Connecting financial data to a tool is an act of trust — and, under Brazil’s General Data Protection Law (Law No. 13.709/2018, the LGPD), also an act with clear rules. Before authorizing any access, the question is not “is this secure?”. It is “what exactly will you do with my data, and what can I demand afterward?”. Here is an honest checklist for the small and medium business.
1. Is it read-only?
The first question separates two completely different classes of risk. Does the tool need to move your money or only read to expose the leak? Read-only mode eliminates the gravest risk: no one transfers, pays or moves your cash on your behalf. If the value proposition is diagnosis — not payment — there is no reason for the tool to have write permission.
2. Is the data encrypted and isolated?
Ask for encryption in transit (TLS) and at rest, and for per-company isolation: your data never visible to another customer of the same tool. Poorly built multi-tenancy is one of the most common causes of mass leaks — a single flaw exposes everyone at once. Isolation by design is what guarantees that one customer’s problem does not become everyone’s.
3. Is consent granular and revocable?
Here it pays to learn from Open Finance, regulated by the Central Bank of Brazil: consent must be free, informed, specific and, above all, revocable at any time, through a simple path. You should choose what to connect, with a declared purpose and scope, for a defined period — and be able to switch it off whenever you want, with an audit trail. Consent you cannot withdraw is not consent.
4. How do I exercise my rights (LGPD)?
Article 18 of the LGPD grants the data subject the right to access, correction, portability, blocking and deletion of data, as well as withdrawal of consent. In practice, this only counts if there is a real path to exercise it. Before connecting, ask for:
- the data protection officer (DPO) contact — which, by law, must be public;
- the deadline to respond to an access or deletion request;
- what happens to your data when you cancel the service.
5. Does the public surface touch the data?
A detail of architecture that few ask about and everyone should: the marketing site and the lead capture form must not have any access to the financial database. Separation by design — a static public surface, with no connection to the customer database — is what guarantees that a flaw on the site never gets near your cash.
How Chrysus helps
Chrysus was designed around these answers, not against them. Access is read-only: the platform reads to expose the leak, never moves your money. Data is encrypted in transit and at rest, and isolated per company. Consent is granular and revocable, with an audit trail, and the LGPD rights have an owner and a clear path. The institutional site is static and separate from the platform — the public surface does not touch the financial database.
Trust comes before the sale. Connect only after you have all of these answers — in writing.