← Back to home

Privacy Policy

Last updated: April 29, 2026

1. Data Controller

The controller of personal data collected through this website is Tráfego para Consultórios, owned by Brian Souza Nogueira, headquartered in Brasília — DF, Brazil. For data protection inquiries, contact us at [email protected].

2. Personal Data Collected

We collect the following personal data through forms available on our website:

  • Full name
  • Email address
  • WhatsApp/phone number
  • Medical specialty
  • City and state of practice
  • Information about the medical practice (when provided)

In addition to data provided directly, we may automatically collect navigation data such as IP address, browser type, pages visited, time spent, and access source through analytics tools.

3. Purpose of Processing

Personal data is processed for the following purposes:

  • Commercial contact: to present our medical marketing services, including Google Ads and Meta Ads management.
  • Lead qualification: to evaluate the professional's profile and offer the most appropriate solution.
  • Marketing communications: to send relevant information about our services, news, and educational content.
  • Service improvement: to analyze navigation data and optimize the website experience.
  • Legal compliance: to meet applicable legal and regulatory requirements.

4. Legal Basis for Processing

The processing of your personal data is based on the following legal bases under the Brazilian General Data Protection Law (Law 13.709/2018 — LGPD):

  • Consent (Art. 7, I): by voluntarily filling out our forms, you consent to the processing of data for the stated purposes.
  • Legitimate interest (Art. 7, IX): for commercial contact and lead qualification, respecting your rights and expectations.
  • Compliance with legal obligation (Art. 7, II): when necessary to meet legal requirements.

5. Data Storage and Security

Personal data collected is stored on secure servers with the following protection measures:

  • Encrypted transmission via HTTPS/TLS in all communications.
  • HMAC-SHA256 signature for integrity validation of submitted data.
  • Restricted access to data by authorized personnel only.
  • Database protected by authentication and access control.
  • Periodic backups to prevent data loss.

6. Retention Period

Personal data will be retained for the period necessary to fulfill the purposes described in this policy, observing the following criteria:

  • Lead data: retained for up to 2 (two) years after the last contact, unless deletion is requested.
  • Client data: retained during the contractual relationship and for 5 (five) years after termination, in accordance with Brazilian fiscal and commercial legislation.
  • Navigation data: retained for up to 12 (twelve) months.

7. Your Rights as a Data Subject

Under the LGPD, you have the following rights regarding your personal data:

  • Confirmation and access: confirm the existence of processing and access your data.
  • Correction: request correction of incomplete, inaccurate, or outdated data.
  • Anonymization, blocking, or deletion: request appropriate treatment of unnecessary or excessive data.
  • Portability: request data portability to another service provider.
  • Deletion: request deletion of data processed based on consent.
  • Information about sharing: learn which entities have received your data.
  • Consent revocation: revoke consent at any time.

To exercise any of these rights, send a request to [email protected] with the subject “LGPD Rights”. We will respond within 15 (fifteen) business days.

8. Cookies and Tracking Technologies

Our website may use the following technologies:

  • Google Analytics: for traffic analysis and navigation behavior, with anonymized data.
  • Google Tag Manager: for managing tags and monitoring scripts.
  • Functional cookies: required for proper website functioning.
  • Tracking pixels: for measuring marketing campaigns (Meta Ads, Google Ads).

You may configure your browser to refuse cookies or be alerted when one is being sent. Note that disabling cookies may affect website functionality.

9. Data Sharing

Your personal data is not sold to third parties. We may share it only in the following cases:

  • Analytics tools: Google Analytics and Google Tag Manager for analysis purposes (anonymized data).
  • Advertising platforms: Meta and Google for campaign optimization (aggregated data).
  • Legal obligation: when required by competent authority or court order.

10. International Data Transfer

Some of our service providers (such as Google and Meta) may process data on servers located outside Brazil. In such cases, we ensure that transfers comply with the LGPD, guaranteeing an adequate level of data protection.

11. Changes to This Policy

This Privacy Policy may be updated periodically. Any changes will be published on this page with the revised update date. We recommend reviewing this page regularly.

12. Contact and Data Protection Officer (DPO)

For questions, requests, or complaints about the processing of your personal data, contact our data protection officer:

If you believe the processing of your personal data violates the LGPD, you may also file a complaint with the Brazilian National Data Protection Authority (ANPD).

13. Use of the Google Ads API and Treatment of Client Data

Tráfego para Consultórios operates as a digital marketing agency and uses the official Google Ads API to manage the Google Ads accounts of its medical clients. This section describes, in compliance with the Google API Services User Data Policy and the Google Ads API Terms of Service, how we access, use, and protect data accessed via the API.

13.1. Who owns the data accessed via the Google Ads API

Data accessed via the Google Ads API belongs to the contracting medical clients of our agency — each client is the owner and controller of their own Google Ads account. Tráfego para Consultórios acts as an authorized operator agency through a Manager Account (MCC 836-905-8105), with linkage explicitly approved by the client.

13.2. Types of data accessed

  • Campaign structure, ad groups, keywords, ads, and extensions.
  • Budget settings, bids, geographic targeting (Brazil), and demographic targeting.
  • Performance metrics: impressions, clicks, cost, conversions, CPA, ROAS.
  • Aggregated performance reports of client accounts.

We do not access end-user personal data (potential patients clicking on ads) via the Google Ads API. Patient lead collection is performed exclusively through contact forms on the clients' own websites, with LGPD consent, as described in Sections 2 to 7 of this policy.

13.3. Purposes of using the Google Ads API

  • Programmatic creation and optimization of Google Ads campaigns (Search, Performance Max, Display, YouTube) for contracted medical clients.
  • Continuous performance monitoring and automated adjustment of bids, budgets, and targeting.
  • Generation of monthly performance reports delivered to clients.
  • Compliance auditing with Brazilian Federal Council of Medicine Resolution 2.336/2023 and Google Ads Healthcare policies.

13.4. Storage, security, and retention

  • OAuth 2.0 access tokens issued by Google for our application are stored in encrypted form on agency-controlled servers and never shared with third parties.
  • Campaign data synchronized locally is protected by TLS in transit and encryption at rest, with access restricted to authorized personnel.
  • Tokens and campaign data are automatically deleted upon contract termination or immediately when the client revokes the Manager Account link.

13.5. Sharing

Client Google Ads campaign data is not sold, transferred, or shared with third parties. Access is restricted to authorized technical staff of Tráfego para Consultórios for the exclusive purpose of managing contracted campaigns.

13.6. Rights of medical clients

  • Revoke the Manager Account link at any time, immediately terminating our access to the Google Ads account.
  • Request deletion of all campaign data synchronized in our systems.
  • Request complete reports on which data has been accessed and for how long.
  • Receive, upon request, a complete copy of the campaign structures managed on their behalf.

13.7. Compliance with Google policies

Tráfego para Consultórios fully complies with:

  • Google Ads API Terms of Service.
  • Google API Services User Data Policy — including Limited Use requirements.
  • Required Minimum Functionality (RMF) of the Google Ads API.
  • Google Ads policies, in particular the Healthcare and medicines sector restrictions.

For specific questions about Google Ads API usage or to exercise any of the rights described in this section, contact us at [email protected] with the subject “Google Ads API”.