Legal GRC pages

Privacy Notice

DPO: Renata Miziés de Barros

We at Skyone are committed to respecting the privacy, protection, and security of our users' Personal Data, and we treat the information collected in accordance with Brazilian laws relating to privacy and the protection of Personal Data, such as the General Data Protection Law (LGPD).

Therefore, any information you provide to us will be treated in accordance with the limits established here and under the terms of applicable law. The same applies to companies acquired by the Skyone Group, which adhere to a rigorous program of compliance with best practices and alignment with our corporate processes.

With this Privacy Notice, we want to communicate to you, in an objective and transparent manner, the following aspects:

1. What is Skyone's role in handling your Personal Data?

In the course of its activities, Skyone performs various Personal Data Processing operations, and may be characterized as a Personal Data Operator or Controller, always committed to seeking the best interests of the respective data subjects and respecting their rights based on current legislation, especially the LGPD (Brazilian General Data Protection Law).

For example, in its relationship with its clients, Skyone acts as a Personal Data Processor when it processes Personal Data in accordance with the lawful instructions of its clients.

On the other hand, when acting with decision-making power regarding the main elements of the Processing activity, such as the Processing of Personal Data hosted in its environments, or regarding the Personal Data of its employees or collected in marketing actions and website navigation, Skyone will act as a Personal Data Controller.

2. For the right to understand. How about we clarify some of the technical terms in this Notice for you?

Term/Expression	Meaning
National Data Protection Authority (or ANPD)	The public administration body responsible for overseeing compliance with the provisions of the LGPD (Brazilian General Data Protection Law) throughout Brazil.
Personal Data	Any information capable of identifying a natural person, directly or indirectly.
Sensitive Personal Data	Any Personal Data relating to racial or ethnic origin, religious beliefs, political opinions, membership of a trade union or religious, philosophical or political organization, as well as data concerning health or sex life, genetic or biometric data.
DPO (or Data Protection Officer)	This professional is responsible for acting as a communication channel between Skyone, data subjects, and the ANPD (Brazilian National Data Protection Authority). Their main objective is to ensure that Skyone complies with laws and regulations relating to privacy and data protection.
LGPD	General Law on the Protection of Personal Data (Federal Law No. 13.709/2018)
*Privacy by Design*	Privacy by design is the principle of the LGPD (Brazilian General Data Protection Law) that requires the protection of personal data to be considered from the very beginning of any company project, system, or process—and not just after it is already in operation. This means planning and adopting preventive measures to ensure the security and correct use of data from the very first moment.
Third parties	Any and all individuals or legal entities with whom Skyone interacts or may interact. This includes, but is not limited to, service providers, suppliers, consultants, partners, contracted or subcontracted third parties, regardless of whether a formal contract exists or not, including those who use the Company's name, provide materials, interact with public officials, the government, or other third parties on behalf of Skyone
Holder	The individual to whom the Personal Data refers.
Treatment	Any activity performed with Personal Data, such as collection, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, elimination, evaluation or control of information, modification, updating, communication, transfer, sharing, dissemination or extraction, according to Article 5, X, of the LGPD (Brazilian General Data Protection Law).

3. To whom does this Notice apply?

This Notice applies to (i) Skyone's individual and corporate clients; (ii) all third parties, whether individuals or legal entities, acting for or on behalf of Skyone in operations involving the Processing of Personal Data; and (iii) visitors to our Sites and users of our platforms.

This Privacy Notice also applies to the following websites:
1. http://www.skyone.solutions;
2. or https://www.skyone.cloud;
3. or https://support.skyone.cloud/;
4. or https://latamsuporte.skyone.cloud/;
5. or https://suporte.skyone.cloud/;

4. Children and Adolescents

Our services are not designed for, nor intended for, use by individuals under 18 years of age. For this reason, we do not collect or voluntarily solicit information from individuals under 18 years of age through the forms available on our services. Therefore, if we happen to receive information, we will delete it and not retain it in our databases. If you suspect that an individual under 18 years of age is using Skyone's services, you may send an email to: dpo@skyone.solutions.

5. What Personal Data of yours do we process?

In order to respect your privacy, we understand that any and all processing of personal data must be limited to the minimum necessary, in a relevant and proportionate manner, to allow the intended purpose to be achieved.

Therefore, the Personal Data we collect about you will vary depending on your relationship with us, whether you are a client, consumer, visitor, partner, or other.

