Skip to Content

Privacy Policy

Abea Privacy Policy: Our Commitment to Your Data Protection

Last Updated: 05/20/2025

Astral Business Evolution Accelerator ("ABEA," "we," "us," "our") is deeply committed to protecting the privacy and security of the personal data entrusted to us by our clients, users of our website (abea.app or similar), participants in our diverse training programs, and any individual who interacts with our services or personnel. This Privacy Policy comprehensively describes how we collect, use, share, and safeguard your personal information. Our practices are designed to be in full compliance with applicable data protection laws across Latin America, including, but not limited to, Brazil's Lei Geral de Proteção de Dados (LGPD), Argentina's Ley de Protección de Datos Personales (Law 25.326), Mexico's Ley Federal de Protección de Datos Personales en Posesión de los Particulares, and other similar regional and national legislations. We fundamentally understand the critical importance of your personal information and are steadfastly dedicated to processing it responsibly, ethically, and with the utmost transparency.

1. Information We Collect

We may collect the following types of personal information. We are committed to collecting only the data necessary for specified, explicit, and legitimate purposes and ensuring it is not further processed in a manner incompatible with those purposes:

  • Identification and Contact Information: This category includes, but is not limited to, your full name, corporate or personal email address, primary and secondary phone numbers, current job title or role, the name of the company you represent or are employed by, and physical business or correspondence addresses. We collect this information primarily to establish and maintain communication with you, accurately deliver the services you request (such as consultancy or Odoo implementation), manage our ongoing client relationships effectively, and for necessary billing and administrative functions.
  • Professional Information: This encompasses specific details about your company (e.g., its size, structure, operational model), its industry sector, particular business needs you've expressed, ongoing projects we might be involved in, or potential future projects you are exploring with us. This information is absolutely crucial for us to tailor our consulting services, Odoo system implementations, AI-driven analyses, and other offerings to your organization's unique context, strategic objectives, and specific operational challenges. Understanding your professional landscape allows us to provide relevant benchmarks, case studies, and targeted advice.
  • Platform and Website Usage Information: This category includes technical data such as your device's IP address (which can sometimes indicate your general geographic location), the type and version of the web browser you are using, your operating system, referral URLs (the website you came from before visiting ours), the specific pages you visit on our site, the sequence of those visits, the time and date of your access, and the duration you spend on each page. It also includes your interactions with our proprietary or managed services, such as Odoo instances we configure for you, our online training platforms (tracking module completion, for example), and any AI-powered tools we provide. This data is vital for us to understand how our digital platforms are being used, identify popular content or features, diagnose technical issues, enhance user experience through better navigation or design, and ensure the overall security and operational functionality of our digital offerings. We also collect cookie data, as more extensively detailed in our separate Cookie Policy, to personalize your online experience and analyze aggregated site traffic patterns.
  • Financial Information: When you or your company engage in paid services, subscribe to premium offerings, or participate in financing rounds (such as crowdfunding campaigns or Security Token Offerings) that ABEA facilitates or advises on, we may need to collect payment details necessary for processing these transactions securely and in full compliance with stringent financial regulations and anti-money laundering (AML) laws. This could include bank account details for wire transfers, corporate credit card information (which is typically processed through PCI-DSS compliant third-party payment gateways), or information related to cryptocurrency wallets if applicable to token-based transactions.
  • Training Information: If you or your employees participate in our training programs, workshops, or webinars, we will collect data related to your engagement and performance. This includes records of course enrollment, progress through modules, assessment results, certifications earned, and any feedback or queries you provide regarding the training content or delivery. This information allows us to monitor learning effectiveness, offer personalized support and guidance to learners, issue certificates of completion, and continuously improve the quality and relevance of our educational content.
  • Communications: We maintain records of your communications with ABEA representatives, whether these occur via email, contact forms on our website, chat logs from our support platforms, or summaries of pertinent details from phone calls or video conferences. This practice helps us maintain a comprehensive history of our interactions, ensuring continuity of service, allowing different team members to seamlessly pick up on your needs, and enabling us to address your inquiries, requests, and any potential issues more efficiently and with full context.

