Privacy Notice / USA
Date: April 2025
PRIVACY NOTICE
THIS IS THE PRIVACY NOTICE OF THE DLOCAL GROUP COMPANIES operating WITHIN THE United States of America
Your privacy is very important to us. We are committed to the protection of your Personal Information, and the purpose of this Privacy Notice is to inform you about the way we process your Personal Information, including references to which data we process, how, why, and for how long, together with information about your rights as a Data Subject.
This Privacy Notice sets out the basis on which any Personal Information we collect from you, or that you provide to us, will be processed by us. This Privacy Notice also sets out how you can instruct us if you prefer to limit the use of that Personal Information, as well as the procedures that we have in place to safeguard your privacy.
It is important that you read this Privacy Notice together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing Personal Information about you so that you are fully aware of how and why we are using your Personal Information. This Privacy Notice supplements the other notices and is not intended to override them.
PLEASE READ THIS PRIVACY NOTICE CAREFULLY BEFORE USING THE SERVICE. USING THE SERVICE INDICATES THAT YOU CONSENT TO THIS PRIVACY NOTICE IN FULL. IF YOU DO NOT CONSENT TO THIS PRIVACY NOTICE, DO NOT USE THE WEBSITE OR MERCHANT DASHBOARD. By consenting to this Privacy Notice, you consent to receive notifications regarding security incidents to the email address we have on file for you.
1. IMPORTANT INFORMATION
The dLocal group consists of several legal entities and provides its services to Customers via different entities (“Affiliates”).
Each of these dLocal Entities are separate data controllers but are collectively referred to in this Privacy Notice as “dLocal,” "we" or “our” or “us.”
Individuals from whom we collect Personal Information (the “Data Subjects”)
In this Privacy Notice, “you” or “your” means an individual who is the subject of Personal Information we process as a data controller, which would typically be: (i) the visitors of our website atwww.dlocal.com (our “Website”); (ii) the representatives of merchants and other payment providers (our “Customers”) who interact with us and access our Merchant Dashboard to receive our payment processing services; (iii) representatives of third party service providers who interact with us to fulfil their contractual obligations with us.
In this Privacy Notice, “Data Protection Laws” means all state or federal laws, statutes, regulations, rules, executive orders, directives, or other official guidance or releases, relating to data protection, privacy, data security, electronic communications, or data incidents that are then in effect and applicable to us. Data Protection Laws may include, without limitation: the Payment Card Industry Data Security Standards (“PCI-DSS”) and Cal. Civ. Code §§ 1798.80 et seq., 1798.100 et seq. and 11 CCR § 999.300 et seq. (“CCPA”). Legal terms related to data protection used in this Privacy Notice follow the definitions provided in the Data Protection Laws.
2. THIRD PARTIES
This Privacy Notice does not apply to information processed by third parties, for example, when you visit a third-party website or interact with third-party sites, except to the extent those parties collect or process Personal Information on our behalf. Third parties include Customers operating dLocal products and services. Please review any relevant third party’s privacy notice for information regarding its privacy practices.
3. CATEGORIES AND SOURCES OF PERSONAL INFORMATION
The following describes how we process data relating to identified or identifiable individuals and households (“Personal Information”).
A. Categories of Personal Information We Process
We may process the following categories of Personal Information:
- Identity Data includes first name, last name, username, ID document number;
- Contact Data includes, contact details including billing address, delivery address, email address and telephone numbers;
- Biographical Data includes Data relating to professional and employment history, qualifications, and similar biographic information.
- Technical Data includes your internet protocol (IP) address, your login data, Google Analytics ID, internet browser and device type, time zone setting, location data and your use of our website, including which pages you visited, how you got to our Website, the time and length of your visit and your language preferences;
- User Content includes unstructured/free-form data that may include any category of Personal Information, e.g., data that you give us in free text fields such as comment boxes; and
- Sensitive Personal Information Personal Information deemed “sensitive” under California or other laws. We collect the following categories of Sensitive Personal Information:
- “Payment Data” Information such as bank account details, payment card information, fiscal information, and similar data protected as Sensitive Data under applicable law, and relevant information in connection with a financial transaction.
- “Account Log-in Data” Information such as account log-in username or email in combination with any required security or access code, password, or credentials allowing access to an account.
B. Sources of Personal Information We Process
We collect Personal Information from various sources, which include:
- Directly from you - We receive Personal Information when you provide it to us, when you purchase our products or services, when you complete a transaction, or when you otherwise use our Website or Merchant Dashboard.
- Automatically - We collect Personal Information about or generated by any device used to access our Website or Merchant Dashboard.