Below, grouped into categories, we present the main Personal Data that may be processed by us:

Registration data: may include first and last name, date of birth, gender, ID number, and CPF (Brazilian tax identification number);
Qualifying data: may include residential/business address, area/department, nationality, parentage;
Contact information: may include landline or mobile phone numbers and personal and/or professional email addresses, information related to any user support services;
Professional information: may include profession, workplace, job title, and work history;
Financial information: checking account, bank branch, or other payment method used when contracting our services;
Social media data: social media profiles that you use to interact with us, primarily LinkedIn, Instagram, Threads, TikTok, YouTube, and Facebook;
Attributes associated with your electronic devices: IP address, user, access provider, operating system, browser (type, version, enabled options and installed plug-ins), video settings (size/resolution and number of colors), date and time of access, and pages viewed through cookies.

6. How and for what purpose do we use your information?

The information we process about you may have been provided directly by you to Skyone, by third parties, or even collected automatically through our platform and other channels.

Let's understand each of these data collection situations better?

a. Information provided directly by you

From the very beginning of your interaction with us, you voluntarily provide us with information about yourself. For example, when you contact us through social media or publicly tag us in a photo at an event. Or even when you use one of our customer service and support channels, or want to speak with one of our specialists. Furthermore, when you interact with the content on our Platform, register to participate in a selection process on our website, or subscribe to receive our newsletters.

b. Information obtained from third parties

In specific cases, we may also receive some of your Personal Data from Third Parties. For example, information provided by Skyone's contractors, such as employers, consultants, service providers, or suppliers who help us offer increasingly better products and services for you.

c. Information obtained automatically

In some situations, we may also automatically collect Personal Data through the devices you use to access our Platform. This information helps us generate access statistics and thus better understand our audience. This is important so that we can improve our Platforms and services and adapt them to the most diverse audiences. Some of this data may be collected through cookies or similar technologies, as we will explain in a specific section.

d. Publicly available information

There is also the possibility of collecting information about you that is publicly available and on social media (such as LinkedIn, Instagram, Threads, TikTok, YouTube, and Facebook).

Therefore, from the collection of your information, we can use it for several different purposes. Below, we list our main purposes, as well as the main groups of data used:

Personal data category	Purposes	Legal basis
Registration data; Qualification data; Contact information; Financial data.	To enable a service/product requested by you, we will process your data in order to provide the service/product you purchased.	Contract execution
Registration data; Contact information; Financial data.	To execute a contract you have entered into with us or to carry out pre-contractual due diligence: If you are a party to a contract with Skyone, or represent a company in a contract, we will process your Data for the conclusion and execution of the contract, to ensure the completion of the work and the respective payment.	Contract execution
Registration data; Qualification data; Contact data	Communication • We may process your Personal Data to respond to your requests or other interactions with us, such as via email, chat, or other tools on our websites. • To send relevant notices about our activities, such as changes of address and corporate structure. • To send updates that impact your relationship with us in the interest of transparency, for example, updates to this Privacy Notice.	Legitimate interest or Contract Execution
Registration data; Qualification data; Contact data	To comply with our legal or regulatory obligations, your Personal Data may be used to fulfill our obligations under the law and/or regulations of government agencies and orders or requests from tax authorities, the Judiciary, and/or other competent authorities. For example, we may process Personal Data for the issuance of invoices.	Compliance with a legal or regulatory obligation
Registration data; Contact information	To allow the regular exercise of our rights: Even after the termination of your relationship with us, we may process some of your Personal Data to exercise our rights guaranteed by law, including as evidence in judicial, administrative or arbitration proceedings.	Regular exercise of rights
Registration data; Contact information; Social media data; Attributes associated with your electronic devices.	To enable activities necessary for Skyone, we may also process your Personal Data in activities such as: improvements to our products and services, research and questionnaires, event promotion, sending gifts, relationship management with our clients and partners, company performance analysis and reports, and internal consultations. In activities supporting Skyone's interests, we will always observe the limits of your expectations, and the processing of Personal Data will not prejudice your interests, rights, or fundamental freedoms.	Legitimate interest
Registration information; Contact information; Professional information.	Recruitment and selection: We may process your Personal Data to receive your application (including through specialized websites), analyze your resume, verify your skills and curriculum information, and determine whether or not you meet the specific requirements of the position you applied for, as well as to proceed with the selection process, when applicable, in situations such as contacting you by phone or email and scheduling interviews.	Legitimate interest
Registration data; Contact information; Social media data; Attributes associated with your electronic devices.	Creating Interest Profiles: We may analyze your Personal Data to create a profile of your interests and preferences so that we can tailor and target our communications in a timely and relevant manner for you. We may use additional information about you when it is available from external sources to help us do this effectively. This allows us to be more focused, efficient, and economical with our resources and reduces the risk of you receiving information that is considered inappropriate or irrelevant.	Legitimate interest
Registration data; Contact information; Social media data; Attributes associated with your electronic devices.	Marketing Communications: We will only send marketing communications via email, text, and phone if you have explicitly given your prior consent. You can opt out of our marketing communications at any time by clicking the unsubscribe link at the bottom of our marketing emails or, in the case of text and phone calls.	Consent

**7. What are cookies and how do we use them?**

Cookies are text files that may be stored on your electronic devices when you visit our Sites. We use this tool for different purposes, such as generating access statistics and improving your experience on our Sites.

