Privacy Policy

Xpec - Next Freela Platform

Updated on April 26, 2026.

This document was prepared based on the public structure of the Skip platform privacy policy, adapted for the Xpec product and Next Freela's operation. Legal review is recommended before publication or contractual use.

This Privacy Policy ("Policy") describes how Xpec processes personal data in the context of providing its services. This document applies to website visitors, registered users, organization members, account administrators, and other persons who interact with the Platform.

1. Who we are

1.1 Xpec is an AI-assisted product and documentation tool for creating, adapting, organizing, reviewing, and exporting product specifications, including business specifications, UX specifications, design system specifications, functional requirements, user journeys, product comparisons, and reusable Markdown files.

1.2 Xpec is made available by Next Freela, a private legal entity enrolled with CNPJ under No. 42.122.520/0001-17, with address at R Alves Guimaraes, 385, Apt 44, Pinheiros, Sao Paulo/SP, ZIP Code 05410-000 ("Next Freela", "we", or "Controller").

1.3 Next Freela acts as controller of the personal data processed within the Platform, under Law No. 13.709/2018, the Brazilian General Data Protection Law ("LGPD"), without prejudice to cases in which it may act as processor on behalf of corporate clients, according to a specific agreement.

1.4 Questions, requests, or inquiries related to personal data protection may be submitted through the official channels made available by Next Freela.

2. Terms and definitions

2.1 To make this Policy easier to understand:

a) "Data" means information that may or may not identify a person, company, device, account, organization, document, or usage event.

b) "Personal Data" means information related to an identified or identifiable natural person.

c) "Cookies" means small files or similar technologies stored on the user's device to enable functionality, preferences, authentication, security, usage analysis, or marketing, as applicable.

d) "Processing" means any operation performed with personal data, such as collection, access, use, storage, classification, sharing, deletion, anonymization, or alteration.

e) "Consent" means a free, informed, and unequivocal manifestation by which the data subject agrees to the processing of personal data for a specific purpose.

f) "Data Protection Officer" or "DPO" means the channel or person responsible for acting as the point of contact on personal data protection, when applicable.

g) "Legal Bases" means the hypotheses provided in the LGPD that authorize personal data processing.

h) "LGPD" means the Brazilian General Data Protection Law, Law No. 13.709/2018.

i) "User Content" means prompts, documents, references, specifications, files, comments, notes, images, product data, and other information entered or generated by the User on the Platform.

3. Personal data collected

Information provided by the user

3.1 When using the Platform, we may collect personal data provided directly by the user, such as name, email address, phone number, company, job title, organization, account preferences, profile information, and data necessary for Account creation, authentication, maintenance, and support.

3.2 We may also process User Content entered into the Platform, including prompts, product specifications, notes, Markdown documents, reference materials, links, files, images, comments, product decisions, product settings, and other information necessary for generating, editing, organizing, reviewing, and exporting specifications.

3.3 Payment-related data may be processed by specialized providers certified according to applicable security standards. Next Freela does not fully store sensitive credit card data when processing is carried out by payment intermediaries.

Information collected automatically

3.4 In addition to information provided directly, the Platform may automatically collect technical data, such as IP address, device identifiers, browser type, operating system, access records, authentication logs, usage events, feature interactions, performance metrics, errors, credit usage, exports, action history, and information related to service security and stability.

3.5 This information is used to ensure environment security, prevent fraud, authenticate users, diagnose failures, monitor availability, provide support, improve the experience, enhance features, and comply with legal or regulatory obligations.

3.6 The Platform may use cookies and similar technologies for essential functionality, session maintenance, preferences, performance measurement, usage analysis, and, when applicable and authorized, marketing activities.

4. Data processing in artificial intelligence

4.1 Xpec uses artificial intelligence resources to generate, transform, compare, review, summarize, and structure product specifications based on commands, references, and materials provided by users.

4.2 Content entered in prompts or documents is processed for the purpose of producing the requested response, executing contracted features, maintaining history, enabling assisted editing, improving workflows, and enabling exports.

4.3 Next Freela does not require the entry of personal, confidential, or sensitive data in prompts or documents. If the user enters such data, the user declares that they have authorization, legal basis, and adequate need for such processing and is responsible for the content entered.

4.4 Next Freela does not use identifiable personal data entered in prompts, documents, or reference materials to train artificial intelligence models without prior, express, and specific consent, when required by law or by the applicable policy.

4.5 Aggregated, anonymized, or directly de-identified data may be used for technical improvement of the Platform, including workflow improvement, template quality, feature performance, failure detection, and security.

