Last updated: February 2026

1. Purpose

This Information Security Policy establishes the guidelines and responsibilities of OrizonAds to protect the information of its clients, partners, and employees against unauthorized access, misuse, disclosure, alteration, or destruction.

2. Scope

This policy applies to all employees, service providers, and systems of OrizonAds that process, store, or transmit client information, including access credentials to marketplace platforms such as Amazon Seller Central and Amazon Advertising.

3. Access Control

Access to client accounts and systems is granted only to authorized personnel with a legitimate need for performing the contracted services. All access credentials are managed securely, with multi-factor authentication used whenever available. Access is revoked immediately upon termination of an employee’s contract or at the client’s request.

4. Data Confidentiality

All information obtained from clients in the course of providing services is treated as strictly confidential. OrizonAds does not share, sell, or disclose client data to third parties, except when required by law or with the explicit consent of the client.

5. Use of Credentials

Access credentials provided by clients are used exclusively for the purposes established in the service agreement. Credentials are not stored in insecure systems and are protected by encrypted storage solutions. Credentials are never shared externally or used for purposes other than delivering the contracted services.

6. Incident Response

In the event of a confirmed or suspected security incident involving client data, OrizonAds will notify affected clients within 72 hours of becoming aware of the incident. The company will take immediate steps to contain, investigate, and remediate the issue, and will cooperate fully with any required investigations.

7. Compliance

OrizonAds complies with applicable data protection regulations, including the Brazilian General Data Protection Law (LGPD) and, where applicable, international standards such as GDPR. The company maintains alignment with Amazon’s policies and requirements for Solution Providers registered in the Amazon Solution Provider Portal.

8. Policy Review

This policy is reviewed annually or whenever significant operational or regulatory changes occur that may affect information security practices.

9. Contact

For questions or concerns about this policy, please contact us at: contato@orizonads.com.br