Below is a list of the types of cookies used and their purposes:

Cookie Type	What do they do?
Necessary/Essential	To ensure the proper functioning of our Sites, as well as to allow you to make use of all available features.
Performance/Analysis	They help us understand how visitors interact with our Sites by providing information about the areas visited, the time spent on the Platform, and any problems encountered.
Functional	They allow us to remember your previous choices, such as your browsing language. They are responsible for providing a personalized experience.
Marketing/Advertising	Used to provide more relevant and specific content tailored to your interests. They can also be used to deliver more targeted advertising or limit the number of times it is shown. Additionally, they allow for measuring the effectiveness of a launched campaign.

We would like to emphasize that necessary cookies are essential for the normal functioning of our Sites. This means that if you object to the use of this tool, it may compromise your experience or result in the suspension of your access.

You can manage your preferences at any time through our cookie banner or through our tool available at: https://skyone.solutions/pb/cookies/;

8. How long is your Personal Data kept?

Skyone retains Personal Data only for the period necessary to fulfill the purposes for which it was collected, including compliance with applicable legal, contractual, or regulatory obligations.

When Personal Data is no longer necessary for such purposes or when there is no legal basis for its retention, it will be deleted or anonymized, as applicable, in accordance with current legislation, especially article 15 of the LGPD (Brazilian General Data Protection Law), and in accordance with Skyone's internal data processing records.

9. Who has access to and with whom do we share your Personal Data?

We do not share your Personal Data with third parties for marketing purposes.

However, we may disclose your Personal Data to Third Parties in order to achieve the other purposes set out in this Notice. These Third Parties may include:

Companies within the Skyone economic group, so that we can provide our services and evaluate the efficiency of our customer service;
Business partners and service providers, to enable the operation of communication channels, as well as providing the necessary infrastructure for the viability of our services;
Hypotheses of some corporate operation, such as mergers, acquisitions, spin-offs and incorporations;
Administrative and judicial authorities when necessary to fulfill a legal obligation or to assist in the investigation of suspicious or illegal activities; and
Law firms, legal advisors, and other legal representatives when necessary to defend Skyone's interests in administrative, arbitration, or judicial proceedings

When we share your Personal Data in the situations described above, we use contractual instruments to ensure that any Third Party that receives it guarantees adequate protection for it.

10. International Data Transfer

Skyone adopts, whenever applicable, governance measures that include conducting Data Protection Impact Assessments (DPIAs), reinforcing our commitment to the principle of privacy by design and to the adoption of technical and organizational controls proportionate to the risks involved, identifying, assessing and mitigating risks before initiating processing.

Skyone may also review and update these assessments periodically, in accordance with technological advancements and changes in the operational context.

All Personal Data is stored in systems located in Brazil, the United States, Germany, and other regions such as Asia (including India and Saudi Arabia), when applicable, observing the appropriate levels of data protection required by applicable legislation. We may also relocate and store these systems in any other country that offers an adequate level of personal data protection or that observes the safeguards provided for in the LGPD (Brazilian General Data Protection Law) and, when applicable, in the GDPR (General Data Protection Regulation), always keeping them under our supervision and in a secure manner. All transfers will observe the principles of purpose, necessity, security, and transparency, ensuring the rights of data subjects.

In situations where it is necessary to share Personal Data with a third party located outside of Brazil, including Skyone group companies, in addition to guaranteeing the security and protection of Personal Data through a contract, Skyone will use one of the legal grounds for international data transfer authorized by applicable legislation, in particular those provided for in articles 33 et seq. of the General Data Protection Law (Law No. 13.709/2018) and in the ANPD's Regulation on International Data Transfer (Resolution CD/ANPD No. 15/2024).

Where applicable, Skyone will also observe the obligations set forth by the European Union's General Data Protection Regulation (GDPR), including the application of approved standard contractual clauses, additional contractual guarantees, and respect for the rights of data subjects residing in the European Union.