4.6 The Platform may perform automated analyses related to usage patterns, feature personalization, recommendation of specification structures, and detection of anomalous behavior, always observing necessity, proportionality, and security.

5. Reasons for processing

5.1 We process personal data based on the legal bases provided in the LGPD, according to the purpose of each processing activity, including:

a) performance of a contract or preliminary procedures to enable registration, authentication, Platform use, document generation, collaboration, export, and support;

b) compliance with legal or regulatory obligations, including maintenance of records and tax, accounting, consumer protection, and security obligations;

c) legitimate interest of Next Freela for security, fraud prevention, Platform improvement, usage analysis, support, protection of rights, and operational communications, always considering necessity, proportionality, and impact on data subjects;

d) consent, when necessary for specific purposes, such as certain marketing communications or the use of non-essential cookies;

e) regular exercise of rights in judicial, administrative, or arbitration proceedings.

6. Data sharing

6.1 Personal data may be shared with service providers that help operate the Platform, including cloud hosting providers, authentication providers, infrastructure providers, databases, monitoring tools, payment processors, support, communications, usage analysis, and artificial intelligence resource providers.

6.2 Contracted third parties must observe confidentiality, information security, and data processing obligations according to Next Freela's instructions and standards compatible with the LGPD.

6.3 We may also share data when necessary to comply with a legal obligation, order from a competent authority, regular exercise of rights, fraud prevention, Platform protection, user protection, or investigation of violations of these Terms and applicable policies.

6.4 In corporate accounts, usage data, documents, members, permissions, and activities may be accessible to organization Administrators, according to the applicable account settings and permissions.

7. International data transfer

7.1 Considering the digital nature of the Platform and the use of infrastructure, processing, security, payment, analytics, and artificial intelligence providers, personal data may be transferred to other countries.

7.2 When international transfer occurs, Next Freela will adopt appropriate safeguards, such as specific contractual clauses, assessment of the level of protection, technical security measures, access controls, encryption, and confidentiality commitments, according to applicable law.

8. Retention period

8.1 Personal data will be kept for as long as necessary to fulfill the purposes for which it was collected, including the duration of the contractual relationship, Account maintenance, service provision, support, security, fraud prevention, regular exercise of rights, and compliance with legal, tax, accounting, or regulatory obligations.

8.2 User Content may be kept while the Account or organization is active, according to Platform settings, subscribed Plan, User requests, legal obligations, and technical backup periods.

8.3 Security logs, access records, and technical events may be stored for a period compatible with security, auditing, fraud prevention, incident investigation, and Platform protection purposes.

8.4 Once the applicable purposes or legal periods have ended, the data will be deleted, anonymized, or securely archived, according to technical and legal criteria.

9. Security measures implemented

9.1 Next Freela adopts reasonable and appropriate technical and administrative measures to protect personal data against unauthorized access, destruction, loss, alteration, communication, improper dissemination, or improper processing.

9.2 Measures may include encryption in transit and, when applicable, at rest; role-based access control; authentication; permission segregation; monitoring of the technology environment; audit records; backups; supplier review; and incident response procedures.

9.3 No system is completely immune to failures, attacks, or unauthorized access. If a security incident occurs that may cause relevant risk or harm to data subjects, we will adopt the assessment, mitigation, and communication measures required by applicable law.

10. Data subject rights

10.1 Under the LGPD, the personal data subject may request:

a) confirmation of the existence of processing;

b) access to personal data;

c) correction of incomplete, inaccurate, or outdated data;

d) anonymization, blocking, or deletion of unnecessary, excessive, or unlawfully processed data;

e) portability, subject to applicable regulation;

f) information about data sharing;

g) information about the possibility of refusing consent and the consequences of refusal;

h) revocation of consent, when applicable;

i) objection to processing based on legitimate interest when there is non-compliance with the LGPD;

j) review of decisions made solely based on automated processing of personal data, when applicable.

10.2 Requests may be submitted through Next Freela's official channels. We may request additional information to confirm the identity of the requester and protect data security.

10.3 Some requests may be refused, limited, or partially fulfilled when there is a legal retention obligation, need for preservation for regular exercise of rights, fraud protection, trade secret, Platform security, or another justification provided by law.

11. Updates to this Policy

11.1 Next Freela may update this Policy to reflect legal, regulatory, technical, commercial, operational, or security changes.

11.2 The updated version will be published in the Platform's official environments, and additional communication may be provided in case of material changes.

11.3 We recommend that the User consult this Policy periodically to stay informed about how personal data is processed.