2. How We Use Your Information

We use your personal information exclusively for the following clearly defined, legitimate, and pre-determined purposes. We are committed to ensuring that your data is processed lawfully, fairly, and in a transparent manner:

  • To Provide and Manage Our Services: This is the cornerstone of our data usage. It involves leveraging your professional information (like company size, industry, and specific challenges) to deliver targeted and effective business consulting. We use your stated system requirements and operational workflows for precise Odoo ERP implementation, custom module development, and system configuration. Project-specific details are applied for efficient and effective project management. Your learning data and preferences are utilized to deliver personalized and impactful online training experiences. Finally, accessing necessary technical or account information is crucial for providing responsive and accurate user support.
  • To Personalize Your Experience: We strive to make every interaction you have with ABEA as relevant and valuable as possible. This involves using information about your past interactions with us, your stated preferences (e.g., communication channels or topics of interest), your industry, and your professional role to tailor our service recommendations, the content of our communications (like newsletters or webinars), and the information or features you see on our digital platforms. Our AI tools may analyze this data in an aggregated or individualized way (with your consent where appropriate) to suggest specific Odoo modules, training courses, or service features that best align with your evolving needs and strategic goals.
  • Communication: Your contact information (email, phone) is essential for us to respond effectively to your inquiries, provide detailed information about our services and their capabilities, send important administrative updates (such as changes to our terms of service, privacy policy updates, or planned system maintenance), and, only with your explicit prior consent where required by applicable law (e.g., for marketing emails), send you marketing materials about new service offerings, upcoming events, or valuable industry insights that we believe will be beneficial to you and your organization. You will always have clear options to manage your communication preferences and opt-out of marketing messages.
  • Payment Processing: Any financial information you provide is used exclusively and securely for processing payments for services you have contracted with ABEA or for facilitating your participation in financial offerings we manage or advise on (like STOs). All payment processing is handled through secure, compliant third-party payment gateways; ABEA typically does not store full credit card numbers on its own servers.
  • To Improve Our Services: We are committed to continuous improvement. We analyze aggregated and anonymized usage data from our website, platforms, and services to understand user behavior, identify popular features or content, pinpoint areas where our services can be enhanced for better usability or functionality, or to inform the development of entirely new offerings. For instance, collective feedback from training programs directly influences how we refine course content and delivery methods, and patterns of AI tool usage might highlight emerging client needs for new analytical functionalities or integrations.
  • Legal and Regulatory Compliance: As a responsible corporate entity, ABEA is subject to various laws and regulations in the jurisdictions where we operate. We may need to use and retain your personal information to fulfill our legal obligations. This can include requirements related to financial transaction reporting (e.g., for tax purposes), compliance with specific regulations governing tokenization and crowdfunding activities, conducting necessary anti-money laundering (AML) and Know Your Customer (KYC) checks, and cooperating with law enforcement or regulatory authorities in fraud prevention or other legal investigations.
  • Security: Protecting our IT systems, our proprietary data, and, most importantly, your personal data is a paramount concern. We use information such as IP addresses, login attempt records, device information, and platform usage patterns to actively monitor for suspicious activity, prevent unauthorized access or cyberattacks, investigate potential security breaches, and ensure the overall security, integrity, and availability of our platforms and services for all legitimate users.

3. Information Sharing

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We are deeply committed to transparency regarding how your data is handled and will only share your information with third parties in the following limited, clearly defined, and legitimate circumstances:

