Privacy Policy

PedirDocumentos.pt is a technology platform for automated collection of official Portuguese documents, including documents from the Portuguese Tax Authority, Segurança Social Direta and Banco de Portugal.

For platform-owned data, the controller is:

• Entity: Além do Código, Lda.
• NIPC/NIF: 518014088
• Registered office: Rua Dom Francisco Gomes, no. 4, 1st A, 8000-306 Faro, Portugal
• Email: geral@pedirdocumentos.pt
• Phone: +351 967 015 157

The platform processes data in two different contexts, with different responsibilities:

• Users and registered companies: when a company creates an account, buys credits, requests support or manages its organisation, Além do Código processes that account and operation data as controller.
• Final clients and collections: when a company creates clients in the dashboard or sends a link to collect documents, the company decides the purpose of the request and the use of data and documents. In that context, PedirDocumentos acts as a technical processor and processes data on company instructions.

When a company or professional creates an account or uses the platform, we may process:

• name, email, phone, encrypted password and authentication identifiers;
• NIF/NIPC, organisation name, professional activity, address, city, postal code and billing email;
• data of employees or users associated with the organisation;
• account usage history, credits, payments, invoices, support and organisation settings;
• technical data such as IP address, security logs, authentication events, device, browser and timestamps.

When a company creates clients in the dashboard or a final client opens a collection link sent by that company, we may process only the data needed to perform the request:

• name, email, phone, notes and minimal client or request data when provided by the company;
• requested documents and collection status;
• NIF, NISS, official portal credentials and 2FA/SMS/email codes when needed;
• documents obtained, PDF files, metadata, filename, size, document type and timestamps;
• technical data needed for security, abuse prevention and service operation.

For security, diagnostics and prevention of blocks on official portals, we may process technical records associated with the collection, such as collection identifier, processing identifier, portal used, attempt status and error type. These records do not include the password or entered credentials and do not require creating an identifier based on the NIF.

We process data for the following purposes:

• Account management and platform provision: performance of a contract or pre-contractual steps.
• Document collection requested by a company: instruction from the controller company and the authorisation/mandate indicated in the collection form.
• Payments, credits and invoicing: contractual performance and legal tax/accounting obligations.
• Security, fraud and abuse prevention: legitimate interest and obligation to protect systems and data.
• Support, communication and operational improvement: contractual performance and legitimate interest in providing support and keeping the service reliable.
• Legal compliance and responses to authorities: legal obligation where applicable.

When PedirDocumentos acts as a technical processor, the company that requested the collection must ensure the appropriate legal basis to request, receive and use its client documents.

• Official portal credentials and 2FA codes: automatically deleted when the process ends successfully, fails or is cancelled.
• Account and organisation data: retained while the account is active and for the period needed to comply with legal obligations or defend rights.
• Clients, collections and documents: retained in the company account until deleted by the company or user, or until account closure, unless a legal obligation or valid instruction requires otherwise.
• Payments, invoices and accounting records: retained for applicable legal periods.
• Technical and security logs: retained for the period needed for security, audit, diagnostics and abuse prevention.
• Technical authentication and failure records: retained only for the period needed for security, audit, diagnostics and prevention of blocks on official portals, generally for a short period.

We do not sell personal data. We may disclose or make data available only when necessary:

• To the company that requested the collection: documents, request status and metadata needed for the process.
• To official portals: data and credentials needed to authenticate and obtain the requested documents.
• To infrastructure providers: services such as Supabase, Vercel, Railway, Stripe and other technical providers needed for operation, hosting, authentication, storage, payments, logs and security.
• To public or judicial authorities: when there is a legal obligation or valid order.

Processors are selected considering appropriate security and data protection guarantees and are used only for the purposes needed to provide the service.

Some technology providers may process data outside the European Economic Area. When this happens, we apply GDPR mechanisms such as adequacy decisions, European Commission standard contractual clauses and supplementary measures where appropriate.

We apply technical and organisational measures proportionate to risk, including:

• communications protected by TLS;
• encryption of temporary credentials during processing;
• automatic cleanup of temporary credentials and codes at the end of the process;
• segregation by organisation and access policies;
• permission controls, operational monitoring and security records;
• signed URLs with limited validity for downloads where applicable.

Under the GDPR, you may exercise the rights of access, rectification, erasure, restriction, portability and objection, and withdraw consent where processing is based on consent.

For account and platform operation data, contact geral@pedirdocumentos.pt.

For documents or requests made by a company, you may also need to contact the company that requested the collection directly. If you contact PedirDocumentos about those requests, we may support the response or forward the request to the responsible company, because that company is responsible for the use of those documents and the relationship with its client.

You may lodge a complaint with the CNPD at www.cnpd.pt.

We use cookies and similar technologies needed for operation, authentication, security, session management, abuse prevention and essential preferences, including the preference for displaying the cookie notice.

At this time, we do not use analytics, advertising or marketing cookies. If we use non-essential cookies in the future, they will be subject to prior information and consent where required by law.

The platform is not intended to be used directly by minors. Companies and users must not request, enter or process data through the platform without legitimacy, authorisation or an appropriate legal basis.

This Policy may be updated to reflect legal, technical or operational changes. The current version will always be available on this page. Relevant changes may be communicated by reasonable means to registered users.

• Entity: Além do Código, Lda. (NIPC 518014088)
• Email: geral@pedirdocumentos.pt
• Phone: +351 967 015 157
• Address: Rua Dom Francisco Gomes, no. 4, 1st A, 8000-306 Faro, Portugal