- From Service Providers - We receive Personal Information from service providers performing services on our behalf.
- We create or infer - We may create and infer aggregated and anonymized data about use of our Website, statistical or demographic data, and other similar information (“Aggregated Data”) for any purpose. NOTE: Aggregated Data could be derived from your Personal Information but is not considered Personal Information under Data Protection Laws as this data will not directly or indirectly reveal your identity. For example, we may aggregate Technical Data to calculate the percentage of users accessing a specific portion of the Website or Merchant Dashboard feature.
4. DATA PROCESSING CONTEXTS / NOTICE AT COLLECTION
A. Website and Merchant Dashboard
I. General Use
We process Technical Data when you browse on our Website or our payment processing service platform (“Merchant Dashboard”). We use this data to make sure our Website and Merchant Dashboard work properly. This includes debugging, mitigating DDOS, improving the user experience, and performing statistical analyses for optimizing the quality of our Website and Merchant Dashboard.
We use cookies to store and collect information about your use of our Website. Cookies are small files stored by the browser on your equipment. They send information stored on them back to our web server when you access our Website or Merchant Dashboard. These cookies enable us to put in place personal settings, to load your personal preferences, to improve your experience, and for other purposes. Please see our Cookies PolicyHERE for further details.
II. Merchant Dashboard
We process Identity Data and Contact Data when you create a Customer user account on our Merchant Dashboard to receive our services. We process Payment Data if you associate payment information with your account. We may also collect Sensitive Personal Information, such as Account Log-in Data when you log-in to the Merchant Dashboard. We use this Personal Information to provide you with an interface though which you can check the payments received, issue refunds, give payment instructions, and for our Business Purposes. We may process Identity Data and Contact Data for Online Advertising.
B. Applying for or enquiring about our products or services
I. Due Diligence
When you apply to become a Customer or a vendor of dLocal, we require that you provide Personal Information. For regulatory reasons, we may collect Identity Data and Contact Data, including name, postal address, telephone number, and email address to fulfill our financial partner and regulatory requirements. We may collect Biographical Data, such as your ownership interest in a company or your status of director or officer. We may also collect Sensitive Personal Information, such as Payment Data and Account Log-in Data. We use this Personal Information to conduct due diligence about you at the onboarding stage and as part of the re-screening process, or to maintain and track contractual arrangements with vendors.
II. Background Checks and Fraud Prevention
We may receive Personal Information about you from third parties and public sources, when we perform background checks, fraud prevention checks, ID checks and other “Know Your Customer” checks we need to perform about our Customer’s representatives to comply with applicable financial services standards and requirements and to comply with applicable laws and regulations.
C. Interacting with us in connection with our services or our relationship with the Customer you represent
We collect and process Identity Data, Contact Data, and User Content when you contact us, e.g., via email, or for support. We process this Personal Information to provide support, respond to your request, and communicate with you, as appropriate, and for our Business Purposes.
D. Marketing Communications
If you consent or if permitted by law, we may use Identity Data and Contact Data to send you marketing communications. We process Contact Data and Technical Data when you subscribe to our newsletter, in connection with marketing emails or similar communications, and when you open or interact with those communications. You may receive marketing communications if you consent and, in some jurisdictions, you may receive email marketing communications as a result of account registration or a purchase.
We process this Personal Information to contact you about relevant products or services and for our Business Purposes. We may use this data for Online Advertising. Marketing communications may also be personalized as permitted by applicable law but will not involve Online Advertising where users have opted out or not provided legally required consents. See your Rights & Choices to limit or opt out of this processing.
5. Processing Purposes
A. Business Purposes
We and our service providers process Personal Information we hold for numerous business purposes, depending on the context of collection, your Rights & Choices, and our business interests. We generally process Personal Information for the following “Business Purposes:”
- To provide the services you request from us;
- To verify your identity or conduct appropriate checks for credit worthiness or fraud;
- To understand your needs in order to provide you with the products and services you require;
- To administer and manage our services, including account creation, billing for the services provided, and debt collection;
- To provide customer service;
- To distribute information, newsletters, publications, and other communication via various media to keep you informed;
- To research and develop new product offerings and services;
- To manage and conduct our business and the services we provide to our Customers;
- To make sure our website works properly, including debugging, delivering its content, mitigating DDOS, improving our Website, and performing analyses;
- To undertake activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by dLocal, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by dLocal;
- To detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, and prosecute those responsible for that activity;
- To provide advertising or marketing services;
- To provide analytic services;
- To provide you with personal offers tailored to your needs and customizing what we show you to your preferences;
- To identify trends, including to create Aggregated Data. Aggregated Data that does not contain Personal Information is not subject to this Privacy Notice;
- To undertake internal research for technological development and demonstration;
- To effectively communicate with third parties; and
- As required or authorized by applicable law.
