Menu

Cybersecurity Policy

Version updated on September, 2024

INTRODUCTION

Compliance with the established guidelines is the responsibility of everyone who have access to the information technology assets of Hotmart Technology BV ("Hotmart" or "Company") and its subsidiaries, whether tangible or not, regardless of form or format, including Brazilian regulated subsidiaries, such as Launch Pad Sociedade de Crédito Direto S/A. Therefore, it is essential to achieve adequate levels of protection for Hotmart's information.


 

 GUIDELINES

Hotmart aims to carry out activities to protect the confidentiality, integrity, and availability of cyber security. The objective is to achieve, among others, the following objectives:

I) Effectively monitor the effectiveness of the processes and controls implemented to reduce cyber security risks.

II) Rapid identification of emerging information security risks for treatment.

III) Continuous improvement in the ability to prevent, detect, and reduce vulnerability to incidents related to the cyber environment.

IV) Continuous promotion of a culture of attention to information security and protection of the data processed by Hotmart, incorporating it into operational processes and procedures.


 

INFORMATION SECURITY PROGRAM

Hotmart's Information Security program consists of a broad process that, within the framework of the outlined principles and objectives, guides the implementation of controls and information management instruments, among which the following stand out:

  • Data and information classification

Classification is determined based on the value of the information, sensitivity, criticality, legal and contractual obligations, and the Company defines labels for the classification of information, which must be observed and applied internally during the processing of information.

  • Property rights

The company ensures respect  for  all aspects of intellectual property present in its environment and in its operations. It is everyone's duty to refrain from using Hotmart's information or intellectual property for private purposes.

  • Management and definitions of the use of information assets

At Hotmart, information assets are protected against undue access, and employees must observe the precautions inherent to each activity, acting with integrity and discernment when using the Company's equipment.

  • Access management

The company adopts formal procedures for managing access to its entire IT environment, including processes for granting, revoking, transferring, reviewing, and authenticating access.

  • Change management

Hotmart adopts various controls for managing code review processes, the integrity and continuity of the systems developed, tracking, versioning, testing, and managing the continuous integration cycle.

  • Network and encryption management

By managing its networks, Hotmart preserves the secure flow of data between the components of its systems, observing network segmentation and the use of secure configuration standards and strong encryption.

  • Vulnerability management

Hotmart carries out recurring scans and tests on its IT environment, by a team specialized in security tests, to check for flaws and vulnerabilities in its systems, which are dealt with by its cyber security and secure development teams.

  • Protection against malware

Protection mechanisms are implemented against malicious code at entry and exit points of the company's systems. These points include but are not limited to, firewalls, remote access servers, workstations, email servers, web servers, proxy servers, and mobile devices.


 

  • Supplier management

Based on information received and internal checks, the risks involved in contracting each supplier are assessed to ensure compliance with the company's cyber security, data and information privacy rules, in accordance with the services provided.

  • Maintenance and analysis of audit logs

Automated audit trails are implemented for Hotmart's system components, allowing the tracking of security events, authentication, and actions performed by users.

  • Prevention of information leakage

Hotmart applies information transmission control in its IT environment, through automated solutions, which detect, restrict and alert the inappropriate circulation of data. Controls are associated with the classification of this information.

  • Backup and contingency management

In order to securely maintain and safeguard Hotmart's data, periodic backups and recovery tests of its systems' functionalities are carried out to ensure the continuity of its operation.

  • Information security training and awareness

To disseminate knowledge and continuous improvement, the Company carries out periodic training and awareness-raising regarding Cyber and Information Security, covering all employees and third parties who access the Company's technology environment.

  • Incident management

In the event of any inconsistency or failure in Hotmart's environment being identified by the external public, the Company provides a channel for receiving the relevant notice, via e-mail to cybersecurity@hotmart.com.


Security Recommendations for Hotmart Customers and Users:

  • Use unique passwords: Avoid using common passwords or personal data. Choose to create unique and complex passwords, considering the use of combinations of letters, numbers and special characters.
  • Implement two-factor authentication (2FA): Strengthen the security of your account by enabling two-factor authentication whenever possible. This adds an extra layer of protection by requiring a second form of verification in addition to the password.
  • Watch out for suspicious emails: Avoid opening emails from unknown senders or with suspicious content. Be wary of links or attachments in unsolicited emails, as they may contain malware or phishing attempts.
  • Keep your devices up to date: Make sure you keep your operating system, applications, and antivirus always up to date to protect against known vulnerabilities.
  • Be aware of fake websites: Always check the authenticity of the websites you access, especially when entering personal or financial information. Look for security signs, such as the green padlock in the address bar.
  • Protect your devices: As well as keeping your passwords safe, protect your devices with screen locks and passwords. This makes unauthorized access more difficult in the event of loss or theft.

PENALTIES FOR NON-COMPLIANCE

Failure to comply with the guidelines of the Information Security Program, defined in this Policy, constitutes a serious offense and entails the application of sanctions by internal and external standards, terms of use, and other applicable regulations in force.

Any employees, service providers, users, or clients who deliberately fail to report violations of this policy will also be subject to the measures mentioned above.

To this end, the Hotmart Company provides a reporting channel

Hotmart Company guarantees to whistleblowers that we act in a genuine and truthful manner: (a) anonymity and protection of their identities, if necessary and requested; (b) confidentiality of the process; (c) impartiality in the analysis of the reported fact; (d) the right to information about the progress of the case; and (e) Protection and non-retaliation.