  • Service Providers (Data Processors): We engage a variety of trusted third-party companies and individuals to perform specific functions on our behalf and to assist us in providing and improving our services. These may include cloud hosting providers (such as AWS, Google Cloud, or Azure for Odoo instances, AI platforms, website hosting, and data backup), payment processors for secure transaction handling (e.g., Stripe, PayPal), email marketing platforms for managing our communications (e.g., Mailchimp, SendGrid, used only with your consent for marketing), data analytics tools (e.g., Google Analytics) to help us understand service usage and improve user experience, CRM platforms for managing our own client relationships, and occasionally, specialized Odoo or blockchain implementation partners when their unique expertise is required for a specific client project. We conduct due diligence on these service providers and have contractual agreements (Data Processing Agreements where applicable) in place that require them to protect your information diligently, maintain its confidentiality, and restrict its use solely to the purposes for which it was contracted by ABEA and in accordance with our instructions.
  • Business Partners: In certain instances, we may collaborate with carefully selected strategic business partners to offer integrated or complementary solutions that we believe could provide significant added value to you or your organization. For example, we might partner with a legal firm specializing in STO regulations or a cybersecurity firm for advanced audits. We will only share your personal information with such partners with your explicit prior consent. Before any sharing occurs, you will be clearly informed about who these partners are, what specific information would be shared, and for what purpose, and you will have the opportunity to opt-in.
  • Legal Obligations and Protection of Rights: We may be required to disclose your personal information if compelled to do so by applicable law, a valid court order (such as a subpoena), or a legitimate, legally binding request from a governmental or regulatory authority. Furthermore, we may disclose your information if we believe in good faith that such disclosure is necessary to: (a) protect and defend the rights, property, or safety of ABEA, our employees, or our other clients; (b) prevent or investigate possible wrongdoing in connection with our services; (c) enforce our terms of service or other agreements; or (d) protect the personal safety of users of our services or the public (e.g., in cases of fraud investigation, security threats, or imminent harm).
  • Business Transactions (e.g., Mergers, Acquisitions): In the event that ABEA undergoes a significant business transition, such as a merger with another company, an acquisition by another entity, or the sale of all or a substantial portion of its assets, your personal information may be among the assets transferred to the successor organization. In such a scenario, we will make reasonable efforts to notify you via email and/or a prominent notice on our website of any such change in ownership or control of your personal information, as well as any choices you may have regarding your information (such as the right to request deletion if permitted by the transaction terms and applicable law). We would also seek to ensure that the successor entity upholds similar data protection standards.

4. Cookies and Tracking Technologies

Our website and associated digital platforms may utilize cookies (which are small text files placed on your device when you visit a website) and other similar tracking technologies (such as web beacons, pixels, or scripts) to collect information about your browsing activity and device. These technologies serve several important functions: * Enhancing User Experience: They help us remember your preferences (like language settings or login details), so you don't have to re-enter them each time you visit. * Site Analytics: They allow us to analyze how our site is being used – which pages are most popular, how users navigate through the site, how long they stay – so we can identify areas for improvement in design, content, and functionality. * Personalization: In some cases, and with your consent where required, they help us personalize the content you see or suggest services that might be relevant to you based on your past browsing behavior. * Marketing Effectiveness: They can help us measure the effectiveness of our online marketing campaigns by tracking how users arrive at our site from advertisements or other sources. You can typically manage your cookie preferences through the settings of your web browser. Most browsers allow you to refuse some or all cookies, or to alert you when cookies are being sent so you can decide whether to accept them. Please be aware that if you choose to disable or refuse cookies, some parts of our website or services may not function properly or may become inaccessible. For more detailed information, please refer to our specific Cookie Policy (link to be provided).

5. Data Security

We take the security of your personal information extremely seriously and implement a comprehensive suite of robust technical and organizational measures designed to protect it against unauthorized or unlawful access, accidental loss, alteration, disclosure, misuse, or destruction. These measures are continuously reviewed and updated to address evolving threats and best practices, and include, but are not limited to: * Encryption: Utilizing strong encryption protocols (such as SSL/TLS for Secure Sockets Layer/Transport Layer Security) for data in transit between your device and our servers. We also explore and implement encryption for sensitive data at rest (stored on our servers or databases) where appropriate, using industry-standard algorithms. * Access Controls: Implementing strict, role-based access controls and the principle of least privilege, ensuring that only authorized ABEA personnel have access to your personal information, and only to the extent necessary for them to perform their legitimate business functions. This often includes multi-factor authentication (MFA) for accessing sensitive systems. * Firewalls and Network Security: Deploying and maintaining industry-standard firewalls, intrusion detection/prevention systems, and other network security measures to prevent unauthorized access to our internal systems and databases. * Regular Security Assessments and Vulnerability Management: Conducting periodic internal and third-party security assessments, penetration testing, and vulnerability scanning to proactively identify and address potential weaknesses in our systems and applications. * Data Minimization and Anonymization/Pseudonymization: Adhering to the principle of collecting only the personal information that is strictly necessary for the stated purposes. Where feasible, we also employ anonymization or pseudonymization techniques to reduce the risks associated with data handling, especially for analytics and research. * Staff Training and Awareness: Providing regular and comprehensive data privacy and security training to all our employees and contractors to ensure they understand their responsibilities in protecting your information and are aware of current threats and best practices. * Incident Response Plan: Maintaining a documented incident response plan to effectively manage and mitigate the impact of any potential data breach or security incident. Our AI-enhanced automated backup processes are designed not only to ensure data integrity but also to facilitate rapid and reliable recovery in the event of a data loss incident, minimizing potential disruption. Despite our diligent efforts, it's important to acknowledge that no security measures are completely impenetrable or can guarantee absolute security. However, we are steadfastly committed to continuously reviewing, evaluating, and updating our security practices to maintain a high level of protection for your data.