B. Online Advertising
We engage in online advertising, which may be a sale, “sharing” of Personal Information, or “targeted advertising” under applicable law (“Online Advertising”). Online Advertising involves third parties and service providers, including third party data controllers, engaged in the processing of Personal Information to deliver and tailor ads you see. These third party vendors, including Google, may use cookies and/or device identifiers to collect Personal Information such as unique IDs, IP addresses, device information, OS/browser type, and other similar data, as well as information about your visits to our Website and the ads you see and view to develop and assess aspects of a profile about you, to deliver more relevant advertisements and offers, and to determine whether and how ads you see are effective. These third parties then show our ads on sites across the internet, using cookies and/or device identifiers to serve ads based on your past visits to our Website. These third parties may augment your profile with demographic and other preferences data derived from these observations, and may also track whether you view, interact with, or how often you have seen an ad, or whether you complete a purchase for goods or services you were shown in an advertisement. These parties may be able to identify you across sites, devices, and over time. You can control how these third parties use your data, and the ads you see on these platforms, using the tools described in the Rights and Choices section below.
To learn about the specific providers we use for these services, Please see our Cookies PolicyHERE, or contact us.
6. WHEN WE MAY DISCLOSE PERSONAL DATA
Your information may, for the purposes set out in this Privacy Notice, be disclosed for processing to:
- Our employees and our affiliates and their employees. For instance, dLocal will share your information with other dLocal affiliates in connection with providing our services or when such affiliates provide support services to dLocal;
- Our third-party consultants, (sub-)contractors, suppliers, or other service providers who may access your Personal Information when providing services to us (including but not limited to IT support services). (This includes information technology experts who design and host our Website and Merchant Dashboard and general service companies);
- Auditors, contractors, or other advisers auditing, assisting with, or advising on any of our business purposes;
- Analytics and search engine providers that assist us in the improvement and optimization of our Website and Merchant Dashboard;
- Our successors in title, prospective sellers or buyers of our business, or our Affiliates when we have a merger, re-organization, or other corporate transaction;
- Government bodies and law enforcement agencies and in response to other legal and regulatory requests;
- Any third-party where such disclosure is required to enforce or apply our Website Terms or other relevant agreements; and
- To protect the rights, property, integrity, or security of our company, our Customers, or others (including, without limitation, you). This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.
7. INTERNATIONAL TRANSFERS
dLocal serves customers globally. Accordingly, your Personal Information may be shared with other dLocal Affiliates outside of the U.S., when this is necessary for the purposes mentioned in this Privacy Notice. These countries include the countries in which we have operations. It also includes the countries in which some of our service providers are located.
8. WHAT HAPPENS IF YOU DON’T PROVIDE THE REQUESTED PERSONAL Information
If we are unable to collect Personal Information from or about you, or if the Personal Information provided is incomplete or inaccurate, dLocal may not be able to assist you, including providing the products or services you are seeking, providing support, or assisting you with your queries.
YOUR RIGHTS & CHOICES
You may have certain rights and choices regarding the Personal Information we process. Please note, these rights may vary based on the state in which you reside and our obligations under applicable law.
A. Your Rights
You may have certain rights and choices regarding the Personal Information we process. See the following section for information regarding your rights/choices in specific regions:
- U.S. States/California
To submit a request, contact us. We verify your identity in connection with most requests, as described below.
B. Verification of Rights Requests
If you submit a request, we typically must verify your identity to ensure that you have the right to make that request, to reduce fraud, and to ensure the security of Personal Information. If an agent is submitting the request on your behalf, we reserve the right to validate the agent’s authority to act on your behalf.
We may require that you match Personal Information we have on file to adequately verify your identity. If you have an account, we may require that you log into the account to submit the request as part of the verification process. We may not grant access to certain Personal Information to you if prohibited by law.
C. Your Choices
I. Marketing Communications
You can withdraw your consent to receive marketing communications by clicking on the unsubscribe link in an email (for email), or for other communications, by contacting us using the information below. To opt-out of the collection of information relating to email opens, configure your email so that it does not load images in our emails.
II. Withdrawing Your Consent/Opt-Out
You may withdraw any consent you have provided at any time by sending an email to dpo_usa@dlocal.com. The consequence of your withdrawing consent might be that we cannot perform certain services for you, such as location-based services, personalizing or making relevant certain types of advertising, or other services conditioned on your consent or choice not to opt-out.
