BOnCheckout · LegalSubmit a Ticket

Documents

  • Overview
  • Refund Policy
  • Cancellation Policy
  • Terms of Sale
  • Terms of Service
  • Privacy Policy
  • Statement Descriptor
  • Customer Support →

Charges appear as

BASEON LTD* [PRODUCT]

Don't recognize a charge? →

Privacy Policy

Last updated: 2026-05-03 · Effective date: 2026-05-03

1. Introduction

This Privacy Policy describes how ONCHECKOUT LTDA("OnCheckout," "we," "us," or "our") collects, uses, discloses, and protects personal data in connection with the OnCheckout platform, websites, dashboards, and related services (collectively, the "Services"). It is issued in compliance with the Brazilian General Data Protection Law (LGPD, Law No. 13.709/2018), the European General Data Protection Regulation (GDPR, Regulation (EU) 2016/679), and other applicable data protection laws.

2. Information We Collect

We collect the following categories of personal data:

  • Identity and contact data: name, email address, billing address, telephone number where provided.
  • Payment data: payment card brand, last four digits, expiration month and year, country of issuance, and a tokenized reference issued by our payment processors. OnCheckout never stores full card numbers (PAN), CVV codes, or magnetic-stripe data on its systems.
  • Transactional data: purchase history, order references, subscription status, refund and chargeback records.
  • Technical data: IP address, device fingerprint, browser type and version, operating system, language preferences, and timestamps.
  • Behavioral data: page views, click events, time on page, and other interaction signals collected through the OnCheckout Evidence SDK and similar instrumentation.
  • Communications: messages submitted to our support team, including ticket form entries and email correspondence.

3. Why We Process Your Data

We process personal data for the following purposes and on the following legal bases:

  • To process payments and fulfill orders (performance of contract).
  • To prevent fraud, abuse, and money laundering, including through Stripe Radar, internal velocity tracking, and device fingerprinting (legitimate interest and legal obligation).
  • To provide customer support, respond to inquiries, and resolve disputes (performance of contract and legitimate interest).
  • To comply with legal and regulatory obligations, including tax, accounting, and anti-money-laundering rules (legal obligation).
  • To improve and secure the Services, including analytics, debugging, and capacity planning (legitimate interest).
  • To send service-related communications, including renewal reminders, receipts, and security notices (performance of contract).

4. Sharing of Data

We share personal data only as needed and only with the following categories of recipients:

  • Payment service providers (Stripe, DLocal, Adyen, and other regulated processors) for the purpose of authorizing, settling, and reconciling transactions.
  • Vendors receive only the data strictly necessary to fulfill the order, such as customer name, email, shipping address (for physical goods), and order reference.
  • Service providers that support hosting, email delivery, fraud screening, and analytics, bound by written confidentiality and data-processing agreements.
  • Authorities when required by law, court order, or to protect rights, property, or safety.

We do not sell or rent personal data to third parties.

5. Cookies and Tracking

The Services use cookies, local storage, and similar technologies to maintain sessions, remember preferences, secure authentication, and collect aggregate usage analytics. The OnCheckout Evidence SDK records behavioral signals used for fraud prevention and product improvement. You may control non-essential cookies through your browser settings; disabling essential cookies may impair the functionality of the Services.

6. Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

  • Payment records and tax documentation: seven (7) years, as required by Brazilian tax and accounting law.
  • Behavioral and analytics data: up to twenty-four (24) months from collection, then aggregated or deleted.
  • Support communications: up to thirty-six (36) months following resolution of the matter.
  • Account data (Vendors): for the duration of the account and seven (7) years thereafter for compliance purposes.

7. Your Rights

Subject to applicable law, you have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate or incomplete data.
  • Delete your data, subject to retention obligations.
  • Restrict or object to certain processing activities.
  • Data portability in a structured, commonly used format.
  • Withdraw consent where processing is based on consent.
  • Lodge a complaint with the Brazilian National Data Protection Authority (ANPD) or your local supervisory authority.

To exercise any of these rights, contact privacy@oncheckout.com.br. We will respond within the timeframes required by applicable law, typically within fifteen (15) days under the LGPD.

8. International Transfers

OnCheckout is established in Brazil. To process payments and operate the Services, personal data may be transferred to the United States and other jurisdictions where our payment processors and infrastructure providers operate. Such transfers are protected by appropriate safeguards, including the European Commission's Standard Contractual Clauses (SCCs), supplementary technical and organizational measures, and equivalent mechanisms recognized under the LGPD for international data transfers.

9. Children's Privacy

The Services are not directed to and may not be used by individuals under the age of eighteen (18). We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will delete it without undue delay.

10. Security

We implement technical and organizational measures designed to protect personal data against unauthorized access, alteration, disclosure, or destruction. These measures include encryption in transit and at rest, role-based access controls, audit logging, and regular security assessments.

11. Changes to this Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the Services or by email and take effect on the date posted. We encourage you to review this Policy periodically.

12. Contact

For privacy inquiries, requests under the LGPD or GDPR, or to contact our Data Protection Officer, write to privacy@oncheckout.com.br. For general inquiries, contact support@oncheckout.com.br.

ONCHECKOUT LTDA · CNPJ 64.549.916/0001-88
Avenida Pref Osmar Cunha 416, Sala 1108, Centro, Florianópolis SC, 88015-100, Brazil

Customer support: support@oncheckout.com.br · Privacy: privacy@oncheckout.com.br

Need help? Submit a support ticket.

OnCheckout LTDA

CNPJ 64.549.916/0001-88 · Avenida Pref Osmar Cunha 416, Sala 1108, Centro, Florianópolis SC, 88015-100, Brazil

Customer support: support@oncheckout.com.br · Privacy: privacy@oncheckout.com.br

© 2026 OnCheckout LTDA. All rights reserved.