O Xooriq é uma alternativa ao Apollo.io?

Sim. Cobre prospecção B2B (Google Maps + email finder + monitoramento) a partir de R$597/mês, versus US$2.500/mês médio Apollo. LGPD nativo + CNPJ Brasil.

O Xooriq é LGPD-compliant?

Sim. Processamento de dados B2B públicos sob LGPD com legítimo interesse e opt-out automático.

Quanto custa um crédito extra?

R$0,09 por crédito acima do limite do plano.

Sim, free tier com 100 leads/mês sem cartão de crédito.

Em quais regiões opera?

8 regiões com paridade de poder de compra: Brasil, USA, Índia, EU, Reino Unido, México, Japão, Austrália.

Quem é a empresa por trás do Xooriq?

Xooriq é um produto da Central Fox Tecnologia, mesma empresa do FOX NF-e (emissor fiscal para SaaS brasileiros em foxnfe.com.br) e da plataforma de IA para e-commerce em centralfox.online.

Is Apollo.io legal in Brazil under LGPD?

Apollo operates under legitimate interest (LGPD Art. 7, IX), but ANPD has not issued specific jurisprudence on international B2B data brokers. The real risk: Brazilian employee data scraped from LinkedIn without consent may violate Art. 7 + Art. 18 (right to object). In 2025 France's CNIL fined KASPR (direct competitor) €240,000 for identical practice — ANPD can replicate.

What fines has ANPD applied in 2024-2025?

ANPD has applied fines ranging from R$14,401 (Telekall) to R$14.4M per violation. Companies like Atacadão, OLX, and Inep have received notices. The ceiling is 2% of revenue (capped at R$50M per infraction). In 2025 ANPD intensified data broker enforcement.

Why is Xooriq LGPD-compliant by design?

Xooriq uses only public Brazilian sources (CNPJ, Receita Federal, BNDES, company institutional websites) under B2B prospecting legitimate interest (Art. 7, IX). 24h opt-out via paulo@centralfox.online, Fernet AES-128 at-rest encryption, and DPA ready for Enterprise customers. We NEVER scrape LinkedIn, personal profiles, or direct contact data.

What is legitimate interest in LGPD Art. 7, IX?

Art. 7, IX permits processing personal data without consent when there's controller legitimate interest. For B2B prospecting, the balancing test requires: (1) legitimate purpose — generating leads for Brazilian software sales; (2) necessity — no less invasive alternative; (3) reasonable expectation — professional whose role is on company public page expects commercial outreach. Xooriq documents each balancing test.

How does opt-out work at Xooriq?

Email to paulo@centralfox.online with subject 'LGPD Opt-Out' and full name + company CNPJ. We process within 24 hours (LGPD Art. 18 requires 15 days response — we deliver 15× faster). No justification required, no fee, no retention attempt. Contact is deleted from ALL historical snapshots, not just current database.

LGPD and B2B Lead Generation in Brazil: the 2026 guide to compliance

1. The €240,000 KASPR case

In 2025, France's CNIL fined KASPR — Apollo's direct competitor in Europe — €240,000 for mass scraping LinkedIn profiles without consent. KASPR claimed legitimate interest (GDPR Art. 6(1)(f) — same as LGPD Art. 7, IX). CNIL rejected:

No documented balancing test — KASPR couldn't prove commercial interest outweighed subject rights
No effective opt-out channel — LGPD Art. 18 requires 15-day response
Data minimization breach — LGPD Art. 6, III principle

Apollo does all three. Source: CNIL.fr.

2. ANPD 2024-2025 enforcement evolution

Telekall — R$14,401 for irregular employee data processing
OLX — notice for undue advertising partner sharing
Atacadão — facial image without consent at entrance
Inep — ENEM leak (2.5M records exposed)

Ceiling is 2% of revenue, capped at R$50M per infraction. For Apollo using Brazilian employee data at scale, financial exposure is real.

3. LGPD Art. 7: legitimate interest in practice

Art. 7 lists 10 legal bases. IX — legitimate interest is the only one that waives explicit consent but requires documented balancing test:

Xooriq balancing test (3 steps)

1. Legitimate purpose: generate B2B leads for Brazilian SaaS — legal economic activity
2. Necessity: public CNPJ + institutional pages are the least invasive source
3. Reasonable expectation: public role on corporate site creates B2B outreach expectation

Apollo does not document a Brazilian balancing test — exposed to the same CNIL/KASPR decision.

4. Apollo's 6 risk vectors in Brazil

LinkedIn scraping — same practice that fined KASPR. Apollo scrapes 275M+ profiles including Brazilians.
Generic DPA — Apollo DPA is GDPR-focused, doesn't mention ANPD or LGPD Art. 7 IX
Unilateral opt-out — has opt-out but no documented 15-day SLA
No Brazil representative — LGPD Art. 5, VIII requires representative for foreign companies. Apollo doesn't declare.
International transfer — Brazilian data goes to US servers without ANPD standard clauses
No balancing test — same as KASPR case

5. Xooriq: LGPD-by-design

LGPD requirement	Apollo.io	Xooriq
Brazil rep (Art. 5, VIII)	❌ Not declared	✅ Central Fox Tecnologia ME
Documented balancing test	❌ Not public	✅ Published /docs/lgpd
15-day opt-out (Art. 18)	⚠️ No SLA	✅ 24h
At-rest encryption	⚠️ Undocumented	✅ Fernet AES-128 + HMAC SHA-256
Sources: LinkedIn vs public	❌ Mass LinkedIn	✅ Only CNPJ + institutional
International transfer	❌ US no ANPD clauses	✅ Brazil servers (Contabo SP)

6. Verified sources

Migrate to Xooriq in 30 minutes

13.3M Brazilian CNPJs · LGPD-by-design · $89/month · 24h opt-out · DPA ready.

See Apollo → Xooriq migration guide