Por favor, leia atentamente a nossa política de privacidade. Esta política regula a sua utilização dos nossos serviços e do nosso website.
The protection of your privacy is fundamental to us. This Privacy Policy explains how we collect, use and protect your personal data in accordance with the General Data Protection Regulation (GDPR) — Regulation (EU) 2016/679 — and the applicable Portuguese legislation.
guito is operated by:
Luar Quieto — Unipessoal Lda NIPC: 518 823 830 Email: support@guito.pt Website: guito.pt
Contact for Proteção de Dados Matters: Email: support@guito.pt (Subject: "Proteção de Dados")
We may collect the following categories of personal data:
Important note: guito does not store banking credentials. The connection to bank accounts is made through certified PSD2-compliant providers, which use secure and encrypted connections.
We process your personal data on the basis of the following legal grounds set out in the GDPR:
| Purpose of Processing | Legal Basis (GDPR) | Article |
|---|---|---|
| Creation and management of a user account | Performance of a contract | Art. 6.º n.º 1 b) |
| Provision of guito's services | Performance of a contract | Art. 6.º n.º 1 b) |
| Payment processing (where applicable) | Performance of a contract | Art. 6.º n.º 1 b) |
| Web analytics and service improvement | Consent | Art. 6.º n.º 1 a) |
| Marketing communications (where applicable) | Consent | Art. 6.º n.º 1 a) |
| Fraud prevention and security | Legitimate interest | Art. 6.º n.º 1 f) |
| Responding to support requests | Legitimate interest | Art. 6.º n.º 1 f) |
| Compliance with legal obligations | Compliance with a legal obligation | Art. 6.º n.º 1 c) |
We use the data collected to:
We do not sell, rent or share your personal data with third parties for marketing purposes without your explicit consent.
We may share data with service providers acting on our behalf (processors), described by category in section 5.1, and, where legally required, with competent public authorities.
Our service providers only process the data strictly necessary to provide their respective services and are contractually prohibited from:
We rely on providers that process data on our behalf, subject to contractual data protection obligations, in the following categories:
Some of these providers are located outside the European Economic Area; in those cases, transfers are carried out under the safeguards described in section 6.
We may disclose personal data where:
In the event of a merger, acquisition, sale of assets or restructuring, personal data may be transferred, and the acquirer will be required to comply with this Privacy Policy.
Our database is hosted on servers located in the European Union (Paris, France).
Some of our processors are established outside the European Economic Area, including in the United States of America. In those cases, transfers are covered by the safeguards set out in those providers' data processing agreements, namely the Standard Contractual Clauses approved by the European Commission (Decisão de Execução (UE) 2021/914) and, where the provider is certified, the adequacy decision under the EU-US Data Privacy Framework.
You may request further information about these safeguards by contacting support@guito.pt.
We use strictly necessary cookies for essential application features, including:
Legal basis: Legitimate interest (provision of the contracted service) These cookies are essential and do not require prior consent.
We use Local Storage to temporarily store information on the user's device:
With your explicit consent, we use usage analytics tools to understand how to improve our service:
You may choose to disable these analytics at any time through the "Manage cookies" option, available in the site footer, without affecting the operation of the service.
Legal basis: Consent (GDPR Art. 6.º n.º 1 a)
With your explicit consent, we may use advertising conversion tracking technologies (Google Ads and Meta Pixel) to measure the effectiveness of our campaigns. This data is collected only with your prior consent and can be disabled at any time in the privacy settings.
When consent is granted, pseudonymised identifiers (such as the email address in encrypted/hashed form) may be shared with these advertising platforms for conversion attribution and the creation of lookalike audiences. This data is transmitted in encrypted form (SHA-256) and does not allow direct reading of the original information.
With your marketing consent, these technologies may use cookies and identifiers to measure conversions. Without that consent, they are not activated.
We retain your personal data only for the period necessary for the purposes for which it was collected, in accordance with the applicable legal obligations:
| Data Category | Retention Period | Basis |
|---|---|---|
| Active account data | While the account is active | Performance of a contract |
| Data following an account deletion request | Deleted after a short grace period to allow the request to be reversed | Reversibility of the request |
| Documents and records with tax relevance | Period required by law (generally 10 years) | Compliance with tax obligations |
| Documents uploaded for import (statements, invoices, brokerage files) | Automatically deleted approximately 30 days after upload | Data minimisation |
| Data subject to consent (analytics, advertising) | Until consent is withdrawn or in accordance with the respective providers' periods | Consent |
| Support communications | While necessary to resolve the request and comply with legal obligations | Legitimate interest |
| Privacy preferences | Kept locally on the device | N/A |
After the periods indicated, the data is deleted securely and irreversibly, or anonymised for statistical analysis.
