Cybersecurity Risk Management and Strategy Disclosure	12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Abstract]
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]	Risk Management and Strategy We consider cybersecurity and information security at the highest strategic level. Our cybersecurity risk management strategy is designed to detect, prevent, monitor and respond to security incidents, minimize unavailability, protect integrity of data and prevent data leakage. We have adopted various processes for the assessment, identification and management of risks arising from cybersecurity threats, which are documented in our Corporate Information Security and Cyber Security Policy, available at our Investor Relations website, which is not incorporated by reference into this annual report. For more information on cybersecurity risks, see “Item 3D. Risk Factors - Business Operations - Failure to adequately protect ourselves against risks relating to cybersecurity could materially adversely affect us.” We have a cybersecurity department that is responsible for monitoring our technological environment and for assessing any threats and alerts relating to cybersecurity 24/7. Once the cybersecurity department identifies a cybersecurity incident, it classifies the incident as material or not based upon internal guidelines, as described in the Information Security and Cybersecurity Incident Response Plan (Plano de Tratamento de Incidentes de Segurança da Informação e Cyber Security), prepared by our cybersecurity department and approved by our board of directors, which consider, among other matters, the impact of the cybersecurity incidents on our financial system and whether there is evidence that any customer or general public information has been exfiltrated. Upon the determination that a material cybersecurity incident has occurred and that such an incident may materially damage the individuals whose personal information has been exfiltrated, the cybersecurity department is required to report the incident to the audit committee as well as to notify the relevant Brazilian authorities and those individuals implicated. In the event of a cybersecurity incident affecting personal information of our employees, the cybersecurity department reports to the inspectorate for joint action. The cybersecurity department is led by our CSO. Adriano Cabral Volpini, our CSO since 2012. For further information on Mr. Volpini’s credentials, see “Item 6A. Directors and Senior Management - Board of Officers and Members of our Audit Committee".” Our cybersecurity processes have been comprehensively integrated into our risk management system and strategy. Our cybersecurity department prepares an annual cybersecurity report outlining cybersecurity incidents if any, actions taken to respond to those incidents and measures adopted to prevent cybersecurity incidents from occurring. This annual cybersecurity report is presented to the risk committee, the audit committee and the board of directors to ensure compliance with regulatory requirements in Brazil. We also conduct, on a continuous basis, stress tests to our cybersecurity infrastructure and environment to identify potential weaknesses and improve our controls and procedures. In addition, we roll out awareness campaigns and/or trainings periodically for our employees and, every 2 years, we conduct mandatory training on cybersecurity matters for our employees, the cybersecurity department, executive management and the board of directors. For further information on the expertise of our board members in cyber-related matters, see “Item 6A. Directors and Senior Management - Board of Officers and Members of our Audit Committee.” As part of our risk management strategy, we contract cybersecurity companies and auditing firms with industry recognized expertise on cybersecurity matters to assess our cybersecurity controls and procedures annually. Those consultants and auditing firms conduct independent penetration tests and suggest improvements to our overall procedures, if any. In 2011 and 2021 we obtained the ISO 27001 and ISO 27701 certificates, respectively. ISO 27001 is an international standard to manage information security while ISO 27701 is the international standard for privacy information management. This additional layer of surveillance by independent consultants and auditing firms, together with the ISO 27001 and ISO 27701 certificates, represent our commitment to adequate and reliable procedures and information infrastructure. We continuously assess and oversee material risks from cybersecurity threats associated with our third-party service providers. Before engaging in business relationships with service providers, the cybersecurity department evaluates whether they meet our minimum standards relating to cybersecurity procedures, governance and risk management. We conduct on-site visits to some service providers that impose greater cybersecurity risks to us to validate their controls over information, monitor their responses to cybersecurity incidents and improvements to cybersecurity infrastructure. Service providers are also required to report material cybersecurity incidents to us relating to breaches of our information and personal information of our customers. From an operational perspective, we use tools such as network behavioral analysis, intrusion prevention systems or IPS, firewalls, antiviruses, antispam systems, among others to protect us against external and internal attacks. Those systems are used to protect our information and information of our customers regardless of where it is located (i.e., within our own infrastructure, a cloud provider or service provider’s infrastructure) throughout the lifecycle of the information. In line with the growing use AI technology, we have implemented a safety journey in the use of AI for business enablement that covers all the necessary requirements to ensure safety in the use of this technology. Risks from cybersecurity threats, including any previous cybersecurity events, have not materially affected us or our business strategy, results of operations or financial condition as of the date of this annual report.
Cybersecurity Risk Management Processes Integrated [Flag]	true
Cybersecurity Risk Management Processes Integrated [Text Block]	We consider cybersecurity and information security at the highest strategic level. Our cybersecurity risk management strategy is designed to detect, prevent, monitor and respond to security incidents, minimize unavailability, protect integrity of data and prevent data leakage.
Cybersecurity Risk Management Third Party Engaged [Flag]	true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]	true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]	false
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block]	Risks from cybersecurity threats, including any previous cybersecurity events, have not materially affected us or our business strategy, results of operations or financial condition as of the date of this annual report.
Cybersecurity Risk Board of Directors Oversight [Text Block]	Governance Our board of directors, which includes members with technology and cybersecurity experience, oversees the management of cybersecurity risks as well as participates in the establishment of our cybersecurity strategy. Our Risk Committee (Comitê de Risco) receives reports on cybersecurity incidents occurring in the applicable period and information relating to the management of cybersecurity threats. Based on this report, we define measures and improvements to enhance our management of cybersecurity issues. Additionally, our board of directors' reviews annually our Corporate Information Security and Cyber Security Policy and our response plan to cybersecurity incidents, as well as periodically approves our cybersecurity strategy. In addition to our board of directors, our management plays an important role in managing cybersecurity threats. We have a department solely dedicated to identifying, assessing and managing cybersecurity threats, incidents and issues, which is led by our CSO. The CSO must have a long and solid expertise in cybersecurity matters and reports material cybersecurity risks to CRO. The CRO monitors those material cybersecurity risks and reports them to the executive committee. For more information on the biographical information relating to each of our CSO and CRO, see “Item 6A. Directors and Senior Management - Board of Officers and Members of our Audit Committee".
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]	Our board of directors, which includes members with technology and cybersecurity experience, oversees the management of cybersecurity risks as well as participates in the establishment of our cybersecurity strategy.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]	Our Risk Committee (Comitê de Risco) receives reports on cybersecurity incidents occurring in the applicable period and information relating to the management of cybersecurity threats.
Cybersecurity Risk Role of Management [Text Block]	In addition to our board of directors, our management plays an important role in managing cybersecurity threats.
Cybersecurity Risk Management Positions or Committees Responsible [Flag]	true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block]	We have a department solely dedicated to identifying, assessing and managing cybersecurity threats, incidents and issues, which is led by our CSO.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]	true
Cybersecurity Risk Management Expertise of Management Responsible [Text Block]	The CSO must have a long and solid expertise in cybersecurity matters and reports material cybersecurity risks to CRO.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]	The CRO monitors those material cybersecurity risks and reports them to the executive committee.

