Security & Compliance

Trust is not a feature. It is the foundation.

Dyvit was built to operate in one of the most regulated environments in the Brazilian financial market. Every security layer exists by design, not by retrofit.

LGPD AES-256 99.9% SLA Data in Brazil SOC 2 in progress
Regulatory compliance

Every regulatory layer. Implemented by default.

Not a checklist. It is the product architecture. Every regulation was built in from the first commit.

ACTIVE

LGPD

Explicit consent, opt-out at any stage, data portability and designated DPO. Data protection impact reports updated quarterly.

ACTIVE

BACEN & Open Finance

APIs compatible with the Open Finance BR ecosystem. Full transaction traceability and compliance with Central Bank regulations.

ACTIVE

CDC (Consumer Protection Code)

Contact only during permitted hours (9 AM to 6 PM, business days). Clear creditor identification, no coercive or abusive language. Configurable frequency.

IN PROGRESS

SOC 2 Type II

Audit underway. Expected: Q3 2026. Security, availability and confidentiality controls already implemented and continuously monitored.

ACTIVE

ANATEL

Real-time opt-out, do-not-disturb blocklist compliance. Every message includes a clear mechanism to cancel communications.

ACTIVE

BACEN Resolution 4.893

Documented cybersecurity policy, tested business continuity plan, structured incident response. Full compliance.

Security practices

8 layers of protection

From encryption at rest to the incident response plan, every layer was designed to protect your customers' data.

Technical
01

AES-256 encryption

Data encrypted at rest (AES-256) and in transit (TLS 1.3). Keys managed with automatic rotation.

02

Mandatory MFA

Multi-factor authentication on all admin panel access. SSO via SAML 2.0 available for Enterprise plans.

03

Periodic pentesting

Penetration tests conducted by specialized third parties every quarter. Critical vulnerabilities patched within 24 hours.

04

Least privilege

Granular role-based access control (RBAC). Each operator accesses only the data required for their role.

Infra & response
05

100% data in Brazil

All infrastructure operates in Brazilian data centers. No personal data leaves the country, in compliance with LGPD.

06

99.9% uptime SLA

Infrastructure with geographic redundancy, automatic failover and 24/7 monitoring. RTO < 4h and RPO < 1h.

07

Auditable logs

Immutable record of all system actions. 12-month retention with on-demand access for audits and investigations.

08

2-hour incident response

Dedicated response team with a 2-hour SLA for critical incidents. Proactive client communication and root cause report within 48 hours.

Data residency

Your data never leaves Brazil

All of Dyvit's infrastructure operates in data centers located within Brazilian territory. This is not just a preference: it is an architectural decision that ensures regulatory compliance and reduces latency for your users.

  • Servers in São Paulo with geographic redundancy within Brazil
  • Encrypted backups stored in a separate Brazilian region
  • No personal data processing outside the national territory
Responsible disclosure

Found a vulnerability?

We take security seriously and value the researcher community. If you have identified a vulnerability in our systems, please reach out through the secure channel below. We will respond within 48 hours.

security@dyvit.ai
Report vulnerability
Ready to get started?

Security you
can audit

Book a demo and see how Dyvit protects your customers' data at every stage of the collections process.

Book a demo View pricing
LGPD-compliant Data in Brazil AES-256 99.9% SLA