protecting the personal information entrusted with us. Please read the following carefully in order to understand Sweetr’s views and practices regarding the processing of personal information and how Sweetr treats it.

2. About this Privacy Policy

This Privacy Policy applies when you use our Services via our online platform, which may be accessed via our website at https://sweetr.dev/ ↗ (the “Site”) and https://app.sweetr.dev/ ↗ (the "Service"). In addition, a dedicated Cookie Policy is also available at: https://sweetr.dev/cookies-policy ↗.

3. Who we are?

"Sweetr" means the software platform and related services provided by WalDev Tecnologia LTDA, a Brazilian limited liability company, registered under CNPJ 55.133.321/0001-56, with its principal place of business at Rua Turiassu 507, São Paulo, SP, Brazil, which is the legal entity operating Sweetr. Individuals wishing to contact us about data protection issues may do so by emailing us at [email protected].

4. Your acknowledgment of this policy

This Privacy Policy details how Personal Information collected via the Services is used and processed by Sweetr.

BY ENTERING, CONNECTING TO, ACCESSING OR USING THE SERVICES, THE CUSTOMERS AND THE PERMITTED USERS ACKNOWLEDGE THAT THEY ARE, OR HAVE HAD, THE OPPORTUNITY TO BECOME AWARE OF AND AGREE (IN JURISDICTION WHERE SUCH CONSENT IS REQUIRED) TO THIS PRIVACY POLICY AND SWEETR’S PRACTICES DESCRIBED THEREIN, INCLUDING THE PROCESSING (WHICH INCLUDES, INTER ALIA, COLLECTING, USING, DISCLOSING, RETAINING OR DISPOSING) OF THE CUSTOMER CONTENT, AND PERSONAL INFORMATION RELATING TO THE PERMITTED USER, UNDER THE TERMS OF THIS POLICY.

5. Which Personal Information may we collect?

During and as part of the use of our Services, we collect and process: (i) non-identifiable and anonymous information, which consists of technical information and behavioral information that does not pertain to a specific individual (“Non-Personal Information”); and (ii) personal information, which is information relating to an identified or identifiable natural person (“Personal Information”), all with respect to two types of data subjects:

5.1. Personal Information which relates to Permitted Users

(Section 5.1 remains largely the same except for replacing Sweetr with Sweetr and removing references to advertising)

5.2. Personal Information included in the Customer Content

In order to use Sweetr’s Services, Customers and Permitted Users may connect systems such as GitHub which include metadata that contains Personal Information. For example, pull request metadata or commit author names and emails. This may include tokens or identifiers granted by third-party integrations (such as GitHub or Slack) for authentication and metadata retrieval.

Personal Information included in the Customer Content may be recorded as part of the use of the Services, such as in dashboards, reports, and notifications.

Please note that the Customer Content (including Personal Information) collected as part of your use of the Services, may be accessed by our IT team, support team, customer success team, R&D team and/or by our account managers, solely in order to provide our Services to our Customers and to fulfill our contractual obligations.

6. How do we collect Personal Information?

There are three main methods we use to collect Personal Information:

6.1. We collect information via your entry, connection, access and/or use of the Services

In other words, when you access or use the Services, we are aware of your usage of the Services, and may gather, collect and record the information related to such usage. For example, when you use the Services, we collect your IP address and other online identifiers.

6.2. We collect information which you provide us voluntarily

For example, we collect Personal Information that you provide via the Services, such as the details provided when opening an account to use the Services.

6.3. We collect information provided by you via the Services as part of the Customer Content.

Personal Information may be provided to us as part of any Customer Content uploaded in the context of your use of the Services.

7. What are the purposes of the collection and processing of information?

7.1. Non-personal Information is processed in order to:

Enhance your experience on the Services;
Create statistical information and learn about the preferences of Permitted Users and general trends regarding the Services (e.g. understand which features are more popular than others);
Keep the Services safe and secure; and
Prevent fraudulent activity on our Services.

7.2. Personal Information is processed in order to:

Enable the operation of the Services, including the process of opening an Account to use the Services;
Provide Customers and their Permitted Users with technical support;
Conduct internal operations, such as: troubleshooting, data analysis, testing, research, statistical analysis, as well as the improvement of the provided Services and the Sweetr’s algorithms;
Keep the Services safe and secured against fraudulent and criminal activity;
Comply with our legal obligations and provide us with the ability to protect our rights and legitimate interests;
Send updates, notices, announcements and additional information related to Sweetr and its Services, by email or Slack;
Maintain data processing records and general administrative purposes.

