Sign up
Sign up
Access my purchases Manage my business

Cybersecurity Policy

Version updated on December, 2025

1. INTRODUCTION

This policy applies to all subsidiaries of Hotmart Technology BV ("Hotmart" or "Company"), including Launch Pad Sociedade de Crédito Direto S/A., and addresses compliance with the guidelines established for all who have access to Hotmart's information technology assets and its subsidiaries, whether tangible or not, regardless of form or format, with the aim of achieving adequate levels of information protection for Hotmart.

2. GUIDELINES

Hotmart aims to implement measures to protect the confidentiality, integrity, and availability of its assets and information. The purpose is to achieve, among others, the following objectives:

I) Effectively monitor the effectiveness of processes and controls implemented to reduce cybersecurity risks.

II) Rapid identification of emerging information security risks for the application of corrective measures.

III) Continuous improvement in the ability to detect, prevent, and mitigate vulnerabilities to reduce the possibility of cyber incidents.

IV) Continuous promotion of a culture of attention to information security and protection of data processed by Hotmart, incorporating them into operational processes and procedures.

3. INFORMATION SECURITY PROGRAM

Hotmart's Information Security program consists of a broad process that, within the scope of the defined principles and objectives, guides the implementation of information management controls and instruments, among which stand out:

  • Data and information classification

The classification is determined based on the value of the information, its sensitivity, criticality, and applicable legal or contractual obligations. The Company defines labeling categories that must be observed and applied internally during the handling and processing of information.

  • Property rights

The Company ensures respect for all aspects of intellectual property present in its environment and operations. It is everyone's duty to refrain from using Hotmart's information or intellectual property for private purposes.

  • Management and definitions of information asset use

At Hotmart, information assets are protected against unauthorized access, and employees must observe the care required for each activity, acting with integrity and discernment when using Company equipment.

  • Access management

The Company adopts formal procedures for access management across its entire IT environment, encompassing Granting, Revocation, Transfer, Review, and Authentication of Accesses.

  • Change management

Hotmart employs various controls to manage code review processes, ensure the integrity and continuity of developed systems, track and version code, test, and manage the continuous integration cycle.

  • Network and encryption management

Through the management of its networks, Hotmart maintains the secure flow of data across its systems, ensuring network segmentation and the use of secure configuration standards and strong encryption.

  • Vulnerability management

Hotmart performs recurring scans and tests in its IT environment by a specialized security testing team to assess failures and vulnerabilities in its systems, whose remediation is handled by its cybersecurity and secure development teams.

  • Malware protection

Protection mechanisms are implemented against malicious code at entry and exit points of the company's systems. These points include, but are not limited to, firewalls, remote access servers, workstations, email servers, web servers, proxy servers, and mobile devices.

  • Vendor management

Based on the information received and internal verification, the risks associated with contracting each vendor are evaluated to ensure compliance with the Company's cybersecurity, data privacy, and information security rules, depending on the services provided.

  • Maintenance and analysis of audit logs

Automated audit trails are implemented across Hotmart's system components, enabling the tracking of security events, authentication, and user actions.

  • Information leakage prevention

Hotmart applies information transmission controls in its IT environment through automated solutions that detect, restrict, and alert to unauthorized data circulation. The controls are associated with the classification of this information.

  • Backup and contingency management

To securely maintain and safeguard Hotmart's data, periodic backups and recovery tests of its systems' functionality are conducted to ensure the continuity of its operations.

  • Information security training and awareness

With the objective of disseminating knowledge and promoting continuous improvement, the Company conducts periodic training and promotes awareness-raising initiatives related to Cybersecurity and Information Security, covering all employees and third parties who access the Company's technology environment.

  • Incident management

In the event of any inconsistency or failure in the Hotmart environment identified by the external public, the Company provides a channel for receiving the respective communication via email cybersecurity@hotmart.com.

The Company complies strictly with the applicable legislation and regulations governing information security and data protection. Our internal norms and procedures outline the criteria for communicating relevant incidents to specific regulatory and supervisory bodies, including the mandatory reporting to the Central Bank of Brazil (BACEN).

  • Security Recommendations for Hotmart Customers and Users

1. Use unique passwords: Avoid using common passwords or personal data. Create unique, complex passwords that include combinations of letters (uppercase and lowercase), numbers, and special characters.

2. Implement two-factor authentication (2FA): Strengthen your account security by enabling two-factor authentication whenever possible. This adds an extra layer of protection, requiring a second form of verification beyond the password.

3. Be aware of suspicious emails: Avoid opening emails from unknown senders or with suspicious content. Be wary of links or attachments in unsolicited emails, as they may contain malware or phishing attempts.

4. Keep your devices updated: Ensure your operating system, applications, and antivirus software are always up to date to protect against known vulnerabilities.

5. Be aware of fake websites: Always verify the authenticity of the websites you access, especially when entering your login credentials, personal, or financial information. Look for security signs, such as the green padlock in the address bar.

6. Protect your devices: In addition to keeping your passwords secure, use screen locks and set access passwords. This makes unauthorized access difficult in case of loss or theft.

4. SANCTIONS

Non-compliance with the guidelines of the Information Security Program, defined in this Policy, constitutes a serious offense and entails the application of sanctions in accordance with internal and external norms, terms of use, and other applicable regulations in force.

The employee, service provider, user, or customer who deliberately fails to notify violations of this policy will also be subject to the measures mentioned above.

For this purpose, Hotmart Company provides a complaints channel.

Hotmart Company guarantees to whistleblowers that we act genuinely and truthfully: (a) anonymity and protection of their identities, if necessary and requested; (b) confidentiality of the process; (c) impartiality in the analysis of the reported fact; (d) the right to information about the progress of the case; and (e) Protection and non-retaliation.


Free translation of the document originally written in Portuguese