HydroVision Privacy Policy

Effective date: June 16, 2026

This Privacy Policy explains how Hydroforce Tecnologia Ltda processes personal data and operational information when HydroVision is used. It applies to the HydroVision web application, the HydroVision Android application and related authentication, operation, support and audit features.

1. Who we are

Controller: Hydroforce Tecnologia Ltda Brazilian company tax ID: 53.090.573/0001-10 Contact: contato@hydroforce.com.br

For this policy, "Hydroforce", "we" or "our" means Hydroforce Tecnologia Ltda. "HydroVision" means the digital platform made up of the web application, Android application, APIs, authentication services, operational databases, integrations and support resources.

2. Scope of this policy

This policy applies to HydroVision use by authorized users of customer companies, partners, service providers and Hydroforce teams. HydroVision supports sanitation operations, including device management, teams, sectors, campaigns, investigations, evidence, leaks, repairs, maps, field route traces, indicators and reports.

HydroVision may use third-party services for authentication, hosting, maps, infrastructure, error monitoring and communication. When these services are used, their own policies may also apply, without replacing this policy.

3. Google Sign-In, OAuth and Firebase Authentication

Some users may access HydroVision through Sign in with Google. This feature uses OAuth/OpenID Connect and Firebase Authentication to authenticate the user, validate the company's tenant and create a secure HydroVision session.

When the user signs in with Google, we may receive and process the following basic identity data returned by Google or Firebase Authentication:

  • Google Account e-mail address;
  • name or display name;
  • profile photo, when provided;
  • technical account or authenticated user identifier;
  • authentication tokens required to validate the session;
  • tenant, company, role and permissions associated with access.

This data is used only for authentication, security, linking the user to the correct company, permission control, access audit and technical support. HydroVision requests basic identity scopes, such as `email` and `profile`, when it uses Google Sign-In.

HydroVision does not request access to Gmail, Google Drive, Google Calendar, Google Photos, contacts, personal files, browsing history or private content from other Google products. HydroVision also does not publish content on behalf of the user and does not sell data obtained through Google Sign-In.

The user may manage or revoke permissions granted to the application in their Google Account settings. Revocation may prevent future Google Sign-In, but it does not automatically delete operational records or data that must be retained for legal obligations, contract performance, audit, security or operational history.

4. Data we may collect

The data processed depends on the user's role, associated company, device permissions and features actually used.

4.1 Registration and access data

We may process:

  • first name, last name and display name;
  • corporate e-mail or e-mail linked to Google Sign-In;
  • username;
  • phone number, job title, role and team, when applicable;
  • Brazilian CPF or another professional identifier, when required for registration, audit or company requirements;
  • company, Brazilian CNPJ, unit, sector, tenant, permission groups and access profile;
  • local password or credentials, when used, protected by appropriate security mechanisms;
  • records of acceptance of terms, policies and applicable versions.

4.2 Platform operational data

We may process data generated or entered during HydroVision use, including:

  • companies, sectors, investigation areas, routes, teams and linked users;
  • devices, sensors, loggers, installations, removals, status and asset history;
  • pressure, noise, telemetry, alert, measurement and time-series data;
  • suspected leaks, investigations, evidence, visited points, leaks, repairs and reinspections;
  • photos, videos, audio, notes, forms, attachments and associated metadata;
  • location, coordinates, addresses, route traces and georeferenced events;
  • reports, exports, dashboards, filters, queries and operational indicators.

4.3 Technical data, logs and diagnostics

We may collect technical data required for security, support and service improvement:

  • IP address, access date and time;
  • device, browser, operating system, app version and language;
  • session identifiers, authentication events and login failures;
  • error logs, crashes, performance data and API calls;
  • audit-relevant actions, such as creation, update, deletion, export or viewing of records.

4.4 Android device permissions

In the Android application, HydroVision may request permissions according to the feature being used:

  • Camera: record photos and videos of devices, installations, investigations, leaks, repairs and field evidence.
  • Microphone: capture audio associated with videos or operational records when required as evidence.
  • Location: display maps, position records, guide field activities, calculate productivity metrics, validate movements and maintain operational traceability.
  • Notifications: send alerts, operational notices, reminders, updates and service-related messages.
  • Files or storage: read or write files needed for operation, attachments, media, exports and configuration.