Cybersecurity Risk Management and Strategy Disclosure

12 Months Ended

Dec. 31, 2024

Cybersecurity Risk Management, Strategy, and Governance [Abstract]

Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

Risk Management and Strategy

We consider cybersecurity and information security at the highest strategic level. Our cybersecurity risk management strategy is designed to detect, prevent, monitor and respond to security incidents, minimize unavailability, protect integrity of data and prevent data leakage. We have adopted various processes for the assessment, identification and management of risks arising from cybersecurity threats, which are documented in our Corporate Information Security and Cyber Security Policy, available at our Investor Relations website, which is not incorporated by reference into this annual report. For more information on cybersecurity risks, see “Item 3D. Risk Factors - Business Operations - Failure to adequately protect ourselves against risks relating to cybersecurity could materially adversely affect us.”

We have a cybersecurity department that is responsible for monitoring our technological environment and for assessing any threats and alerts relating to cybersecurity 24/7. Once the cybersecurity department identifies a cybersecurity incident, it classifies the incident as material or not based upon internal guidelines, as described in the Information Security and Cybersecurity Incident Response Plan (Plano de Tratamento de Incidentes de Segurança da Informação e Cyber Security), prepared by our cybersecurity department and approved by our board of directors, which consider, among other matters, the impact of the cybersecurity incidents on our financial system and whether there is evidence that any customer or general public information has been exfiltrated. Upon the determination that a material cybersecurity incident has occurred and that such an incident may materially damage the individuals whose personal information has been exfiltrated, the cybersecurity department is required to report the incident to the audit committee as well as to notify the relevant Brazilian authorities and those individuals implicated. In the event of a cybersecurity incident affecting personal information of our employees, the cybersecurity department reports to the inspectorate for joint action. The cybersecurity department is led by our CSO. Adriano Cabral Volpini, our CSO since 2012. For further information on Mr. Volpini’s credentials, see “Item 6A. Directors and Senior Management - Board of Officers and Members of our Audit Committee".”