11. What are your rights?

Whatever relationship you choose to establish with Skyone, you are guaranteed all rights relating to your Personal Data as provided by law, including:

Confirmation and Access Rights. You have the right to confirm what data about you is processed and to request access to what we hold about you. You also have the right to request a copy of the information we hold about you, and we will provide this to you unless legal exceptions apply. To access your information, please send a description of what you wish to see and proof of your identity so that we can validate and return your information.
Right to correct incomplete, inaccurate, or outdated data. You have the right to have your Personal Data corrected if it is incomplete, inaccurate, or outdated. The accuracy of your information is important to us, so we are working on ways to make it easier for you to review and correct the information we hold about you.
Anonymization, blocking, or deletion of unnecessary, excessive, or unlawfully processed data. You have the right to request that we anonymize, block, or delete unnecessary, excessive, or unlawfully processed data.
Right to erasure and/or revocation of consent. You can ask us to delete your Personal Data processed with your consent. In some cases, it will be necessary to retain this information, such as to comply with a legal or regulatory obligation or to maintain anonymized data.
Right to data portability. You can ask us to send your Personal Data to another service provider.
Right to object. You have the right to object to the Processing where we use your personal information (1) based on legitimate interests, (2) for direct marketing or (3) for statistical/research purposes.
Right to information from public and private entities. You have the right to obtain information about public and private entities with which we have shared your Data.

We may be required to request further information and/or proof of identity. We will strive to fully respond to all requests within the timeframe stipulated by applicable law. However, if we are unable to do so, we will contact you explaining any reasons for the delay.

Requests involving Personal Data and/or documents of other Data Subjects will not be fulfilled, except by means of a power of attorney, parental authority, or other circumstance that authorizes you to exercise the rights of another Data Subject.

It is important to note that, under specific circumstances, your request may not be fulfilled. In these cases, we will explain the reasons for the non-fulfillment.

12. Your choices and how to exercise your rights

If you do not wish to receive direct marketing communications and have any questions regarding the processing of your data, or wish to exercise your rights as a data subject, you can submit your request using the form available at: https://skyone.solutions/juridico-e-grc/requisicao-de-dados-lgpd-skyone/

We are committed to putting you in control of your Data at any time, as follows:

The form mentioned above;
Email: dpo@skyone.solutions;
Our DPO: Renata Miziés de Barros – email: dpo@skyone.solutions

To do this, we ask that you identify yourself and indicate which right you wish to exercise. If you have any questions, please do not hesitate to contact us.

13. How do we keep your Personal Data secure?

We have internal policies and procedures that determine how Personal Data should be handled by Skyone. These guidelines aim to ensure the proper and lawful processing of the Personal Data we hold.
When you provide us with Personal Data, we take steps to ensure that appropriate technical and organizational controls are in place to protect it.
Any sensitive personal data that is processed is protected with 128-bit SSL encryption software and stored using cybersecurity systems.
Once we receive your information, we make every effort to ensure its security on our systems. It's important to note that where we have given (or where you have chosen) a password that allows access to certain parts of our Platform or Website, you are responsible for keeping that password confidential. We ask that you do not share your password with anyone.

In addition to these organizational and governance measures, we have adopted several other technical measures that ensure even greater security for your Personal Data, such as:

We maintain processes for detecting, resolving, preventing, and reducing the occurrence of privacy, data protection, and cybersecurity incidents, providing increasingly reliable, available, and secure computing environments
We adopt processes that include, but are not limited to: scanning for external and internal vulnerabilities; scanning the dark web; applying software patches; updating operating system versions; updating database versions; and scanning and mapping open ports
Analysis and management routines associated with monitoring and alerting of security events using XDR (Extended Detection and Response) technology.
Strict control of the processing of personal data, including access restriction and password-protected access;
The existence of an information security program;
Implementing segregation of access to Personal Data;
Guidelines for password protection; and
Access to services exclusively through secure networks.

In line with our commitment to privacyby, before implementing any high-risk data processing systems or processes, we conduct Data Protection Impact Assessments (DPIAs) to identify potential risks and define proportionate security and governance controls, as provided for in applicable legislation and ANPD guidelines.

14. How do we keep your Personal Data secure?

Our website may contain links to other websites operated by other organizations. This Notice applies only to Skyone Sites and the Personal Data we process, so we encourage you to read the privacy statements on other websites you visit. We cannot guarantee the accuracy and content of the privacy policies and practices of other websites, even if you access them using links from our Site.

