Pismo Soluções Tecnologicas Ltda. (“Pismo”) is committed to respecting your privacy and has prepared this privacy policy (“Policy”) to explain what Data is collected and how it is processed by Pismo.

PLEASE READ THE POLICY BELOW CAREFULLY. IT DESCRIBES HOW WE PROCESS THE PERSONAL DATA PROVIDED BY YOU OR COLLECTED BY PISMO WHEN YOU ACCESS OR USE THE WEBSITES, PRODUCTS, AND SERVICES. For this Policy’s purposes, “Users” are all individuals that use Pismo Website in any way.

The website (“Website”) may be accessed at https://pismo.io

We do not collect or knowingly request data from minors under the age of 18 (eighteen), except when hiring trainees under this age. Users under the age of 18 (eighteen) must not send us data through our Website. If we learn that we collected data from an individual under the age of 18 (eighteen) other than a candidate for the trainee program, we will disregard the data provided and will not keep it on our database.

For proper use of the Website, we need to have access to certain personal data about you (collectively, the “Data”).

This Policy explains, in a simple, objective, and transparent manner, which Data are collected and processed by Pismo, its purposes, with whom it may be shared, and what resources are available for users to manage the Data.

What this Policy covers:

1. What Data do we collect and process
2. Why do we collect and process these Data
3. When we delete your Data
4. Who else has access to the Data and why
5. What are your rights with respect to these Data
6. How we store and protect your Data
7. Do you need to provide your consent for Pismo to use your Data as described
in this Policy?
8. Website of third parties
9. Changes to this Policy
10. How to make a complaint

According to Law No. 13,709 of 2018, Pismo is considered the “Controller”

According to Law No. 13,709 of 2018, Pismo is considered the “Controller” of your Data. After reading this Policy, if you still have any questions or, for any reason, need to contact us for matters – 3 – involving your Data, please, use the channel below:
Data Protection Officer (“DPO”): Thiago Nunes Lopes
DPO’s email address: dpo@pismo.io
Data subject Portal: https://portaldotitular.pismo.io

1. What Data we collect and process
   Pismo receives or collects only the following types of information related to the Users: (1) data for registration purposes of prospective customers who wish to use the products and/or services of Pismo; (2) data of job applicants; and (3) data of visitors or users of our website.
   1.1. Data for registration purposes: Data provided by Users on the Website for contact purposes, before using the services:
   • full name;
   • email address;
   • telephone number;
   • company; and
   • position in the company.
   1.2 Data of job applicants

• name;
• email address;
• telephone number;
• birth date;
• gender;
• parents’ names;
• RG and CPF number;
• address;
• profession and expertise;
• education;
• professional experience; and
• salary expectations

1.3. Data of Device: Data collected through technologies such as cookies, pixels, and beacons when Users interact with the Website, such as:

• technical data, such as URL information;
• cookie data;
• your IP address;
• browser type;
• browser language;
• date and time of request;
• device attributes;- 4 –
• type of network connection;
• data that allows the management of digital copyrights;
• the operating system; and
• geolocation

2. Why we collect and process these Data
   We use User Data for the following purposes:

Data for Registration Purposes
• Respond to customer service requests;
• Conduct research and analysis;
• Comply with legal and/or regulatory requirements;
• Respond to questions and concerns;
• To contact the User (by email, mail, text messages and/or telephone) about several matters, including the use of the Website and/or to carry out customer satisfaction surveys;
• To send messages with information and offers about products or services that may be interesting for the User;
• For advertising and marketing; and
• To generate knowledge, innovate, and/or develop new products.

Data of Job Applicants
• To process job applications;
• To carry out the selection process; and
• To communicate with applicants or potential job applicants selected for vacancies.

Data of Device
• To ensure the correct functioning of our services to support our customers’ analytical efforts.
• Manage and improve our Website, our web resources, as well as simplify the interaction with User.
• To comply with legal obligations;
• To help us understand your patterns of use of our Website and improve it;
• To recommend to User services or features of the Website, and even third-party services, which may be interesting to User.

We do not use User Data for any purposes other than those described above.

3. When we delete your Data
   We structure the Website and our activities to avoid that your Data be retained in an identified manner for longer than necessary. In other words, we keep your Data only during the time necessary for the accomplishment of the purposes described above, for compliance with the requirements set forth by law or for the regular exercise of our rights.
   We may keep Data anonymously, that is, without it being related to a User, for longer periods. The data we collect about the IP address of Users of the page and about the logs of access of the registered Users is stored for at least six (6) months, as established by article 15 of Law No. 12,965 of 2014 (Brazilian Internet Law ).
4. Who else has access to the Data and why
   We do not sell or market your Data. However, we may from time to time share your Data with the third parties identified below.
   Some of these third parties may be located abroad. If your Data is transferred to another country, we will take the measures required by law to ensure its protection, but please keep in mind that when using our Website and providing us with your Data such Data may be sent to other countries

5. What are your rights with respect to these Data
   Pursuant to the General Data Protection Law (Law 13,709 of 2018 – “LGPD”), you have the right to:
   • Obtain confirmation that we process your Data. In response to this request, we will inform you if we process your Data or not. Note that, if you are our customer (User), we necessarily process your Data, as explained in this Policy.
   • Access your Data. If you are interested, you can receive a report in which we present the Data held by you that are processed by us.
   • Rectify incomplete, inaccurate or outdated Data. If you consider that your Data are incorrect, you can request the rectification, indicating what needs to be changed and why. It is possible that we request a proof to make this change.