6. International Data Transfer

As a company with a vision for regional and potentially global operations, and by utilizing internationally recognized cloud-based service providers (e.g., for hosting, data storage, or specialized applications) that may have servers and data centers located in various countries around the world, your personal information might be processed in countries other than your country of residence. It's important to note that these countries may have data protection laws and regulations that are different from, and potentially less stringent than, those in your specific jurisdiction. When we transfer your personal information internationally, particularly outside of Latin America or to countries not deemed to provide an "adequate" level of data protection by relevant authorities, we will ensure that such transfers are carried out in strict compliance with all applicable data protection laws. We will take all appropriate and legally required steps to ensure that your personal information receives an adequate and consistent level of protection in the jurisdictions in which we process it. This is typically achieved by relying on legally recognized transfer mechanisms such as: * Adequacy Decisions: Transferring data to countries that have been officially recognized by relevant data protection authorities (e.g., the European Commission) as providing an adequate level of data protection. * Standard Contractual Clauses (SCCs): Implementing Standard Contractual Clauses (also known as Model Clauses) that have been approved by relevant authorities. These are contractual commitments between the data exporter (ABEA) and the data importer (e.g., a service provider in another country) that impose data protection obligations on the importer. * Binding Corporate Rules (BCRs): For intra-group transfers, where applicable and approved. * Other legally recognized transfer safeguards as permitted by applicable laws, which may include obtaining your explicit consent for specific transfers after informing you of the potential risks. We are committed to ensuring that your data remains protected, regardless of where it is processed.

7. Your Privacy Rights

In accordance with applicable data protection legislation in your jurisdiction, you generally have the following rights concerning your personal information that ABEA holds. The exact scope and conditions for exercising these rights may vary depending on the specific laws of your country of residence:

  • Right to Access: You have the right to request access to the personal information we hold about you. This includes the right to obtain confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, access to the personal data and supplementary information (such as the purposes of processing, categories of data concerned, recipients to whom data has been or will be disclosed, etc.). We will endeavor to provide this information in a clear and understandable format, typically within one month of verifying your request.
  • Right to Correction (Rectification): If you believe that any personal information we hold about you is inaccurate, out-of-date, or incomplete, you have the right to request that we correct or complete it without undue delay. We encourage you to help us keep your information accurate by notifying us of any changes.
  • Right to Deletion (Erasure or "Right to be Forgotten"): You have the right to request the deletion or removal of your personal information under certain specific circumstances. For example, if the data is no longer necessary for the purposes for which it was originally collected or processed, if you withdraw your consent (where consent was the sole legal basis for processing), if you object to the processing and there are no overriding legitimate grounds for us to continue, or if the data has been unlawfully processed. However, this right is not absolute and is subject to certain exceptions, such as when we have overriding legal or regulatory obligations to retain the data (e.g., for tax or accounting purposes, or for the establishment, exercise, or defense of legal claims).
  • Right to Restrict Processing: You have the right to request that we temporarily limit or restrict the processing of your personal information in certain situations. This might apply, for example, if you contest the accuracy of the data (processing may be restricted while we verify its accuracy), if the processing is unlawful but you oppose erasure and request restriction instead, if we no longer need the data for our processing purposes but you require it for the establishment, exercise, or defense of legal claims, or if you have objected to processing based on legitimate interests (pending verification of whether our legitimate grounds override yours).
  • Right to Data Portability: Where applicable under laws like GDPR or LGPD, you have the right to receive the personal information that you have provided to us in a structured, commonly used, and machine-readable format (e.g., a CSV file). You also have the right to transmit that data directly to another data controller (another organization) without hindrance from us, especially where our processing is based on your consent or on a contract with you, and the processing is carried out by automated means.
  • Right to Object: You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal information where such processing is based on our legitimate interests (or those of a third party). If you object, we must stop processing your data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or if the processing is for the establishment, exercise, or defense of legal claims. You have an absolute right to object to the processing of your personal information for direct marketing purposes at any time.
  • Right to Withdraw Consent: If we are processing your personal information based on your explicit consent (e.g., for sending marketing communications), you have the right to withdraw that consent at any time. The withdrawal of consent will not affect the lawfulness of any processing that was based on your consent before its withdrawal. We will make it easy for you to withdraw consent (e.g., via an unsubscribe link in emails).
  • Right to Lodge a Complaint: You have the right to lodge a complaint with a competent supervisory data protection authority in your jurisdiction (e.g., the ANPD in Brazil, or the data protection agency in your country) if you believe that our processing of your personal information infringes applicable data protection laws or that your rights have been violated. We would, however, appreciate the chance to deal with your concerns before you approach the supervisory authority, so please contact us in the first instance.