Furthermore, if you are linked to our Site from a third-party website, we cannot be responsible for the privacy policies and practices of the owners and operators of that third-party website; therefore, we recommend that you check their privacy policy.

15. Changes to this Notice

This Privacy Notice may be updated periodically. The current version is always the one published on this page.

Any changes will be posted on this Site, so we recommend that you check this page periodically to stay informed. If any significant changes are made, we will make that clear on this Site.

This Privacy Notice was last updated on January 15, 2026.

Skyone Code of Conduct.

Hello! This Code of Conduct reflects the ethical and behavioral standards that guide every Skyowner and everyone who interacts with Skyone. Use the side menu to navigate the document.

Message from the Board of Directors

The longevity of our business depends directly on how each Skyowner acts inside and outside the company, and is based on the values and standards of integrity adopted at Skyone. Ethics is not bureaucracy. It's what allows us to grow rapidly without losing the trust of everyone who interacts with us.

The cloud that securely scales AI is not just a market positioning: it's a commitment to ethical principles that we renew every day in every decision, every line of business, every interaction with our customers, employees, partners, suppliers, and third parties.

Therefore, this Code of Conduct reflects who we are today and who we want to be tomorrow!

"The ultimate success of our dealings with everyone and everything depends not only on what we do, but on how we do it."

Field of Application

Hello! This Code of Conduct reflects the ethical and behavioral standards that guide every Skyowner and everyone who interacts with Skyone.

He embodies our values: trust, collaboration, a sense of prioritization, a nonconformist attitude, and tireless dedication to achieving our mission of positively impacting the productivity of 1 million people by 2028, simplifying reality to deliver the Cloud that scales AI securely.

Who We Are and Why We Exist

Purpose and Mission

Simplify reality. Impact tomorrow.

We work with what is invisible, yet essential to moving the world forward. With the integrating power of technology in our hands, we simplify today to impact tomorrow, evolving businesses, solidifying careers, and building a more prosperous society. And we do it the right way.

Vision

To positively impact the productivity of 1 million people by 2028.

Every hour saved is a barrier broken down. Every business that scales is a step towards a more productive future for everyone. With responsibility at every step.

Positioning

Skyone is the cloud that securely scales AI.

We operate at the intersection of cloud computing, data, artificial intelligence, and cybersecurity, delivering technology that truly works, with the reliability our clients and partners deserve. Technical security and ethics: the two go hand in hand here.

Our Values

Trust

We build relationships of trust. We consider the impact of our words and actions. We care about the beginning, middle, and end of everything we do. Because trust is built on consistency, not convenience.

Collaboration

We work to delight and simplify the daily lives of our clients and partners. We contribute constructively to achieving shared goals. Effective collaboration requires mutual respect as its foundation.

Sense of Prioritization

We are decisive and assess the impact of our priorities. We are agile in decision-making. And without compromising quality and integrity.

Nonconformity

We are nonconformists. We challenge ourselves to always do better. And ethically.

Tireless

We overcome challenges to deliver what matters: impactful results. And we remain equally tireless in our principles.

To Whom Does This Code Apply?

This Code applies to all Skyowners (regardless of position) and serves as a guide to principles and best practices in relationships with business partners, suppliers, franchisees, and third parties to promote a transparent, ethical, and mutually respectful professional environment, regardless of location, language, or mode of interaction (in-person, remote, or hybrid).

Essential Terms and Definitions

Public Official: Any person who performs a public function, whether temporary or permanent, paid or unpaid.

Senior Management: Executive leaders, shareholders, board members, and directors of Skyone.

Workplace Harassment: Repeated or systematic abusive behaviors that cause harm to someone's personality, dignity, or physical or psychological integrity due to a work relationship, including virtual environments such as email, messaging, video conferencing, and social media.

Sexual Harassment: Behaviors of a sexual nature, expressed physically, verbally, through gestures, or by digital means, imposed on someone against their will, violating their sexual freedom, regardless of the position, hierarchy, or environment in which they occur.

Collaborator(s): All Skyone employees with permanent contracts, temporary contracts, interns, and apprentices.

Corruption: Abuse of power or position to obtain personal benefits or undue advantages.

DEI (Diversity, Equity and Inclusion): Principles that guide Skyone's policies and practices in recognizing and valuing differences, promoting representation, equal opportunities and a work environment free from any form of prejudice or exclusion.

Family and Relatives: Spouse, partner in a stable union, parents, children, siblings, relatives by affinity or adoption, as well as people with whom the employee maintains a publicly known affective relationship and who may influence or be influenced by their professional decisions.

