CONFIDENTIALITY POLICY

1. Purpose

This policy aims to establish guidelines, controls, and responsibilities for the use and sharing of confidential information within the scope of Lopti’s activities, including professional conduct, contracts, and/or any legal transactions entered into or intended to be entered into with Lopti.

It is expected by Lopti’s Senior Management that each professional takes responsibility for the company’s integrity through compliance with this Policy.


2. Scope of Application

Unit/Location: This policy applies to all Lopti units.

Unidade/Localidade: esta política aplica-se a todas as unidades da Lopti.


3. Eligibility

This policy applies to all Lopti professionals.


4. References

  • Brazilian General Data Protection Law (LGPD – Law No. 13.709/2018)
  • Brazilian Civil Rights Framework for the Internet (Law No. 12.965/2014)

5. Definitions

  • a) Confidential Information: Any and all information, data, documents, projects, reports, contracts, contract drafts, correspondence, technical or material specifications, regardless of format — written, oral, electronic, visual, digital, or any other means — that is not publicly known and has been disclosed, transmitted, accessed, or otherwise made available to Lopti or by Lopti to authorized third parties.
    This includes financial, legal, technical, operational, commercial, and strategic content, as well as any other know-how, source code, algorithms, databases, etc.
  • b) Disclosing Party: A natural or legal person who makes Confidential Information available.
  • c) Receiving Party: A natural or legal person who receives or accesses the Confidential Information.
  • d) Non-Disclosure Agreement (NDA): A legal document to protect shared Confidential Information.
  • e) Personal Data: Information related to an identified or identifiable natural person (LGPD).
  • f) Sensitive Data: Information related to origin, beliefs, politics, genetics, biometrics, health, or sexual orientation.

6. Specific Guidelines

General principles described in this policy must be expanded through other policies, rules, and procedures to ensure proper implementation.

6.1. Information Classification

Information must be classified to ensure appropriate protection:

  • Public: May be freely disclosed, like institutional content or legally required publications.
  • Internal Use (Restricted): For authorized personnel only; examples: policies, instructions, schedules.
  • Confidential: Strategic, legal, or financial risk if leaked. Example: contracts, client data.
  • Highly Confidential (Critical): Disclosure may harm company continuity. Example: source code, algorithms.

All information must be labeled and stored accordingly.

6.2. Handling of Confidential Information
  • Access only by necessary individuals (least privilege).
  • Use secure, segregated environments (e.g., VPN, MFA, encrypted storage).
  • Access control must be logged and reviewed.
  • Verbal confidentiality in controlled settings.
  • Only use authorized devices and secure remote access when needed.
  • Sharing must be authorized in writing and under NDA.
6.3. Sharing
  • Prior authorization: Management/Legal/InfoSec must approve external sharing.
  • NDA required: Scope, term, penalties, and data return or destruction must be defined.
  • Internal sharing: Must respect classification and involve only necessary individuals.
  • Authorized media/channels: Use only secure, approved tools (e.g., encrypted email).
  • Sharing record: Log all relevant external sharing actions.
6.4. Storage and Disposal
  • Physical: Store in locked/restricted areas. Track access.
  • Digital: Store only in secure corporate systems with backups and encryption. Personal clouds/USBs prohibited.
  • Version control: Track changes and log access.
  • Physical disposal: Use shredders or certified destruction services.
  • Digital disposal: Use secure deletion tools. Wipe data from returned equipment.

7. Procedure and Responsibility Matrix

7.1 Responsibility Matrix
Area/Position Responsibility/Authority
Professional
  • Comply fully with all the terms of this Confidentiality Policy and the Non-Disclosure Agreements signed;
  • Ensure that all confidential information to which access is granted is stored, used, and shared securely, restrictively, and in accordance with internal guidelines;
  • Prevent the leakage, disclosure, copying, or misuse of confidential information, even after the termination of the relationship with the company;
  • Adopt good information security practices, including strong passwords, care with mobile devices, and use of secure channels;
  • Participate in training and awareness actions promoted by Lopti on confidentiality, data protection, and information security;
  • Request formal authorization before sharing any information with third parties, even within Lopti.
Leadership
  • Evaluate doubts and questions from professionals, providing the necessary clarifications to eliminate any uncertainty about the Confidentiality Policy;
  • Ensure compliance with the Confidentiality Policy;
  • Supervise and validate the control of access to confidential information under their responsibility;
  • Approve or deny requests for access to classified information, based on the principle of least privilege;
  • Act promptly in case of incidents, leading or assisting in internal investigations when necessary;
  • Ensure that confidential information from projects or processes under their management is properly classified, protected, and access is restricted.

8. Updates and Information Regarding this Policy

Uncovered or conflicting situations must be reported to notify@lopti.ai, with decisions justified and approved.

Lopti may amend this policy at any time. It's the reader’s responsibility to stay informed. All changes will be communicated via email and take effect within 15 days.

Preencha o formulário para prosseguir para o agendamento com um de nossos atendentes:

É rápido e leva menos de 1 minuto!