To exercise any of these rights, please contact us using the contact details provided in the "Contact" section of this policy. We will respond to your request in accordance with the timelines and requirements of applicable data protection laws. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

8. Data Retention

We will retain your personal information only for as long as it is reasonably necessary to fulfill the specific purposes for which it was originally collected, as outlined in this Privacy Policy, and to comply with our legal, regulatory, accounting, or reporting obligations. The retention periods for different types of personal information will vary depending on factors such as: * The nature and sensitivity of the personal data. * The purposes for which we process your personal data. * The duration of our relationship with you or your organization (e.g., as long as you are an active client or user). * Applicable statutory limitation periods for legal claims. * Specific legal or regulatory requirements that mandate data retention for certain periods (e.g., tax laws often require retention of financial records for several years; anti-money laundering regulations may also have specific retention periods). * The need to retain data to resolve disputes, enforce our agreements, or maintain business records for operational continuity. For example, we may need to retain certain financial transaction data for several years to comply with tax and auditing requirements, or we might retain communication records for a reasonable period to effectively manage client relationships and address any subsequent queries. Once your personal information is no longer required for these legitimate purposes, or upon the expiry of applicable retention periods, we will take appropriate steps to securely delete or anonymize it in a manner that prevents re-identification and ensures it cannot be reconstructed or read. Anonymized data, which no longer identifies you, may be retained for longer periods for statistical or research purposes.

9. Children's Privacy

Our services, website, and marketing efforts are not designed for or intentionally directed at individuals who are considered children under applicable national laws (generally, this means individuals under the age of 18, though this may vary slightly by jurisdiction). We do not knowingly or intentionally collect personal information from children. If we become aware that we have inadvertently collected personal information from a child without verifiable parental consent (or consent from a legal guardian, as required by law), we will take immediate and appropriate steps to delete such information from our records as soon as possible. If you are a parent or legal guardian and you believe that your child has provided us with their personal information without your consent, please contact us immediately using the details provided in the "Contact" section. We will work with you to address the issue and remove the child's information from our systems. We encourage parents and guardians to take an active role in their children's online activities and interests to ensure their privacy is protected.

10. Changes to This Privacy Policy

We may need to update or revise this Privacy Policy from time to time to reflect changes in our business practices, the services we offer, technological advancements, or evolving legal and regulatory requirements related to data protection. When we make any changes to this Privacy Policy, we will revise the "Last Updated" date at the top of this document. If the changes are material or significant in nature (i.e., they substantially alter how we collect, use, or share your personal information), we will endeavor to provide a more prominent notice before the changes take effect. This may include, where feasible and appropriate, direct communication to you via email (if we have your current contact information on file and the nature of the change warrants such direct notification) or a clear and conspicuous notice on our website's homepage or relevant service platforms. We strongly encourage you to review this Privacy Policy periodically to stay informed about how we are collecting, using, and protecting your information. Your continued use of our website or services after any changes or revisions to this Privacy Policy have been posted will constitute your acknowledgment and acceptance of the terms of the revised policy, subject to any consent requirements under applicable law.

11. Contact

If you have any questions, concerns, comments, or complaints about this Privacy Policy, our data handling practices, or if you wish to exercise any of your privacy rights as described herein, please do not hesitate to contact us. We are committed to addressing your inquiries and resolving any issues in a timely and fair manner. You can reach our Data Privacy team through the following channels:

ABEA Attention: Data Privacy Officer / Legal Department Email: privacy@abea.app or dpo@abea.app

When contacting us, please provide sufficient detail to allow us to understand and address your query or concern effectively. We are committed to working collaboratively with you to obtain a fair and transparent resolution of any complaint or concern you may have about our privacy practices.