Grilo
Back to home

Privacy Policy

Last updated: May 2026

Welcome to the Privacy Policy of Grilo.

This policy aims to inform and clarify Grilo's commitment to the privacy and security of personal data of its clients, partners and evaluated professionals, in compliance with the Brazilian General Data Protection Law (Law No. 13,709/2018 – LGPD) and applicable legislation.

Here you will find, in a clear and objective way, which data may be collected during Technical Due Diligence processes for M&A, investment and valuation, for what purpose it is processed and how we keep it protected.

1. Who we are

Grilo is a consultancy specialized in Technical Due Diligence for M&A, investment and valuation transactions, focused on the structured validation of technical human capital in technology companies. To get in touch, email contato@grilo.capital.

2. What we do

We perform technical evaluation of technology teams in M&A, investment and valuation processes. Our method combines analysis of public LinkedIn presence, structured interviews and practical validation to produce an auditable executive report, used by investors, funds and acquiring companies in decision-making.

3. To whom this policy applies

This policy applies to any individual or legal entity that interacts with Grilo, whether through the grilo.capital website, direct contact with our team or participation in a Technical Due Diligence process conducted by us.

4. Information collected

We collect data voluntarily provided by clients and evaluated professionals, as well as information publicly available on professional networks. Including:

  • Contact details (name, email, phone, company, role).
  • Professional information (CV, LinkedIn profile).
  • Answers and materials produced during interviews and technical validations.
  • Site navigation data (IP address, cookies, device, approximate geolocation).

5. Purpose of processing

The collected data is used exclusively to:

  • Conduct the contracted Technical Due Diligence and produce the executive report.
  • Maintain the commercial relationship and provide support to clients.
  • Comply with legal, regulatory and contractual obligations.
  • Improve the quality of our services and the website experience.

6. Legal basis

The processing of personal data by Grilo is carried out based on the data subject's consent, the performance of a contract, compliance with a legal obligation or legitimate interest, in accordance with articles 7 and 11 of the LGPD.

7. Data sharing and confidentiality

Grilo may share data with clients contracting the Due Diligence (within the scope of the technical report) and with technology vendors that support our operations (cloud storage, communication, scheduling). No data is sold to third parties, and sharing only occurs when necessary for the contracted purpose or when required by law.

All information exchanged within the context of a project is treated as Confidential Information and used exclusively for the purposes set forth in the contract signed with the contracting client. Grilo undertakes, on its own behalf and on behalf of its employees, representatives and contractors, to maintain strict confidentiality, with disclosure to third parties prohibited without the prior written consent of the party that owns the information.

Should Grilo be required, due to a request from a judicial or administrative authority, to disclose any Confidential Information, it will do so within the strict limits required and, whenever possible, will notify the owning party in advance so that appropriate legal measures may be taken to protect the information.

8. Storage period and confidentiality

Data is kept for the time necessary to fulfill the purpose for which it was collected, observing applicable legal and contractual periods. After this period, it is deleted or anonymized.

The obligation of secrecy and confidentiality over information shared within each project remains in force for the term of the respective contract and for 5 (five) years from its termination, except for information that has become public domain without violation of these obligations, has been independently developed or has been legitimately made available by third parties.

9. Data subject rights

Under the LGPD, the data subject may, at any time, request: confirmation of the existence of processing, access to data, correction of incomplete or outdated information, anonymization, portability, deletion of data processed based on consent, information about sharing and revocation of consent.

To exercise any of these rights, simply send an email to contato@grilo.capital.

10. Cookies and navigation data

We use cookies to keep the site running, remember preferences and, with your consent, produce aggregated statistics about site usage. We classify cookies into three categories:

  • Necessary: essential for the site to function (language preference, navigation, security). Always on and do not require consent.
  • Analytics: we use Google Analytics 4 (provider: Google LLC) and Microsoft Clarity (provider: Microsoft Corporation), which collects aggregated usage metrics and anonymous session recordings (heatmaps, clicks, scroll) to help us understand how visitors interact with the site and improve the experience. These cookies are only activated after your consent.
  • Marketing: reserved for potential advertising and remarketing campaigns. Not currently in use, and any future activation will also depend on your explicit consent.

We implement Google Consent Mode v2: by default, analytics and marketing cookies are denied, and no measurement data is sent to Google before your choice. You can accept, reject or fine-tune your preferences in the banner shown on your first visit and revisit your decision at any time via the "Cookie Preferences" link in the footer. You may also block cookies directly in your browser settings, aware that some functionality may be affected.

11. Information security

We adopt appropriate technical and organizational measures to protect data against unauthorized access, loss, alteration or improper disclosure. Even so, no system is completely immune to incidents, and we are committed to notifying data subjects and the competent authority whenever applicable.

12. External links

Grilo's website may contain links to third-party pages. We are not responsible for the privacy policies of these sites and recommend that they be reviewed before any interaction.

13. Changes to this policy

This policy may be updated periodically to reflect changes in our services or in legislation. The current version will always be available on this page, with its respective update date.

14. Contact

For questions, requests or to exercise rights related to your personal data, contact us by email at contato@grilo.capital or via WhatsApp +55 11 97893-8688.