ESG Policy
Last updated: January 2, 2026
This English translation is provided for convenience only. In the event of any discrepancy or conflict between versions, the Portuguese version prevails.
Social, Environmental, Governance and Compliance (ESG) Policy
1. Introduction
Arkar Tecnologia Ltda. ("Arkar") is a SaaS technology company focused on investment funds and artificial intelligence applied to the financial market. We recognize that our activities, although predominantly digital, generate environmental, social and governance impacts that must be managed responsibly and transparently.
This Social, Environmental, Governance and Compliance (ESG) Policy establishes Arkar's principles, guidelines and commitments regarding sustainability, social responsibility, corporate governance and compliance. It applies to all employees, partners, suppliers, users and stakeholders.
2. ESG Principles
Environmental (E)
Arkar is committed to reducing its environmental impact through the following practices:
- Efficient use of cloud infrastructure: Optimization of the use of cloud computing resources, including proper instance sizing, use of serverless computing and monitoring of energy efficiency.
- Preference for sustainable providers (green cloud): Selection of cloud infrastructure providers that use renewable energy, have carbon neutrality targets and adopt sustainable practices in their data centers.
- Reduction of paper consumption: Promotion of digital processes, electronic signatures and digital documentation, minimizing the use of paper in all operations.
Social (S)
Arkar values the positive social impact of its activities and is committed to:
- Diversity and inclusion: Promoting a diverse and inclusive work environment, with hiring policies that value diversity of gender, race, ethnicity, sexual orientation, disability and other dimensions.
- Privacy and data protection:Responsible processing of the personal data of users, employees and partners, in compliance with Lei nº 13.709/2018 (LGPD – Brazilian General Data Protection Law), the GDPR and other applicable rules.
- Transparency with stakeholders: Clear and honest communication with clients, investors, employees and other stakeholders about our practices, results and challenges.
- Responsible use of AI: Commitment to the ethical development and use of artificial intelligence, ensuring that our technologies do not perpetuate discrimination or biases, or cause harm to individuals or groups.
Governance (G)
Arkar maintains robust corporate governance practices, including:
- Internal controls: Implementation of adequate internal controls for risk management, asset protection and ensuring the integrity of information.
- Compliance with the LGPD/GDPR/FTC Act: Compliance with data protection and privacy laws in the jurisdictions in which we operate.
- Internal audits: Periodic internal audits to verify the effectiveness of controls, compliance with policies and the adequacy of processes.
- Management of conflicts of interest: Policies and procedures to identify, disclose and manage actual or potential conflicts of interest.
3. Security, Privacy and Data Protection
Arkar implements comprehensive security, privacy and data protection measures, including:
- Encryption in transit and at rest: All data is encrypted during transmission (TLS/HTTPS) and in storage (AES-256).
- RBAC (Role-Based Access Control): Role-based access control with the principle of least privilege, ensuring that each user has access only to the data and features they need.
- Continuous monitoring: 24/7 monitoring systems, intrusion detection, security alerts and log analysis.
- Backup and disaster recovery: Regular backups, disaster recovery plans and periodic business continuity testing.
- International compliance: Alignment with the security and privacy requirements of the LGPD, GDPR, FTC Act and other applicable rules.
4. Ethics, Integrity and Compliance
Arkar maintains the highest standards of ethics and integrity in all of its activities:
- Zero tolerance for corruption, bribery and harassment: Arkar does not tolerate any form of corruption, bribery, extortion, or moral or sexual harassment in its operations and business relationships.
- Clear reporting: Maintenance of transparent, accurate and complete records and reports on our activities, financial results and governance practices.
- Ongoing training: Regular training programs for employees on ethics, compliance, data protection, information security and ESG practices.
- Supplier due diligence: A process for assessing and monitoring suppliers and business partners to verify compliance with ethical, environmental and social standards.
5. Social, Environmental and Technological Risks
Arkar identifies, assesses and monitors the following social, environmental and technological risks:
- Cybersecurity: Risks of cyberattacks, data leaks, ransomware and other information security threats.
- Misuse of data and algorithms: Risks of unauthorized or inappropriate use of personal data and artificial intelligence algorithms.
- Regulatory risks: Risks arising from changes in applicable laws and regulations, including data protection rules, financial regulation and AI regulation.
- Social risks of AI: Risks that AI systems may perpetuate biases or discrimination, or cause negative impacts on vulnerable individuals or groups.
- Indirect environmental risks: Environmental impact associated with the energy consumption of data centers, AI model processing and technology infrastructure.
6. Responsible Use of AI
Arkar is committed to the responsible development and use of artificial intelligence:
- Legal and auditable sources: Exclusive use of data obtained from legal and auditable sources for the training and operation of AI models.
- Bias assessment: Systematic processes for assessing and mitigating biases in AI models, including testing with diverse data and periodic reviews.
- Human oversight: Mandatory human supervision and validation of all critical AI-assisted decisions, especially in financial and regulatory contexts.
- Transparency about limitations: Clear and accessible communication about the limitations, risks and uncertainties associated with the use of artificial intelligence.
7. Commitment to Stakeholders
Arkar is committed to maintaining an open and transparent dialogue with all of its stakeholders, including clients, investors, employees, suppliers, regulators and the community at large. We seek to build relationships of trust based on ethics, transparency and mutual responsibility.
We encourage all stakeholders to report concerns, suggestions or violations related to this Policy through the communication channels made available by Arkar.
8. Monitoring, Reviews and Updates
This Policy will be reviewed periodically and updated as necessary to reflect changes in best practices, in applicable law, in the technologies used and in the risks identified. Arkar maintains continuous monitoring processes to ensure the effectiveness of its ESG and compliance practices.
Significant changes to this Policy will be communicated to stakeholders through the appropriate channels. We recommend reviewing this document periodically.