Sweetr respects its Customers’ and their Permitted Users’ privacy and will not disclose, share, rent, or sell their Personal Information to any third party, including Customer Content containing Personal Information, other than as permitted under this Privacy Policy.

In addition to using the information collected by us for the purposes described under Section 7 above, we may also share your Personal Information and the Customer Content in the following cases:

Sweetr’s Personnel Personal Information that we collect and process may be transferred to or accessed by personnel of Sweetr for the sole purpose of enabling the operation of the Services and to contact you (as detailed in Section 7 above). Please note that all of Sweetr’s personnel that will have access to your Personal Information and the Customer Content are under an obligation of strict confidentiality with respect to such Personal Information.
Service Providers we share Personal Information with vendors, commercial software providers, consultants and data processors who perform services on our behalf, including without limitation, companies that provide analysis, messaging services and services which host the Services. Please note that we collect, hold and manage your Personal Information and the Customer Content through third parties’ cloud based services, as reasonable for business purposes, which may be located in countries outside of the Customers’ and/or their Permitted Users’ jurisdiction. For more information regarding our service providers, please refer to Section 12 below.
In addition, we may share Personal Information in the following cases: (a) to satisfy any applicable law, regulation, legal process, subpoena or governmental request; (b) to enforce this Privacy Policy or any other agreement or terms of service between a Customer and Sweetr, and to defend against any claims or demands asserted against us by a Customer and/or its Permitted Users or on a Customer’s and/or a Permitted User’s behalf; (c) to detect, prevent, or otherwise address fraud, security or technical issues; (d) to protect the rights, property, or personal safety of Sweetr, its Customers and their Permitted Users or the general public; and (e) when Sweetr is undergoing any change in control, including by means of merger, acquisition or purchase of all or substantially all of the assets of Sweetr (while such acquired company or investor may be located in countries outside of the Customers’ and/or their Permitted Users’ jurisdiction).

8.3. Non-Personal Information Transfer

For avoidance of doubt, Sweetr may transfer and disclose Non-Personal Information i.e., non-identifiable and anonymous information which consists of Technical And Behavioral Information that does not pertain to a specific individual, to third parties, at its discretion, including without limitation for statistical, analytical and research purposes and for customization, developing and improvement of our Services.

9. Data subjects’ rights

9.1. Customer Content

The Customer Content may contain Personal Information, as determined by the Customer.

Sweetr has implemented certain technical and organizational measures in its Services to assist its Customers in independently accessing the Personal Data included in such Customer Content. However, due to technical limitations and the nature of the Services, not all Personal Information contained in the Customer Content may be retrieved, accessed, amended, ported or restricted, as may be required under the data protection laws which are applicable to the Customer.

Notwithstanding, all Personal Data is automatically deleted in regular one-year intervals (or as otherwise set by the Customer) and may also be deleted at any time by the Customer, at its sole discretion. To the extent that the Customer, in its use of the Services, does not have the ability to exercise its obligations towards data subjects whose Personal Information is included on the Customer Content, please send us an email to: [email protected], and, to the extent that we are technically capable to do so, we will make commercially reasonable efforts to assist.

9.2. Permitted Users

Sweetr acknowledges that you have the right to access and change the Personal Information we collect and process about you.

You may update the Personal Information that you entered when opening your account to use the Services, by using the designated page on your account. However, if you find that your are unable to do so or if you wish to access or to correct, amend, or delete Personal Information, please send us an email to: [email protected] and we will respond within a reasonable timeframe, but in any event no later than permitted by applicable law.

Note: Sweetr does not currently appoint a representative under Article 27 of the GDPR, and services are not directed at EU users

10. Location of your data

The information collected from you by Sweetr, including the Customer Content, is stored on cloud infrastructure located in the United States. Some of our third-party service providers may store or process data in other countries. We take appropriate steps to safeguard any such data in accordance with this Privacy Policy.

Sweetr is committed to protecting your Personal Information, including the Customer Content, and will take appropriate steps to ensure that your Personal Information and the Customer Content is processed and stored securely and in accordance with applicable privacy laws, as detailed in this Privacy Policy.

Such steps may include, but not limited to, putting in place data transfer agreements and ensuring our third-party service providers comply with Sweetr’s data transfer protection measures.

11. Minors

The Services are intended solely for Permitted Users over the age of sixteen (16). Therefore, Sweetr does not intend and does not knowingly directly collect any Personal Information from Permitted Users under the age of sixteen (16) and does not wish to do so. We reserve the right to request proof of age at any stage so that we can verify that minors under the age of sixteen (16) are not using the Services.