In accordance with the GDPR, you have the following rights in relation to your personal data:
You may request confirmation as to whether we process your data and obtain a copy of it.
You may request the correction of inaccurate or incomplete data.
You may request the deletion of your data where:
You may request the temporary restriction of processing in certain circumstances.
You may request to receive your data in a structured, commonly used and machine-readable format, and to transmit it to another controller, by contacting us at support@guito.pt.
You may object to the processing of your data based on legitimate interest, including for direct marketing purposes.
Where processing is based on consent, you may withdraw it at any time, without affecting the lawfulness of the processing carried out previously.
You have the right to lodge a complaint with the supervisory authority.
To exercise any of the rights above, you may:
We will respond to your request within 1 month (extendable up to 3 months in complex cases).
You may manage your analytics preferences at any time:
The withdrawal of consent does not affect the lawfulness of the processing carried out previously and does not impair the operation of the service.
To completely remove the data stored locally on your device:
Cookies:
Local Storage:
You may manage your notification preferences in the application settings or through the unsubscribe links included in emails.
We adopt appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure or destruction, including:
Our main service providers maintain security certifications relevant to the respective services provided, including international information security management standards and security controls.
Your financial data benefits from various protection measures:
Encryption: Data is transmitted through encrypted connections (HTTPS/TLS) and stored on infrastructure with disk-level encryption. Access credentials for banks and brokerages are additionally encrypted in the database.
Data separation: Your identification information (name and email) is stored separately from your financial data. Financial data is linked only through internal identifiers, limiting exposure in the event of an incident.
Access controls: We implement database-level security controls that ensure each user can only access their own data through the application. All access to the systems is controlled and logged.
Sensitive data: Information such as IBANs is not stored in full — we keep only the first four and last four characters for identification.
In the event of a personal data breach:
guito is intended for users aged 16 years or older and does not intentionally collect personal data from minors under 16 years of age.
If you use guito, you are at least 16 years of age, or you have authorisation from a holder of parental responsibility.
If you become aware or suspect that we have collected data from a minor under 16 years of age without appropriate consent, please contact us at support@guito.pt. We will proceed to delete that data, except where the law requires its retention.
guito does not make automated decisions that produce legal effects or significantly affect the user, based solely on the automated processing of data (GDPR Art. 22.º).
The artificial intelligence feature may:
The user may review, correct or replace these suggestions at any time. We do not make automated decisions regarding:
guito provides an artificial intelligence (AI) feature to support and interact with users. This feature is provided through a third-party artificial intelligence provider, subject to contractual data protection obligations.
The messages and commands sent by the user to the AI may, voluntarily, contain:
guito offers an automatic transaction import feature powered by artificial intelligence, which allows:
During this process:
This data is processed in accordance with this Privacy Policy and the terms of service of our artificial intelligence provider.
The processing of data by the AI feature is subject to strict contractual agreements with our providers, which include:
When using the AI feature, the user may choose to:
We recommend that the user:
The history of your conversations with the assistant is stored by us, at guito, so that you can consult it later. The artificial intelligence provider processes the messages only to generate the response and does not use them to train its models.
We may update this Privacy Policy from time to time to reflect changes in our services, data processing practices or legal obligations.
Changes are published on this page, with the revision date updated at the end. We encourage you to review it periodically.
For material changes that affect your rights or how we process your data, we will notify registered users by email, with reasonable advance notice, before the change takes effect. Where the law requires it, we will ask for your consent.
Continued use of guito after the changes take effect implies acceptance of the revised Policy.
You have the right to lodge a complaint with the supervisory authority competent in matters of personal data protection:
Comissão Nacional de Proteção de Dados (CNPD) Website: www.cnpd.pt Email: geral@cnpd.pt Telephone: +351 213 928 400 Address: Av. D. Carlos I, 134, 1.º, 1200-651 Lisboa, Portugal Opening Hours: Monday to Friday, 09h30 — 12h30 | 14h00 — 17h00
You may also lodge a complaint with the supervisory authority of the EU country where you habitually reside or work, or where the alleged infringement occurred.
For any questions relating to this Privacy Policy, data protection or the exercise of your rights, please contact us at:
Email: support@guito.pt Suggested subject: "Privacidade e Proteção de Dados"
We will respond within a maximum of 1 month from receipt of the request.
This Privacy Policy is governed by:
Última revisão: June 3, 2026