Security & LGPD
Security, privacy and LGPD for physical-environment solutions
Blucom develops B2B technology for physical environments while considering information security, privacy and data protection from project design.
Digital maps, kiosks, video analytics, AI inspection and queue management can involve different types of data. Each project should be assessed according to environment, purpose, infrastructure, processed data and responsibilities between the parties.
Positioning
Trust as part of the technology
Blucom works in physical environments where experience, operations and data connect. Security and privacy should be part of project architecture, scope definition and the way data is collected, processed, stored and used.
Privacy by design
Each solution should consider which data is necessary, why it will be used and how to reduce unnecessary collection.
Operational security
B2B projects require access control, integration care, credential protection and good practices for handling data and images.
Client transparency
Blucom aims to clearly communicate which data may be processed, which responsibilities depend on the client and which safeguards should be defined in the project.
LGPD
How LGPD connects to Blucom projects
LGPD establishes rules for processing personal data. In technology projects for physical environments, this may involve form data, navigation data, kiosk interactions, usage records, images or other information related to identified or identifiable people.
The practical application of LGPD depends on each project context, the type of data processed, the purpose, the relationship between client and Blucom and the responsibilities defined by contract.
Clear purpose
Data should be processed for defined purposes, such as commercial contact, solution operation, indicator generation, support, product improvement or the contracted operation.
Data minimization
Whenever possible, projects should prioritize collecting only the data needed to fulfill the defined purpose.
Defined responsibilities
In B2B projects, it is important to define whether Blucom acts as controller, processor or technical partner for each data-processing activity.
Governance and documentation
Contracts, policies, service flows and technical documentation help organize responsibilities, legal bases, retention, security and communication with data subjects.
Data by product
Which data may appear in Blucom projects
Processed data varies according to product, environment and contracted scope. Not every project involves the same data or the same risks.
| Product | Data or information that may be processed | Recommended safeguards |
|---|---|---|
| Blumaps | Map usage data, searches, consulted routes, accessed points of interest, language, QR Code origin and digital interactions. | Use aggregated data whenever possible, avoid unnecessary identification and inform users according to the Privacy Policy. |
| Bluhub | Interaction data on kiosks or mobile, consulted services, forms, directories, calls or information submitted by the user when applicable. | Collect only necessary data, inform the purpose and protect forms, integrations and administrative access. |
| Blutrack | Images or video streams, derived data for counting, circulation, dwell time, heatmaps, object classes and operational indicators. | Define purpose, assess camera positioning, limit the analysis scope, avoid unnecessary individual identification and handle images with additional care. |
| Bluinspect | Images of parts, processes, evidence, defects, anomalies or operational records, which may involve people depending on the environment. | Limit the visual scope, avoid capturing people when unnecessary and organize retention, access and traceability of evidence. |
| Bluflow | Queue data, people volume, waiting time, peak hours, bottlenecks and service indicators. | Prioritize operational and aggregated indicators, avoiding individual identification when it is not necessary for the project. |
| Website contact | Name, email, phone, company, industry, solution of interest and message submitted through the form. | Inform the purpose, protect the form against spam, use safe validation and avoid unnecessary sharing. |
These examples do not mean mandatory collection. Data may be processed depending on the project, when there is a need and according to the contracted scope.
Video, images and AI
Care with video analytics, images and artificial intelligence
Solutions such as Blutrack and Bluinspect may use computer vision and artificial intelligence to turn images into indicators, evidence or operational data. This type of application requires special attention to scope, purpose and how images are processed.
Focus on operational indicators
Video analytics projects should prioritize data such as flow, counting, dwell time, heatmaps, queues, evidence and operational patterns according to the defined purpose.
Avoid unnecessary identification
When the purpose does not require individual identification, the project should avoid collecting or processing data that identifies people unnecessarily.
Facial recognition is not standard
Facial recognition should not be presented as a standard part of Blucom products. Any such capability, if ever present, should depend on a specific scope, legal assessment, suitable legal basis and explicit client approval.
Scope and retention
Each project should define which images or derived data will be processed, how long they will be retained, who will have access and for what purpose.
Information security
Security practices considered in projects
Each project security posture depends on architecture, infrastructure, integrations, products used and responsibilities defined with the client. Blucom communicates security practices precisely and without promising controls that are not proven for the project.
Access control
Administrative access should be restricted to authorized users with permissions suited to each person role in the project.
Credential protection
Keys, tokens, passwords and sensitive variables should not be exposed in the frontend or in public repositories.
Protected traffic
Whenever applicable, systems should use secure connections such as HTTPS to protect communication between users, applications and servers.
Form validation and protection
Forms should include validation, anti-spam protection, field sanitization and measures to reduce abuse by bots.
Environments and permissions
Proper separation between development, test and production environments helps reduce operational risk and improper exposure.
Monitoring and response
Projects should account for technical follow-up, failure analysis, corrections and incident-response flows according to environment criticality.
Responsibilities
Responsibilities between Blucom and the client
In B2B projects, privacy and data-protection responsibilities depend on each party role. In some cases, the client defines main purposes and means; in others, Blucom may process data to operate, support or evolve the solution.
Client as controller
When the client defines the processing purpose, environment, data used and operation rules, it may act as controller of personal data, according to the applicable legal assessment.
Blucom as processor
When Blucom processes data on behalf of the client to run a contracted solution, it may act as processor, following instructions, scope and responsibilities defined by contract.
Roles defined by project
The definition of controller, processor, joint responsibility or other roles should be assessed according to the specific case, processed data, purpose and contractual instruments.
Data-subject rights
Rights of data subjects
When personal data is processed, data subjects may have rights related to access, correction, deletion, information, objection and other requests provided by applicable law.
The response path may depend on who is the data controller in each project. In some cases, Blucom may direct requests to the client responsible for the processing.
contato@blucom.com.brPrivacy requests
The page indicates a channel for questions or requests related to privacy and data protection.
Proper routing
When Blucom acts as processor, certain requests may need to be routed to the controller client.
Record and response
Requests should be handled with proper record, analysis and response according to Blucom role in the project.
Website
Privacy on the Blucom website
Beyond the products, the Blucom website itself may use technologies for operation, access analysis, experience improvement and commercial support.
Contact forms
Data submitted through the form is used to respond to commercial requests, understand visitor interest and continue the conversation.
Cookies and analytics
The website may use necessary cookies and, when applicable consent exists, analytics technologies to understand usage, visits and page performance.
Scheduling and external channels
Links to WhatsApp, Calendly or other channels may direct users to third-party platforms, which are also subject to those services policies.
Turnstile or equivalent anti-spam technology
The contact form may use anti-spam and bot-protection mechanisms such as Cloudflare Turnstile or an equivalent solution, according to project technical configuration.
Documents
Documents that complement this page
The Security & LGPD page provides an institutional view. For projects, contracts and website use, other documents may complement the information.
Privacy Policy
Explains how Blucom processes personal data on the website, in commercial contacts and in the contexts described in the policy.
View Privacy PolicyCookie Policy
Explains how cookies and similar technologies may be used on the website and for which purposes.
View Cookie PolicyContract and DPA
B2B projects may require specific clauses about data processing, security, confidentiality, responsibilities and retention.
Talk to BlucomTechnical documentation
When applicable, projects may include documentation about architecture, integrations, processed data, permissions and operation.
Request informationCommon questions
Common questions about Security & LGPD
Need to assess security and LGPD in a Blucom project?
Talk to Blucom to understand which data may be involved, which products fit your environment and which technical and contractual safeguards should be considered in the project.