Legal

Privacy Policy

OZAV LTDA · Classification: Public · Last updated 11/23/2025.

1. Who we are2. Controller & DPO3. Data collected4. How we collect5. Purposes6. Legal bases7. Sharing8. International transfer9. Security10. Retention11. Cookies12. KYC13. Documentation14. Responsibilities15. Your rights16. Changes

1. Who we are

OZAV LTDA ("OZAV", "we", "our") operates a digital platform designed to facilitate international transactions, currency conversions, payment processing, and related services. This Privacy Policy describes how we handle personal data of natural and legal persons who use our platform, in accordance with Law No. 13.709/2018 ("LGPD").

By creating an account, using our services, or browsing our website, you acknowledge and agree to this Policy.

2. Controller and DPO

Controller

OZAV LTDA · CNPJ: 43.671.829/0001-29 · Headquarters: São Paulo – SP, Brazil.

Data Protection Officer (DPO)

Email: privacy@ozav.com.br.

3. Data collected

OZAV adopts a progressive data collection model, depending on the level of use and complexity of transactions. We collect only the data necessary to verify identity, ensure security, fulfill legal obligations, and operate our services.

3.1 Natural Person

a) Initial Registration (Sign-Up)

  • First name
  • Last name
  • Gender
  • Nationality
  • Email
  • Phone number with international code
  • Password
  • Acceptance of the Terms and Conditions

b) Profile Completion (before the first transaction)

Identity: country of residence; type and number of identification document; date of birth.

Full address: postal code (CEP), street, number, additional info (optional), neighborhood (when applicable), city, state / region, country.

c) Standard KYC (required to operate)

  • Document verification
  • Age verification
  • Complete identity and address
  • Approved KYC status
  • Acceptance of compliance terms

Optional fields: occupation; estimated monthly income (USD).

d) Advanced KYC (for higher limits)

Documents proving source of funds: paystub, bank statement, articles of incorporation, investment proof, inheritance statement, savings proof, or other accepted documents. Additional information: purpose of transactions; detailed description of the purpose.

e) Documentation During Platform Use

For international operations (e.g., SWIFT), the following may be requested: invoice, purchase order, contract, Bill of Lading, proof of delivery, customs declaration, other valid documents, file upload (PDF/JPG/PNG), document identifier (optional). For standard conversions (crypto ↔ fiat): selection of purpose code; waiver of document upload.

3.2 Legal Entity

a) Initial Registration

  • Corporate name
  • Registration number (CNPJ, EIN, etc.)
  • Corporate type
  • Business sector
  • Country of registration
  • Date of incorporation
  • Corporate email
  • Phone number
  • Password
  • Acceptance of the Terms and Conditions

b) Business Profile Completion

Corporate identity: country of operation; type of corporate document; valid registration number. Business address: postal code (CEP), street, number, additional info, neighborhood, city, state / region, country.

c) Partners and Ultimate Beneficial Owners (UBOs)

  • Full name
  • Type of holder (individual/company)
  • Document number
  • Ownership percentage
  • Date of birth (for individuals)
  • Nationality
  • Optional contact: email, phone
  • Full address (same as in the individual section)

Validations: percentages must total 100%; at least one partner is required; all partners must have a full address registered.

d) Corporate KYC

  • Complete company data
  • Verified ownership structure
  • Validated address
  • Identified beneficial owner
  • Compliance acceptance
  • Approved KYC status

Optional field: estimated annual revenue (USD).

4. How we collect data

  • Directly from the user (registration and documents)
  • Automatically, via browser or device (IP, cookies, identifiers)
  • From specialized identity verification partners
  • From public databases and authorized providers
  • During operations and transactions carried out on the platform

5. Purposes of processing

5.1 Primary Purposes (necessary)

  • Verify identity (KYC)
  • Prevent fraud and financial risks
  • Fulfill applicable legal and regulatory obligations
  • Validate documents and source of funds
  • Process transactions and conversions
  • Authenticate users
  • Administer accounts and operational limits
  • Ensure platform functionality and security
  • Analyze and monitor suspicious operations
  • Provide customer support and service

5.2 Secondary Purposes (with consent)

  • Sending communications and marketing
  • Satisfaction surveys
  • Improvement of products and services
  • Internal statistics and analytics

6. Legal bases

  • Performance of contract
  • Compliance with legal obligation
  • Legitimate interest (security, improvement, fraud prevention)
  • Consent (marketing and communications)
  • Credit protection, when applicable

7. Data sharing

We may share data with:

  • Specialized KYC and AML partners
  • Financial institutions, payment processors, and liquidity providers
  • Technology and infrastructure vendors
  • Competent authorities, when required by law
  • International partners, for cross-border operations
  • Companies within the same corporate group, when applicable
  • Third parties authorized by the user

We share only the minimum necessary for the intended purpose.

8. International data transfer

Data may be transferred to other countries, always with appropriate safeguards such as: standard contractual clauses; data protection agreements; partners with adequate protection levels; mechanisms equivalent to those provided by the LGPD.

9. Information security

We adopt administrative, technical, and organizational measures proportional to risk and aligned with industry best practices, including: access controls; activity logs; data protection mechanisms in transit and/or at rest, when applicable; internal governance and security policies; periodic risk assessments.

No system is 100% infallible, but we make reasonable efforts to protect your data.

10. Retention and deletion

Data will be stored for the period necessary to: fulfill the purposes described; comply with legal or contractual obligations; meet regulatory deadlines; defend legitimate interests. After these periods, data will be deleted or anonymized in accordance with the LGPD.

11. Cookies and technologies

We use essential cookies, functional cookies, analytical cookies, and marketing cookies (with consent). You may manage your preferences directly in your browser.

12. Identity verification (KYC)

OZAV performs or coordinates identity verification procedures directly or through specialized partners, which may require: document validation; selfie validation (if applicable); proof of source of funds; additional validations for higher limits.

13. Documentation for international operations

Certain transactions may require documents such as: invoice, purchase order, contracts, logistical proofs, customs declarations, justification of purpose. These documents are processed exclusively for the purposes outlined in this Policy.

14. User responsibilities

The user is responsible for: providing true and updated information; ensuring that submitted documents are valid; keeping access credentials confidential; reviewing data before each operation. OZAV is not responsible for incorrect, incomplete, or improperly entered information by the user, including when such information impacts limits, deadlines, or transaction execution.

15. Data subject rights

You may, at any time: access your data; request correction; request deletion (except for legal retention); request portability; revoke consent; obtain information about sharing; object to processing; request review of automated decisions. Contact: privacy@ozav.com.br.

16. Changes to this policy

We may update this Policy at any time. The latest version will always be available on our website. In the event of significant changes, you will be notified by email or within the platform.