For Brave group Inc. (“Brave”) he responsible handling of our own, our partner companies, and our customers’ sensitive data accumulated over the course of conducting business is a fundamental part of Brave’s operating structure. All persons handling sensitive data and information, including directors, managements, and employees, are to recognize the importance of protecting such information assets from risks such as leakage, damage, and loss, and must comply with the following policy and actively enforce these practices to maintain information security, confidentiality, integrity, and availability of said information assets.

1. In order to Brave’s’ and Brave’s customers’ private information, we have established an information security policy with rules and regulations to conduct our business in accordance with this policy. The policy itself is in compliance with national laws and regulations concerning,information security and in addition to mutual contracts with our customers.
2. We will make clear Brave’s criteria for analyzing and assessing the risk of leakage, damage, loss, etc. of information assets, and establish a systematic risk assessment method to conduct risk assessments on a regular basis. Based on these results, we will implement necessary and appropriate security measures.
3. We will establish an information security system led by dedicated personnel and an experienced data security director, and make transparent the authority and responsibility for information security. Following this, we will regularly educate and train all employees to ensure that they recognize the importance of information security and handle sensitive data in an appropriate manner.
4. We will routinely inspect and audit the status of compliance with the Information Security Policy and the handling of sensitive data within Brave group and promptly take corrective action for any deficiencies found while further improving what measures are possible.
5. We will take appropriate measures against information security breaches, and quickly establish measures to minimize damage in advance in the event of such incidents, respond promptly in the event of an emergency, and take any and every appropriate corrective measures. In addition, we will ensure business continuity by establishing a framework for managing incidents of this nature that affect data and business alike by conducting periodic reviews of the framework.
6. The security policy we develop will be in service to the above goals in addition to our dedication to privacy, and we will continue to review and improve how we handle and protect sensative information on an ongoing basis.