GRC (Governance, Risk and Compliance): The area responsible for ensuring that Skyone operates with integrity, within the rules and with the right controls, protecting the company, the people who are part of it and those who trust us.

LGPD (General Data Protection Law): Federal Law No. 13.709/2018 that establishes guidelines for the protection of personal data.

Anti-Corruption Law: Federal Law No. 12.846/2013, which deals with the administrative and civil liability of companies for acts of corruption against the public administration.

Skyowner: This is what we call every person who is part of Skyone, including executive leaders, Directors, employees, interns, and apprentices. The term is part of our culture, where everyone is responsible for the impact of their actions, and it does not change the nature of each person's professional and employment relationship with Skyone.

Operational Guidelines

Legal and Regulatory Compliance

Skyone operates in full compliance with the laws and regulations of Brazil and the countries where it operates. This includes labor, tax, data protection, anti-corruption, competition, and specific technology sector regulations.

If you identify any situation that violates our internal rules or current legislation, please report it immediately through the Ethics Channel: https://skyone.denuncia.pro.

Data Protection and Privacy

Data is a critical strategic asset, and protecting it is everyone's responsibility. Skyone operates under the principles of the LGPD (Brazilian General Data Protection Law) and international best privacy practices, including the GDPR (General Data Protection Regulation) for operations with European reach.

Every Skyowner must:

Protecting personal and corporate data against unauthorized access, alteration, destruction, or disclosure.
Do not share data with people without proper authorization.
Use Skyone's resources and systems exclusively for legitimate operational purposes.
To ensure that systems and information are protected in accordance with Information Security standards.
Store documents in official repositories approved by Skyone, including certified cloud services.
Immediately report any incident or suspected data breach to the Information Security and GRC departments.
Respect data protection guidelines in remote work environments.

Cybersecurity

Cybersecurity is part of Skyone's DNA. In a context of exponential growth in digital threats, every Skyowner is a line of defense. This means:

Never share passwords, credentials, or system access information.
Use multi-factor authentication (MFA) whenever available.
Immediately report any suspicious emails, links, or requests that may be phishing or social engineering attempts.
Do not install unapproved software on company devices.
Apply the principle of least privilege: access only what is necessary for your role.
Follow the policies for classifying and handling sensitive data, including customer data, partner data, and intellectual property.

Company Assets and Property

Each Skyowner is responsible for the company's assets and property, including physical and digital assets, clients, and partners. This includes equipment, software, intellectual property, data, and cloud infrastructure.

Use Skyone's resources exclusively for authorized professional purposes.
In case of loss, theft, or misuse, immediately notify your manager and follow internal procedures.
In case of termination, return all equipment and any items provided by Skyone within the stipulated timeframe and in good condition.
Inventions, discoveries, and improvements made during the work period belong to Skyone.

Work Environment

Our Culture

Skyone believes that safe, inclusive, and psychologically healthy work environments generate the best results. Every Skyowner has the right and responsibility to contribute to a culture of respect, openness, and mutual growth.

Regardless of position, location, or type of work, we treat all people with courtesy, respect, and dignity. Period.

Expected Behaviors

Acting with objectivity and clarity strengthens respect and trust in relationships.
To encourage teamwork focused on achieving the best results for Skyone and its clients and partners.
Respect the authorship, merit, and contributions of all.
Be transparent and disclose any conflict of interest.
Practice open dialogue and listen respectfully to other perspectives.
Prioritize collective well-being in day-to-day decisions.

Unacceptable Behaviors

Any form of discrimination: based on race, color, gender, sexual orientation, religion, origin, social class, age, physical or mental condition, marital status, or occupation.
Moral or sexual harassment, whether in person or in digital environments.
Use of company resources for unauthorized personal purposes.
Engaging in personal activities during work hours in a way that jeopardizes deliverables.
Unethical or illegal behavior, or behavior that violates this Code.
Consuming alcohol beyond reasonable limits at Skyone social events, or using any illicit substances on Skyone premises or during professional activities.
Carrying weapons on company premises is prohibited, except when required by the job.
Sharing credentials or system access with unauthorized third parties.
Filming, photographing, or recording on Skyone premises in a way that compromises its image.

Moral and Sexual Harassment

Skyone has zero tolerance for any form of harassment. We strictly follow Law 14.457/2022, which addresses the fight against sexual harassment and other forms of violence in the workplace.

Harassment, whether moral or sexual, can result in immediate disciplinary measures, including dismissal for cause, as well as civil and criminal liability.

Any such situation should be reported immediately through the Ethics Channel (https://skyone.denuncia.pro), with complete confidentiality guaranteed.

