International Data Protection

The data controller for all personal data processed through the Set My Agents platform is:

As a US-based company serving an international user base, Arvex processes personal data in the United States. By using our Platform, users consent to the international transfer and processing of their personal data. We implement appropriate technical and organizational safeguards to protect data regardless of where it is processed.

For users located in the European Union or European Economic Area, we process personal data in accordance with the General Data Protection Regulation (EU 2016/679). Our lawful bases for processing include:

• Consent (Art. 6(1)(a)): obtained at registration, freely given and informed;
• Contract performance (Art. 6(1)(b)): processing necessary to deliver the contracted Service;
• Legitimate interest (Art. 6(1)(f)): platform improvement, aggregated analytics, and security;
• Legal obligation (Art. 6(1)(c)): compliance with tax, accounting, and regulatory requirements.

Your rights under the GDPR:

• Right of access (Art. 15)
• Right to rectification (Art. 16)
• Right to erasure / "right to be forgotten" (Art. 17)
• Right to restriction of processing (Art. 18)
• Right to data portability (Art. 20)
• Right to object (Art. 21)
• Right to withdraw consent at any time (Art. 7(3))
• Right to lodge a complaint with a supervisory authority

International transfers: Data is transferred to the USA where Arvex is headquartered. We rely on Standard Contractual Clauses (SCCs) and appropriate supplementary measures to ensure an adequate level of data protection as required by Chapter V of the GDPR.

For California residents, we comply with the California Consumer Privacy Act (CCPA) and its amendments under the CPRA. Under the CCPA, "personal information" includes identifiers, commercial information, internet activity, and geolocation data.

Your rights under the CCPA:

• Right to know: request disclosure of the categories and specific pieces of personal information we have collected;
• Right to delete: request deletion of your personal information, subject to certain exceptions;
• Right to opt-out of sale: we do NOT sell personal information. No opt-out is necessary;
• Right to non-discrimination: we will not discriminate against you for exercising any of your CCPA rights.

Categories of data collected: identifiers (name, email, phone), commercial information (payment and subscription data via Stripe), internet/network activity (IP, browser, usage data), and geolocation (IP-based).

We do NOT sell, rent, or trade personal information to third parties. We may share anonymized, aggregated data for analytics and marketing purposes.

Although headquartered in the United States, Arvex Global LLC serves Brazilian users through the Set My Agents platform and voluntarily commits to compliance with Brazil's Lei Geral de Proteção de Dados (Law No. 13.709/2018 — LGPD). Our lawful bases for processing under the LGPD include:

• Consent (Art. 7, I): obtained at registration, freely given, informed, and unambiguous;
• Contract performance (Art. 7, V): processing necessary to deliver the contracted Service;
• Legitimate interest (Art. 7, IX): platform improvement, aggregated analytics, and user experience optimization;
• Legal obligation (Art. 7, II): compliance with tax and regulatory requirements.

Your rights under the LGPD (Art. 18):

• Confirmation of the existence of data processing
• Access to personal data
• Correction of incomplete or inaccurate data
• Anonymization, blocking, or deletion of unnecessary or excessive data
• Data portability to another service provider
• Deletion of data processed based on consent
• Information about public and private entities data was shared with
• Revocation of consent at any time

International transfers: Personal data is transferred to the USA in compliance with Art. 33 of the LGPD, supported by standard contractual clauses and appropriate technical safeguards (TLS encryption, encryption at rest). Sub-processors (Supabase, AWS, Stripe) are contractually bound to privacy and security standards equivalent to or exceeding LGPD requirements.

For LGPD-specific requests, contact: support@setmyagents.com

In the event of a security incident that may pose a risk to the rights and freedoms of data subjects, we commit to:

• Notify the relevant supervisory authority (e.g., ANPD for LGPD, ICO for GDPR) within the legally required timeframe;
• Notify affected users, describing the nature of the data involved, the security measures in place, the risks, and the remediation steps taken;
• Take all necessary measures to minimize harm and prevent recurrence.

Regardless of which regulation applies to you, you can exercise your data protection rights by contacting us at the address below. We will respond to all legitimate requests within 15 business days of receipt.