HailBytes for Brazil

BRL invoicing through AWS Brasil or Microsoft do Brasil. Nota Fiscal Eletronica. LGPD-aligned posture. Portuguese-language commitments for enterprise engagements.

HailBytes ASM and HailBytes SAT are deployable by Brazilian customers today through AWS Marketplace and Azure Marketplace, with BRL invoicing handled by the hyperscaler's Brazilian operating entity. This page describes the recommended procurement path, the tax handling, the LGPD posture, and the language commitments HailBytes makes for Brazilian engagements.

Recommended Commercial Path

Purchase via the customer's existing AWS Brasil or Azure Brasil account using a marketplace private offer. The hyperscaler is the reseller of record.

AWS Marketplace (Brasil)

AWS Brasil, Amazon's CNPJ-registered Brazilian operating entity, is the reseller of record. AWS Brasil invoices the customer in BRL and issues the Nota Fiscal Eletronica. AWS Channel Partner Private Offers (CPPO) support negotiated pricing, multi-year commitments, and customer-specific terms while preserving the AWS billing pipeline.

  • BRL invoicing through AWS Brasil
  • Nota Fiscal Eletronica issued at the marketplace layer
  • EDP draw-down on every dollar the customer pays
  • CPPO supports partner-resell motions

Azure Marketplace (Brasil)

Microsoft do Brasil is the reseller of record. Microsoft do Brasil invoices the customer in BRL and issues the Nota Fiscal Eletronica. Azure Multiparty Private Offers (MPO) support negotiated pricing, multi-year commitments, and partner-routed deals while preserving the Microsoft billing pipeline.

  • BRL invoicing through Microsoft do Brasil
  • Nota Fiscal Eletronica at the marketplace layer
  • MACC draw-down on every dollar the customer pays
  • MPO supports partner-resell motions

Tax Handling

For marketplace-routed purchases, Brazilian indirect taxes are handled at the hyperscaler layer under the hyperscaler's established Brasil compliance. HailBytes is the upstream ISV; the customer's relationship is with AWS Brasil or Microsoft do Brasil.

  • ICMS (state VAT on goods and select services)
  • ISS (municipal services tax)
  • PIS / COFINS (federal social contributions)
  • Import of services (for the cross-border component, handled at the marketplace layer)

For direct (non-marketplace) HailBytes LLC contracts to a Brazilian customer, the standard export-of-services arrangement applies. HailBytes quotes a fixed BRL-equivalent for the contract term, locked at execution, with revaluation at renewal. No FX exposure on the HailBytes side under the marketplace path; under the direct path, FX exposure is contractually defined.

Data Residency in Brazil

AWS sa-east-1 (Sao Paulo)

HailBytes ASM deploys into the customer's own AWS account in the sa-east-1 region. Residency is verifiable from the customer's own CloudTrail log; HailBytes operates no cross-region replication of customer scan data.

Azure brazilsouth

HailBytes ASM deploys into the customer's own Azure subscription in the brazilsouth region. Residency is verifiable from the customer's own Activity Log; the same no-cross-region commitment applies.

Under HailBytes' Bring-Your-Own-Cloud (BYOC) posture, the customer's cloud account is the data-residency boundary. HailBytes does not operate a multi-tenant SaaS that would aggregate Brazilian customer data outside Brazil.

LGPD Posture

Encarregado (DPO) Designated

David McHale serves as HailBytes' Encarregado pelo Tratamento de Dados Pessoais (DPO) under LGPD Article 41. Direct contact: [email protected]. The Encarregado is also the named contact for GDPR Article 37 inquiries.

Cross-Border Transfers

Cross-border transfers are governed by Standard Contractual Clauses aligned to ANPD Resolucao CD/ANPD numero 19/2024. The HailBytes Data Processing Agreement covers the LGPD schedule.

BYOC Removes Most Transfer Surface

Because HailBytes ASM and HailBytes SAT deploy into the customer's own AWS sa-east-1 or Azure brazilsouth account, customer scan data does not transit HailBytes infrastructure and does not cross the Brasil border under the marketplace deployment path. The cross-border surface is limited to product update servers and the security-advisory pipeline.

Data Subject Rights

Under BYOC, the customer is the controller for their data subjects. HailBytes acts as operator (operador) for the limited operational metadata referenced in the DPA. Customer processes for atendimento ao titular (data subject rights fulfillment) run inside the customer's own deployment; HailBytes provides runbooks.

Portuguese-Language Commitments

For enterprise engagements in Brazil, HailBytes commits in writing to:

  • A Portuguese-speaking primary contact, sub-contracted via a regional channel partner where appropriate.
  • Portuguese-language delivery of written artifacts (DPA, runbooks, security advisories, incident notifications).
  • Portuguese-language joint reviews during the PoC kickoff, mid-PoC checkpoint, and closeout.

Product UI localization to Portuguese is on the 2026 roadmap. The internationalization framework is wired in product and the string catalog is in scope for Q3 2026 delivery. Until then, the product UI is English-only; Portuguese-language wrappers around findings reports and executive summaries are produced as part of the standard PoC and rollout deliverables.

Compliance Frameworks Mapped for LATAM

HailBytes ASM ships auditor-ready compliance reports for the following LATAM-relevant frameworks. The mapping covers how ASM findings map to each framework's controls; the report template is generated per scan run.

Brazil

  • LGPD (Lei Geral de Protecao de Dados)
  • BACEN (Banco Central financial-sector controls)

Mexico, Argentina

  • LFPDPPP (Mexico federal data-protection law)
  • Argentina Ley 25.326

US (SOC 2 CC7.x, NIST CSF 2.0, HIPAA, GLBA, PCI DSS 4.0, FedRAMP Moderate, NYDFS 500, CIS Controls v8) and global (ISO 27001, GDPR Article 32) frameworks are also shipped and apply equally to Brazilian customers whose end customers operate under those regimes.

Path for Partner-Routed Resale (Brasil)

For IBM Brasil-shape partners reselling HailBytes ASM into their own end-customer base, the marketplace path becomes a Channel Partner Private Offer (CPPO on AWS) or Multiparty Private Offer (MPO on Azure) under the partner's own marketplace account.

  • The partner lists under their own AWS Brasil or Azure Brasil account; end customers see the partner's brand.
  • HailBytes is upstream passthrough; the partner sets per-customer pricing and pockets the markup.
  • Per-tenant branding via BrandingSettings (logo, product name, footer, "Powered by" toggle, custom CSS) is configured per end customer.
  • Per-customer cost attribution at /billing/projects/ gives the partner a defensible per-customer invoice line.

Partners interested in the resale path should email [email protected] for the CPPO / MPO authorisation packet.

Related References