Diversity, Equity and Inclusion

Skyone values diversity. We believe that diverse teams make better decisions, innovate more, and build more inclusive products. Our culture of inclusiveness is not a one-off initiative: it's an everyday practice.

Our commitments:

To recruit, promote, and reward based on merit, ensuring equal opportunities.
To assemble teams that reflect the diversity of our country and the world.
To make decisions free from bias or personal preferences.
Respect religious beliefs and political opinions, without using company spaces for proselytizing.
Report any discriminatory behavior you witness through the Ethics Channel.
To create an environment where everyone feels like they belong and are safe to be themselves.

Romantic Relationships

Skyone respects the personal life of each Skyowner. Romantic relationships between employees are permitted, but should not interfere with professional conduct, business decisions, or the work environment. If a relationship develops into a union (formal, informal, or stable), those involved must inform their respective managers so that the necessary adjustments to internal regulations can be made.

Health and Safety

All Skyowners are entitled to a safe and healthy work environment, both physically and psychologically. Mental health is just as important as physical health, especially in a high-performance environment.

Expected behaviors:

Follow Skyone's health and safety rules and procedures.
Refuse activities that pose a risk to your own safety or that of your colleagues.
Report any unsafe conditions, accidents, or work-related illnesses to the Human Resources department.
Only engage in activities for which you are qualified, authorized, and in good physical and mental condition.
Comply with the requirements for periodic occupational health examinations.

Clothing and Presentation

Skyowners represent the image of Skyone. The dress code and personal presentation guidelines follow the Human Resources department's directives, consistent with the company's values and culture.

External Relationships

Customers

Our customers are the reason we exist. Our relationship with them must be based on honesty, efficiency, and a genuine commitment to their needs.

What we expect from every Skyowner:

Treat customers with respect, courtesy, and efficiency.
To provide accurate, clear, and transparent information, never incorrect or misleading.
To fulfill all agreements, while preserving Skyone's credibility and image.
Never neglect customer service, regardless of the client's size or value.
Never use illicit means, payments, undue benefits, or any form of bribery to gain or retain clients.

Suppliers and Business Partners

Skyone chooses partners who share its values. We expect the same level of integrity from our suppliers that we demand from ourselves.

What we expect from every Skyowner:

Treat suppliers with respect and honesty.
Hire only partners who do not exploit child labor, forced labor, or any form of human rights violation.
Do not accept services or materials outside the scope of the signed contracts, even if they seem advantageous.
To protect the technical, commercial, financial, and strategic information shared in partnerships.
Avoid maintaining relationships with suppliers that create undeclared conflicts of interest.
Do not do business with partners who violate this Code of Conduct.

Competitors

Skyone believes in healthy competition and a free market. We compete based on innovation, quality, and delivered value.

Never speak incorrectly, misleadingly, or defamatoryly about competitors.
Obtain market information only through legal and ethical means.
Respect the intellectual property and confidential information of other companies.
Report any situation that may constitute anti-competitive practice to the Ethics Hotline.

Press and Corporate Communication

Skyone's external communication is the responsibility of the Marketing department, with support from GRC where applicable. Only authorized individuals may speak on behalf of the company to the press or in public forums.

Do not make public commitments on behalf of Skyone without authorization.
Do not disclose privileged information, even after your relationship with Skyone has ended.
Accounting records must comply with all tax laws and regulations, under the responsibility of the Controllership area.

Trade Unions and Labor Representation

Skyone recognizes unions and representative entities as legitimate interlocutors in labor relations. We value ongoing dialogue and freedom of association.

Anti-corruption and Integrity

Skyone has zero tolerance for corruption in any form, whether passive, active, direct, or indirect.

All Skyone business dealings are conducted within the bounds of legality and ethical principles. We strictly adhere to the Anti-Corruption Law (Law 12.846/2013) and adopt international standards such as the FCPA (USA) and the UK Bribery Act for our global operations.

Good Anti-Corruption Practices

Do not offer, promise, or grant undue payments, gifts, or advantages to public or private officials.
In meetings with public officials, attend accompanied by at least one Skyone colleague and do not incur any expenses during these meetings.
To transparently record all relevant interactions with the public sector.
Report any suspicious request or situation immediately to the GRC or Legal department.
Include anti-corruption clauses in all relevant contracts.

Invitations, Gifts and Courtesies

Accepting gifts or courtesies is permitted only when:

The amount cannot exceed half of the current minimum wage.
The gift should have the giver's identification on it.
Not to influence any business decisions.
Respect the minimum interval of 12 months since the last gift received from the same source.

