1. Data controller
RC Soluções Tecnológicas is the controller of personal data processed through the Flectus platform, under Brazil’s General Data Protection Law (Law No. 13,709/2018 — LGPD).
Each contracting gym or organization (tenant) may act as a processor or joint controller regarding data of students, guardians, teachers, and other users registered under its account, according to the contract, account settings, and purpose of use of the platform.
2. Data we collect
Depending on how you use Flectus, we may process the following categories of data:
- Account and registration data: name, email, phone, WhatsApp, password (stored encrypted), profile photo, access role (administrator, coordinator, teacher, student, platform super admin), and link to the contracting gym.
- Gym and operational data: gym name, segment, units/branches, modalities, classes, graduations, attendance, terminology settings, logos, colors, and other operational parameters defined by the tenant.
- Student and guardian data: date of birth, documents (CPF, ID), address, blood type, registration number, status, graduation history, enrolled classes, legal guardian (when applicable), and notes entered by the gym.
- Financial data: tuition and payment records, references, due dates, billing status, and integrations with gateways (Mercado Pago, Asaas, PagSeguro, Stone, Stripe). Full card data is not stored on our servers when processing is handled by the payment provider.
- Digital contracts: information required to generate and collect signatures (e.g., via D4Sign), when enabled by the gym.
- Communication and WhatsApp: connected numbers, templates, bulk or individual send history, and message metadata when the WhatsApp integration is used by the tenant.
- Educational content: videos, categories, lesson progress, minimum access levels, and premium content completion records.
- Push notifications: device tokens (Web Push / FCM / APNs) for operational alerts, support, and authorized communications.
- Support and tickets: subject, messages, attachments, and support history between users and the Flectus team.
- Technical and usage data: IP address, browser type, operating system, session identifiers, language cookie, access logs, errors, and performance metrics required for platform operation and security.
3. How we use data
We use personal data for purposes such as:
- Providing gym, class, student, teacher, and unit management services.
- Processing enrollments, attendance, graduations, and operational reports.
- Enabling billing, platform subscriptions, and payment integrations.
- Generating, sending, and tracking digital contracts when enabled.
- Delivering video content, the student area, and mobile app (PWA/Capacitor).
- Sending communications via WhatsApp, email, or push, according to settings and consent.
- Authenticating users, managing permissions, and segregating data by gym (multi-tenant).
- Providing technical support, improving the platform, and preventing fraud, abuse, and security incidents.
- Complying with legal, regulatory obligations and orders from competent authorities.
4. Legal bases (LGPD)
Processing of personal data on Flectus may rely on:
- Contract performance — to provide the service to the tenant and registered users.
- Legitimate interest — platform security, fraud prevention, service improvement, and operational continuity, respecting data subject rights.
- Consent — e.g., marketing communications, optional push notifications, or integrations requiring explicit authorization.
- Legal obligation — when required by law, regulation, or competent authority.
- Credit protection and regular exercise of rights — in collection processes and defense in judicial or administrative proceedings, when applicable.
5. Data sharing
We do not sell personal data. We may share information only when necessary to operate Flectus, with:
- Infrastructure providers — cloud hosting, file storage, email delivery, push notifications, and error monitoring.
- Payment intermediaries — to process platform subscription charges and, when configured by the gym, student payments.
- Digital signature providers — for contract generation and signature collection when enabled.
- Messaging providers — for WhatsApp or SMS delivery, according to the tenant’s active integration.
- Contracting gyms — administrators and authorized staff access data of students and operations linked to their unit, according to permissions and internal policy.
- Public authorities — when required by law or court order.
All partners are contractually required to treat data confidentially and only for authorized purposes.
6. Data retention
We retain data for as long as necessary to fulfill the purposes described in this policy, meet legal obligations, resolve disputes, and enforce our agreements.
Financial records, contracts, audit logs, and academic history may be kept for periods defined in the contract with the gym or for the minimum period required by applicable law.
After account or contract termination, data may be anonymized or deleted, except when retention is required by law or for the regular exercise of rights.
7. Security
We adopt technical and organizational measures to protect personal data, including encrypted communication (HTTPS/TLS), role-based access control, segregation by gym (tenant), and secure development practices.
No transmission or storage method is 100% secure. In the event of a relevant incident, we will take appropriate measures and notify data subjects and the ANPD when required by law.
8. Your rights as a data subject
Under the LGPD, you may request, as applicable:
- Confirmation of processing and access to data.
- Correction of incomplete, inaccurate, or outdated data.
- Anonymization, blocking, or deletion of unnecessary data.
- Portability of data to another service provider.
- Deletion of data processed based on consent.
- Information about sharing and the possibility of withholding consent.
- Revocation of consent when that is the legal basis.
To request account deletion, visit flectus.app/excluir-conta or use the link in the footer of this page.
Students and guardians may also contact the gym where they are registered for requests related to data processed in that unit’s context.
9. Children and adolescents
Flectus may be used by gyms to manage underage students. In such cases, registration is performed by the gym or legal guardian, who should provide only data necessary for educational and sports services.
We do not intentionally collect children’s data independently, outside the relationship with the contracting gym and, when required, guardian consent.
10. Cookies and similar technologies
We use cookies and local browser storage to maintain your authenticated session, remember preferences (such as interface language), and enable features such as web push notifications.
You can configure your browser to refuse cookies; some features may not work correctly.
11. Changes to this policy
We may update this Privacy Policy periodically. The current version will always be available on this page, with the update date indicated at the top.
Material changes may be communicated by email, platform notification, or other appropriate means.
12. Contact
For questions, privacy-related requests, or to exercise your rights regarding data processed on Flectus, contact RC Soluções Tecnológicas:
- Email: contato@rcsolucoes.com.br
- Phone / WhatsApp: +55 (61) 98100-4544
- Operator website: rcsolucoes.app.br