III. Cookies
If you do not want information collected through cookies, you can manage/deny cookies (and certain technologies) using your browser’s settings menu or our "Cookie Settings" page. You may need to opt out of third-party services directly via the third party. For example, to opt-out of Google’s analytic and marketing services, visitGoogle Analytics Terms of Use, theGoogle Policy, orGoogle Analytics Opt-out. You can find out more about cookies at www.allaboutcookies.org, and more about the cookies we use in our “Cookies Policy” available on our WebsiteHERE.
Opt-Out Preference Signal/Global Privacy Control (GPC)- Our Website may support certain automated opt-out controls, such asGlobal Privacy Control (“GPC”). GPC is a specification designed to allow Internet users to notify businesses of their privacy preferences, such as opting out of the sale/sharing of Personal Information. To activate GPC, users must enable a setting or use an extension in the user’s browser or mobile device. Please review your browser or device settings for more information regarding how to enable GPC.
Please note: We may not be able to link GPC signals to your Personal Information in our systems, and as a result, some sales/sharing of your Personal Information may occur even if GPC is active. See the “U.S. States/California” section below for more information regarding other opt-out rights.
Do Not Track - Our Website does not respond to your browser’s do not track signal.
10. SECURITY OF PERSONAL Information
The Internet is not a secure medium. However, we have put in place a range of security procedures, as set out in this Privacy Notice. Where you have been allocated a profile in the Merchant Dashboard, this area is protected by your username and password, which you should never divulge to anyone else.
Please be aware that communications over the Internet, such as emails, are not secure unless they have been encrypted. Your communications may route through a number of countries before being delivered. This is the nature of the Internet. WE CANNOT ACCEPT RESPONSIBILITY FOR ANY UNAUTHORIZED ACCESS OR LOSS OF PERSONAL INFORMATION THAT IS BEYOND OUR CONTROL.
We will use reasonable endeavors to implement appropriate policies, rules, and technical measures to protect the Personal Information that we have under our control (having regard to the type and amount of that data) from unauthorized access, improper use or disclosure, unauthorized modification, unlawful destruction, or accidental loss.
We will not disclose your Personal Information to government institutions or authorities except if required by law (e.g., when requested by regulatory bodies or law enforcement organizations in accordance with applicable legislation).
11. CHILDREN
Our Website is neither directed at nor intended for use by persons under the age of sixteen (16). We do not knowingly collect information from such individuals. If we learn that we have inadvertently done so, we will promptly delete such Personal Information if required by law. Do not access or use our Website if you are not of the age of majority in your jurisdiction unless you have the consent of your parent or guardian.
12. HOW LONG WE KEEP PERSONAL Information
We retain your Personal Information for as long as you have agreed to it or when is necessary to us to provide you with our services or fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements. What is necessary may vary depending on the context and purpose of processing. We generally consider the following factors when we determine how long to retain Personal Information (without limitation):
- Retention periods established under applicable law;
- Industry best practices;
- Whether the purpose of processing is reasonably likely to justify further processing;
- IT systems design considerations/limitations; and
- .
We will review retention periods periodically and may pseudonymize or anonymize data held for longer periods.
13. CHANGES
We reserve the right to amend or edit this Privacy Notice from time to time to reflect changes in dLocal’s business or practices, and we encourage you to review this Privacy Notice periodically. We may change the Privacy Notice at any time by posting the changed Privacy Notice on the dLocal website. If the changes are material, we will include a notice on the dLocal website homepage indicating that a change has been made.
Due to changes in the law or in our business, from time to time, we may need to process your Personal Information for additional purposes beyond those set out above. In such case, we will either update this Privacy Notice or issue a dedicated privacy notice covering the specific occasion, depending on what is most appropriate in the circumstances.
PLEASE READ THIS PRIVACY NOTICE CAREFULLY BEFORE USING THE SERVICE. USING THE SERVICE INDICATES THAT YOU CONSENT TO THIS PRIVACY NOTICE IN FULL. IF YOU DO NOT CONSENT TO THIS PRIVACY NOTICE, DO NOT USE THE WEBSITE OR MERCHANT DASHBOARD. By consenting to this Privacy Notice, you consent to receive notifications regarding security incidents to the email address we have on file for you.
14. CONTACT DETAILS
We have appointed a data protection officer (DPO) who is responsible for overseeing questions in relation to this Privacy Notice. If you have any questions about this Privacy Notice, including any requests to exercise your legal rights, please contact us at by email: dpo_usa@dlocal.com
15. REGIONAL SUPPLEMENTS
A. Scope
This section applies to individuals located in California and other U.S. states with comprehensive state privacy laws that are applicable to dLocal.