12. Third Party Service Providers and Third Party Software

12.1. Third Party Service Providers and Your Data

During the Services provision period, we may use third-party service providers (such as hosting cloud services), who may collect, store and/or process your Personal Information and the Customer Content.

Such vendors may be located in countries that do not have the same data protection laws as the laws applied in the Customers’ and their Permitted Users’ jurisdiction.

12.2. Subprocessors List

Our third-party Sub-Processors service providers list is available at https://Sweetr.dev/sub-processors ↗.

Please read the third-party service providers’ terms of use and privacy policies to understand their privacy practices.

13. Security

We take appropriate measures to maintain the security and integrity of our Services and prevent unauthorized access to them or use thereof through generally accepted industry standard technologies and internal procedures. Some of the security measures that we employ include, without limitation:

the adoption of technical and organizational means, to ensure the security of the Customer Content, including Personal Information;
the application of highly secure design and implementation methods to all our Services, including state of the art encryption mechanisms and secure architecture design to all storage and transmission mechanisms used for the processing and transmission of Customer Content and Permitted Users data, including Personal Information, to our third party service providers as described above; and
the application of separation of duty among our employees and an access control management, which prevents unauthorized personnel from accessing the Customer Content and Permitted Users data, including Personal Information.

13.2. Inherited Risks

Please note, however, that there are inherent risks in transmission of information over the Internet or by using other methods of electronic storage and we cannot guarantee that unauthorized access or use of such information will never occur.

13.3. Law Compliance

Sweetr will comply with applicable law in the event of any breach of the security, confidentiality, or integrity of your Personal Information and will inform you of such breach as required by applicable law, as detailed in Section 5 of our Data Processing Agreement ↗.

TO THE EXTENT THAT Sweetr IMPLEMENTED THE REQUIRED SECURITY MEASURES UNDER APPLICABLE LAW, Sweetr SHALL NOT BE RESPONSIBLE OR LIABLE FOR AN UNAUTHORIZED ACCESS, HACKING, OR OTHER SECURITY INTRUSIONS OR FAILURE TO STORE OR THE THEFT, DELETION, CORRUPTION, DESTRUCTION, DAMAGE, OR LOSS OF ANY DATA OR INFORMATION INCLUDED IN THE PERSONAL INFORMATION, INCLUDING THE CUSTOMER CONTENT.

14. Data retention

14.1. Permitted User’s Personal Information

Generally, we will keep Permitted User’s Personal Information only for as long as it is relevant and useful for the purpose for which it was originally collected.

14.2. Personal Information contained in Customer Content

Sweetr will retain the Personal Information contained in Customer Content for the time period set by the Customer via the Services. Please note that if no other setting or requirement was explicitly presented by the Customer, all Customer Content such as pull request metadata and integration event logs will be retained for a default period of one (1) year.
All the aforementioned retention periods can be reduced or extended by Sweetr upon a Customer’s request. Upon termination of the Customer’s engagement with Sweetr, all of the Customer Content is deleted. Furthermore, if you delete data via the Service interface, all associated Customer Content that is not public shall be deleted as well.

14.3. Storage Period

Sweetr may store personal data for longer periods of time if the personal data is processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes and in such cases, the personal data will be subject to the implementation of appropriate technical and organizational measures to safeguard the rights and freedoms of the data subjects; or if it is under a statutory obligation to do so, and in such case Sweetr shall notify the customers of that legal obligation (unless the Company is prohibited by applicable law from doing so), and will implement appropriate technical and organizational measures to ensure that the personal data retained is used to fulfil that statutory obligation and no other purpose.

Please note that personal data which has been fully anonymized, as well as aggregated data, do not constitute ‘personal data’, and as such may be retained by the Company indefinitely.

15. Changes to the Privacy Policy

Sweetr reserves the right to change this Privacy Policy at any time, so please re-visit this page frequently to check for any changes. In case of any material change, we will make reasonable efforts to post a clear notice on the Services or we will send you an e-mail, regarding such changes, to the e-mail address that you may have provided us with. Such material changes will take effect seven (7) days after such notice was provided on our Service or sent to you via e-mail, whichever is earlier.

Otherwise, all other changes to this Privacy Policy are effective as of the stated “Last Revised” and your continued use of the Services on or after the Last Revised date will constitute acceptance of, and agreement to be bound by, those changes. In the event that the TOS should be amended to comply with any legal requirements, the amendments may take effect immediately, or as required by the law and without any prior notice.

Have any questions?

If you have any questions (or comments) concerning this Privacy Policy, please send us an email to the following address: [email protected] and we will make an effort to reply within a reasonable timeframe.