Skip to main content

LGPD and Security

Accelero's role in compliance with the Brazilian General Data Protection Law (LGPD) focuses on two concrete points:

  1. Protection against leakage — the personal and sensitive data processed by the platform is protected at rest, in transit, and on access.
  2. Retention and cleanup — the platform provides purge routines so that data is not stored longer than necessary.

The purposes, legal bases, and retention periods of processing are defined by the customer (data controller); Accelero provides the technical tools to implement them.

Technical security on its own page

The platform's security mechanisms and architecture (authentication, session, RBAC, multi-company isolation, physical access engine, encryption, MQTT, and infrastructure) are consolidated in Security and Architecture.


Personal data protection

Data processed

Common personal data: name, document (CPF/RG), photo, phone, email, and address — most of it optional, depending on the person's record.

Sensitive data:

  • ⚠️ Biometrics (fingerprint and facial templates)
  • ⚠️ Health data, when entered in customer-configurable custom fields

Access data: entry/exit events, timestamps, locations, and camera images.

Protection mechanisms (leak prevention)

The controls below protect personal data at rest, in transit, and throughout its life cycle:

ControlWhat it does
Photo encrypted at restPeople's photos are encrypted (AES) on write and decrypted only on read.
Photo served with authorizationImages are only delivered to authenticated operators, after authorization is verified on the server.
Upload sanitizationEvery uploaded image is reprocessed to JPEG and stored outside the web root, removing embedded code.
Encrypted QR CodeAccess and invitation QR Codes carry data encrypted with a random nonce — they cannot be forged.
Irreversible passwordOperator passwords in bcrypt: even with database access, they cannot be recovered.
Multi-company isolationAn operator only accesses data from the companies they are linked to — another company's data never enters the result.
Biometrics removalBiometric templates can be removed from the person and from the devices.

Full technical detail (encryption, authentication, session, auditing, MQTT, infrastructure) in Security and Architecture.

Record access, correction, and deletion

Querying, correcting, and deleting a person's data are native operations of the record, and data can be exported to CSV. In practice, this supports handling data-subject requests — whose formal process (channel, deadline, documentation) is defined by the customer.


Data retention and cleanup

Accelero runs automatic purge routines that remove data based on retention time or inactivity — the technical foundation for not storing data longer than necessary.

What gets purged: logs, access events, reports, photos, and inactive records.

How it works:

  • Deletion by retention time or inactivity, executed by the maintenance routines.
  • Logical deletion (soft delete) before physical removal, preserving the operation trail.
Deadlines are defined by the customer

The product does not impose a fixed retention period. Each organization configures the retention periods according to its retention policy and the legal bases applicable to its context. Accelero provides the mechanism; the "how long to keep" rule belongs to the controller.


Responsibilities

Division of responsibilities

Accelero is a tool (software). Responsibility for LGPD compliance is divided as follows:

  • Data controller — the customer/organization that uses Accelero.
  • Data processor — Iongrade, when applicable, as per contract.

The customer (controller) is responsible for:

  • Defining the purpose and legal basis of processing (consent, legitimate interest, legal obligation, etc.).
  • Defining retention periods and configuring the purge accordingly.
  • Handling data-subject requests.

Iongrade provides:

  • Technical tools for data protection and cleanup.
  • Security measures to prevent leakage.
  • Documentation and support.

Next Steps