B. U.S. State & California Privacy Rights
Under the California Consumer Privacy Act and other state privacy laws, residents of certain U.S. states may have the following rights, subject to regional requirements, exceptions, and limitations. Note: certain requests, e.g., deletion, opt-out, or limit the use or disclosure of Sensitive Personal Information may affect your ability to use our Website and Merchant Dashboard.
Confirm- Right to confirm whether we process your Personal Information.
Access/Know- Right to request any of following: (1) the categories of Personal Information we have collected, sold/shared, or disclosed for a commercial purpose; (2) the categories of sources from which your Personal Information was collected; (3) the purposes for which we collected or sold/shared your Personal Information; (4) the categories of third parties to whom we have sold/shared your Personal Information, or disclosed it for a business purpose; and (5) the specific pieces of Personal Information we have collected about you.
Portability- Right to request that we provide certain Personal Information in a common, portable format.
Deletion- Right to delete certain Personal Information that we hold about you.
Correction- Right to correct certain Personal Information that we hold about you.
Opt-Out (Sales, Sharing, Targeted Advertising, Profiling)- Right to opt-out of the following:
- If we engage in sales of data (as defined by applicable law), you may direct us to stop selling Personal Information.
- If we engage in Targeted Advertising (aka “sharing” of Personal Information for cross-context behavioral advertising,) you may opt-out of such processing.
- If we engage in certain forms of “profiling” (e.g., profiling that has legal or similarly significant effects), you may opt-out of such processing.
Opt-out or Limit Use and Disclosure of Sensitive Personal Information- Right to opt-out of the processing of certain Sensitive Data, or request that we limit certain uses of Sensitive Personal Information. This right does not apply in cases where we only use Sensitive Personal Information where necessary, or for certain business purposes authorized by applicable law.
Non-Discrimination- California residents have the right to not receive discriminatory treatment as a result of their exercise of rights conferred by the CCPA.
List of Direct Marketers- California residents may request a list of Personal Information we have disclosed about you to third parties for direct marketing purposes during the preceding calendar year.
Remove Minors’ User Content- California residents under the age of eighteen (18) can delete or remove posts using the same deletion or removal procedures described above, or otherwise made available through the Website. If you have questions about how to remove your posts or if you would like additional assistance with deletion, contact us using the information below. We will work to delete your information, but we cannot guarantee comprehensive removal of that content or information posted through the Website.
C. Submission of Requests
You may submit requests by using this FORM (please review our verification requirements section). If you have any questions or wish to appeal any refusal to take action in response to a rights request, contact us at dpo_usa@dlocal.com. We will respond to any request to appeal within the period required by law.
D. Categories of Personal Information Disclosed for Business Purposes
For purposes of the CCPA, we have disclosed to Service Providers for Business Purposes (as described in Section 5 above) in the preceding 12 months the following categories of Personal Information, to the following categories of recipients:
Category of Personal Information | Category of Recipients |
Identity Data Contact Data Biographical Data Technical Data Profile Data User Content | Affiliates, Service Providers, Auditors, Analytics, Successors, Government Bodies, Required Disclosure, Legal Disclosure/Fraud Protection |
Payment Data | Affiliates, Service Providers, Legal Disclosure/Fraud Protection |
E. Categories of Personal Information Sold, Shared, or Disclosed for Commercial Purposes
For purposes of the CCPA, we have “sold” or “shared,” in the preceding 12 months, the following categories of Personal Information to the following categories of recipients:
Category of Personal Information | Category of Recipients |
Marketing and Communications Data Technical Data | Service Providers, Analytics |
F. Categories of Sensitive Personal Information Used or Disclosed
For purposes of CCPA, we may use or disclose the following categories of Sensitive Personal Information: Payment Data, and Account Log-in Data. However, we do not sell or share Sensitive Personal Information or use it for purposes other than those listed in CCPA section 7027(m).
G. Your California Privacy Rights
Section 1798.83 of the California Civil Code permits California residents to request from a business, with whom the California resident has an established business relationship, certain information about the types of Personal Information the business has shared with third parties for those third parties’ direct marketing purposes and the names and addresses of the third parties with whom the business has shared such information during the immediately preceding calendar year. California residents may make one request each year by emailing us at dpo_usa@dlocal.com
H. Your Nevada Privacy Rights
The Nevada Revised Statutes (NRS 603A.300 et seq.) permit a Nevada consumer to direct an operator of an Internet website or online service to refrain from making any sale of any covered information the operator has collected or will collect about that consumer. You may submit a request pursuant to this directive by emailing us at dpo_usa@dlocal.com. We will provide further information about how we verify the authenticity of the request and your identity.