When law or the operating system requires consent, the application requests authorization before accessing the resource. The user may revoke permissions in device settings, but some features may no longer work properly.

5. Why we use data

We use personal and operational data to:

  • authenticate users and protect accounts;
  • allow local login or Google Sign-In;
  • identify the user's company, tenant, role and permissions;
  • operate HydroVision web and Android features;
  • record, document, monitor and audit field operations;
  • display maps, coordinates, routes, areas and georeferenced records;
  • process device data, measurements, alerts and telemetry;
  • generate reports, indicators, dashboards, history and traceability;
  • provide support, investigate failures and respond to requests;
  • comply with contracts, legal obligations, regulations and audits;
  • prevent fraud, misuse, security incidents and unauthorized access;
  • improve stability, performance, usability and platform security.

6. Legal bases

Where Brazilian data protection law applies, processing may rely on the following legal bases:

  • performance of a contract: providing HydroVision and fulfilling obligations with customers, partners and authorized users;
  • legitimate interests: maintaining security, audit, support, fraud prevention, service improvement and operational continuity;
  • compliance with legal or regulatory obligations: keeping records required by law, public contracts, audits or competent orders;
  • consent: processing location, notifications, media or other permissions when required by the operating system, law or feature configuration;
  • regular exercise of rights: preserving evidence required in administrative, arbitral or judicial proceedings.

When processing depends on consent, the user may revoke it at any time, subject to the technical and legal effects of revocation.

7. Data sharing

Hydroforce does not sell personal data. We may share data only when needed to operate, protect or comply with obligations related to HydroVision, including:

  • customer companies or contracting parties responsible for the operation and authorized users;
  • service providers and processors for infrastructure, hosting, authentication, storage, monitoring, support and communication;
  • technology providers required for Google Sign-In, Firebase Authentication, maps, notifications and application operation;
  • public authorities, regulators, audits, courts or third parties when required by law, valid order or defense of rights;
  • authorized partners involved in providing services, under confidentiality and data protection obligations.

Sharing is limited to the required purpose and must observe appropriate contractual, technical and organizational safeguards.

8. Storage, retention and security

Data may be stored in Brazil or in contracted cloud infrastructure, including providers with international operations. When international data transfer occurs, we adopt mechanisms compatible with Brazilian data protection law.

We retain personal and operational data for as long as needed to fulfill the purposes of this policy, perform contracts, preserve operational history, meet audits, comply with legal obligations, prevent fraud, resolve disputes and protect rights. Sanitation operational records may need to be retained for a period compatible with the technical, contractual and regulatory purpose of the operation.

We adopt reasonable security measures, such as access control, authentication, tenant segregation, role-based permissions, credential protection, audit logs, monitoring, encryption in transit and secure development practices. No system is completely free from risk, so users and companies must also protect accounts, devices and credentials.

9. Data subject rights

Under Brazilian data protection law, data subjects may request:

  • confirmation of processing;
  • access to personal data;
  • correction of incomplete, inaccurate or outdated data;
  • anonymization, blocking or deletion of unnecessary or non-compliant data;
  • portability, when applicable;
  • information about data sharing;
  • withdrawal of consent;
  • deletion of data processed based on consent, when applicable;
  • review of automated decisions, if applicable;
  • petition before the Brazilian Data Protection Authority.

To exercise rights, contact contato@hydroforce.com.br. We may request additional information to confirm identity, protect operational security and verify whether the request must be handled by Hydroforce or by the customer company responsible for the user.

10. Children and teenagers

HydroVision is a professional service for authorized companies and teams. It is not directed to children or teenagers. If we identify improper collection of children's or teenagers' data, we will take steps to delete, block or regularize it under applicable law.

11. User and company responsibilities

Users must access HydroVision only with their own accounts, protect credentials, follow internal permissions and enter truthful information needed for the operation. Customer companies must manage users, permissions, operational databases and usage instructions according to their legal, contractual and internal obligations.

12. Changes to this policy

This policy may be updated to reflect changes in HydroVision, authentication services, features, processing operations or legal requirements. The current version will be available at https://hydroforce.com.br/en/hydrovision/privacy-policy.

13. Contact

For questions, requests or privacy rights related to this Privacy Policy, contact:

Hydroforce Tecnologia Ltda Brazilian company tax ID: 53.090.573/0001-10 E-mail: contato@hydroforce.com.br