• Request the anonymization, blocking or erasure of Data deemed unnecessary, excessive or processed in breach of the LGPD. If you consider that we are processing your Data in an unnecessary and excessive manner or in breach of the LGPD, you can request that the Data be anonymized, blocked or erased.
• Request portability of your Data to another service or product supplier, with due regard for our trade and industrial secrets, according to the regulation to be issued by the National Data Protection Authority (“ANPD”). You are the owner of your own
Data. Therefore, you can request that these Data be transferred to another service or product supplier, according to ANPD’s regulation, provided that the trade and industrial secrets are respected.
• Request erasure of Data processed on the basis of your consent, except in the events of retention of Data prescribed by law. If your Data are processed based on consent, you may request the erasure of these data. However, the LGPD authorizes the preservation of data for fulfillment of legal or regulatory obligations; studies conducted by research bodies, ensuring, if possible, the anonymization; transfer to a third party and exclusive use by the controller, to the extent that the data be anonymized.
• Obtain information about the entities with whom we share your Data. You can request that we inform with which entities we share your Data.
• Obtain information about the possibility of refusing consent and the respective consequences. When the consent is used as legal basis for the processing of personal data, you are entitled to be informed about the possibility of refusing consent and the
consequence of such refusal.
• Withdraw your consent to the processing of your Data. If your Data are processed based on consent, you can withdraw this consent. With that, any processing of your Data that is made based on consent will be interrupted.
• Object the processing that violates the LGPD. If you consider that we are processing your Data in violation of the LGPD, you can object this processing. The request will be carefully reviewed and, if we agree, the processing of your Data that is in breach of the LGPD will be interrupted.
• Request the revision of decisions taken solely based on the automated processing of your Data. It is possible that decisions are taken based in the automated processing of your Data. If this happens, you can request the revision of these decisions.
• File a petition regarding your Data with the National Data Protection Authority. If you consider it necessary, you can file a petition regarding your Data with the ANPD.

You can exercise any of the above rights through our data subject portal https://portaldotitular.pismo.io, or by sending an e-mail to dpo@pismo.io. Before answering a request for exercise of the abovementioned rights, we can request that you provide us with some information to confirm your identity.

6. How we store and protect your Data
   We store your Data in a secure manner in third-party data centers located in Brazil, in the United States and Europe. We currently contract data center services provided by cloud computing service operators. Before sending your Data for storage in other countries, we adopt the measures required by law to ensure that they will be protected accordingly.

The security of your information is of utmost importance to us. We have in place the best technical and administrative practices to protect the Data against unauthorized access, destruction, loss, alteration, communication or any inadequate or unlawful processing. Nevertheless, no platform is completely secure. If you have any concern or suspicion that your Data are at risk, for example, if someone had access to your password, please contact us immediately.

7. Do you need to provide your consent for Pismo to use your Data as described in this Policy?
   LGPD establishes several situations in which processing of personal Data is allowed regardless of the consent of the data subject. These are the so-called “legal bases for processing of Data.” This means that, if you choose to use our resources, in some cases we may collect and process
   your Data without your consent (if there is a legal basis provided for in LGPD that allows us to do so), such as, for example, to perform measures prior to contracting or signing an agreement with you, to comply with legal and regulatory obligations, to exercise rights established in an
   agreement or required by judicial, administrative and arbitration proceedings, credit protection, to guarantee protection against fraud and security of the data subject, in the identification and authentication processes of registration in electronic systems, for the legitimate interests of Pismo or third parties, among others.
   In other cases, we may ask for your consent to use your Data. Please note that the revocation of your consent will obligate us to cease the processing of Data done exclusively based on your consent.

8. Websites of third parties
   We may provide links to other websites on the Internet as a resource for our Users. Pismo is not responsible for these websites and content, and does not share, subscribe, monitor, validate or accept the way used for these websites or content storage tools to collect, process, and transfer your personal and private data. The data or content of such other websites are governed by the
   privacy statements of such other websites. We encourage you to check the privacy policies of said websites to be properly informed on how your personal data is used by other websites or other tools.
9. Changes to this Policy
   We may change the provisions of this Policy at our discretion and at any time. Whenever this Policy is changed substantially, such changes will be valid, effective and binding after: (1) they are posted on Pismo website; (2) they are emailed to Users; and/or (3) they are informed to Users by any other means

Users must check the updated version of this Policy every time they visit our Website.

10. How to make a complaint
    You may file a complaint through Pismo’s channel provided above.
    You may also send a message to the National Data Protection Authority.