Our cybersecurity processes have been comprehensively integrated into our risk management system and strategy. Our cybersecurity department prepares an annual cybersecurity report outlining cybersecurity incidents if any, actions taken to respond to those incidents and measures adopted to prevent cybersecurity incidents from occurring. This annual cybersecurity report is presented to the risk committee, the audit committee and the board of directors to ensure compliance with regulatory requirements in Brazil. We also conduct, on a continuous basis, stress tests to our cybersecurity infrastructure and environment to identify potential weaknesses and improve our controls and procedures. In addition, we roll out awareness campaigns and/or trainings periodically for our employees and, every 2 years, we conduct mandatory training on cybersecurity matters for our employees, the cybersecurity department, executive management and the board of directors. For further information on the expertise of our board members in cyber-related matters, see “Item 6A. Directors and Senior Management - Board of Officers and Members of our Audit Committee.”

As part of our risk management strategy, we contract cybersecurity companies and auditing firms with industry recognized expertise on cybersecurity matters to assess our cybersecurity controls and procedures annually. Those consultants and auditing firms conduct independent penetration tests and suggest improvements to our overall procedures, if any. In 2011 and 2021 we obtained the ISO 27001 and ISO 27701 certificates, respectively. ISO 27001 is an international standard to manage information security while ISO 27701 is the international standard for privacy information management. This additional layer of surveillance by independent consultants and auditing firms, together with the ISO 27001 and ISO 27701 certificates, represent our commitment to adequate and reliable procedures and information infrastructure.

We continuously assess and oversee material risks from cybersecurity threats associated with our third-party service providers. Before engaging in business relationships with service providers, the cybersecurity department evaluates whether they meet our minimum standards relating to cybersecurity procedures, governance and risk management. We conduct on-site visits to some service providers that impose greater cybersecurity risks to us to validate their controls over information, monitor their responses to cybersecurity incidents and improvements to cybersecurity infrastructure. Service providers are also required to report material cybersecurity incidents to us relating to breaches of our information and personal information of our customers.

From an operational perspective, we use tools such as network behavioral analysis, intrusion prevention systems or IPS, firewalls, antiviruses, antispam systems, among others to protect us against external and internal attacks. Those systems are used to protect our information and information of our customers regardless of where it is located (i.e., within our own infrastructure, a cloud provider or service provider’s infrastructure) throughout the lifecycle of the information. In line with the growing use AI technology, we have implemented a safety journey in the use of AI for business enablement that covers all the necessary requirements to ensure safety in the use of this technology.

Risks from cybersecurity threats, including any previous cybersecurity events, have not materially affected us or our business strategy, results of operations or financial condition as of the date of this annual report.

Cybersecurity Risk Management Processes Integrated [Flag]

true

Cybersecurity Risk Management Processes Integrated [Text Block]

Cybersecurity Risk Management Third Party Engaged [Flag]

true

Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]

true

Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]

false

Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block]

Cybersecurity Risk Board of Directors Oversight [Text Block]

Governance

Our board of directors, which includes members with technology and cybersecurity experience, oversees the management of cybersecurity risks as well as participates in the establishment of our cybersecurity strategy. Our Risk Committee (Comitê de Risco) receives reports on cybersecurity incidents occurring in the applicable period and information relating to the management of cybersecurity threats. Based on this report, we define measures and improvements to enhance our management of cybersecurity issues. Additionally, our board of directors' reviews annually our Corporate Information Security and Cyber Security Policy and our response plan to cybersecurity incidents, as well as periodically approves our cybersecurity strategy.

In addition to our board of directors, our management plays an important role in managing cybersecurity threats. We have a department solely dedicated to identifying, assessing and managing cybersecurity threats, incidents and issues, which is led by our CSO. The CSO must have a long and solid expertise in cybersecurity matters and reports material cybersecurity risks to CRO. The CRO monitors those material cybersecurity risks and reports them to the executive committee. For more information on the biographical information relating to each of our CSO and CRO, see “Item 6A. Directors and Senior Management - Board of Officers and Members of our Audit Committee".

Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]

Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]

Our Risk Committee (Comitê de Risco) receives reports on cybersecurity incidents occurring in the applicable period and information relating to the management of cybersecurity threats.

Cybersecurity Risk Role of Management [Text Block]

In addition to our board of directors, our management plays an important role in managing cybersecurity threats.

Cybersecurity Risk Management Positions or Committees Responsible [Flag]

true

Cybersecurity Risk Management Positions or Committees Responsible [Text Block]

We have a department solely dedicated to identifying, assessing and managing cybersecurity threats, incidents and issues, which is led by our CSO.

Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]

true

Cybersecurity Risk Management Expertise of Management Responsible [Text Block]

The CSO must have a long and solid expertise in cybersecurity matters and reports material cybersecurity risks to CRO.

Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]

The CRO monitors those material cybersecurity risks and reports them to the executive committee.