Donations, Sponsorships and Charity

Any donation, sponsorship, or act of charity on behalf of Skyone requires prior approval from the relevant departments to ensure integrity, alignment of values, and absence of conflicts of interest, and must comply with due diligence procedures and authority limits defined in the respective internal policies.

Conflict of interest

Conflict situations arise when the personal interests of a Skyowner interfere, or appear to interfere, with the interests of Skyone or its stakeholders. Transparency is our main management tool. In case of doubt, a suspicious situation, or identification of a real or potential conflict, the way forward is transparency: immediately inform the GRC team so that we can clarify and mitigate risks efficiently. Here are some examples:

Situations that require immediate declaration

Direct family member working for Skyone's clients, suppliers, or competitors.
Significant financial stake in companies with which Skyone has or may have a business relationship.
A second job or self-employment that may conflict with activities at Skyone.
Any situation in which personal interests may influence professional decisions.

The hiring of relatives requires prior and formal authorization from the Compliance Department and the Human Resources area, after analysis of the hierarchical structure, activities performed, and direct interactions between the areas.

General Limitations

The following situations are prohibited, regardless of authorization:

Filming, photographing, or recording inside Skyone in a way that compromises its image in the market.
Circulating raffles, petitions, distributing invitations, or conducting any type of commerce on Skyone premises is prohibited.
Using the Skyone name or brand for personal activities or benefits.
Conducting political campaigns or posting materials of any kind without authorization.
To share professional knowledge and confidential information acquired at Skyone.
Promoting external conferences or publishing articles about Skyone without authorization.

Social Networks and Digital Communication

In the digital world, every Skyowner is a brand ambassador, consciously or not. By linking your professional profile to Skyone (especially on LinkedIn), you become part of our public image.

Guidelines

Maintain a posture aligned with Skyone's values across all digital platforms.
Do not make any commitments on behalf of Skyone without authorization.
Do not criticize colleagues or the company on public channels; use internal channels or the Ethics Hotline.
Do not share content that contains defamation, slander, discrimination, or intolerance.
When accepting connections that present themselves as Skyowners, verify their authenticity to avoid fraud.
Misuse of the Skyone brand in embarrassing situations may result in disciplinary action.

Corporate Email and Digital Tools

Skyone's corporate email and digital tools are work resources. Moderate personal use is tolerated, provided the content does not include material related to competitors, personal promotions, paid side activities, or any inappropriate content.

Social and Environmental Commitment and ESG

Skyone understands that technology and social and environmental responsibility go hand in hand. The cloud that scales AI securely also needs to scale sustainably.

Our ESG commitments include:

Continuously reduce the consumption of electricity, water, plastics, and disposable materials.
Encourage recycling and circular economy practices.
Operating with energy-efficient cloud infrastructure.
To develop and operate projects while minimizing environmental impacts.
To contribute to a more just, inclusive, and egalitarian society, beyond our own walls.

Ethics and Whistleblowing Channel

Skyone's Ethics Hotline is the primary mechanism for reporting violations, ethical questions, and suspicious situations. All reports are handled confidentially and seriously by the Ethics Committee.

How it works:

Any Skyowner, partner, or third party may report situations that violate this Code.
The whistleblower's anonymity is protected — there will be no retaliation for reports made in good faith.
The complaints are reviewed by Skyone's Ethics Committee.
The Ethics Committee determines the appropriate measures for each case.

What should be reported:

Violations of this Code of Conduct or Skyone's internal policies.
Suspicions of corruption, fraud, or unethical behavior.
Cases of workplace harassment or sexual harassment.
Situations of discrimination or violation of rights.
Information security incidents or data breaches.
Any conduct that jeopardizes the integrity of Skyone or its stakeholders.

Confidential space for reporting misconduct. Access it via the link.

Handling Nonconformities and Penalties

Failure to comply with this Code or Skyone's internal policies will have consequences proportionate to the seriousness of the situation and applicable law.

Disciplinary measures include:

Formal warning
Suspension
Dismissal for just cause — including for serious cases without the need for recurrence
Civil and/or criminal liability, in accordance with current legislation

Skyone can take immediate action when the seriousness of the situation demands it, without needing to wait for recurrences.

Duties and Responsibilities

Senior Management

Lead by example. Promote, follow, and highlight the values and behaviors of this Code in all decisions and interactions.

Leaders

Disseminate, model, and ensure that everyone on your teams knows and follows this Code. Ethical leadership starts at the top.

All Skyowners

To know, follow, and be an active agent in disseminating this Code. Upon joining Skyone, each employee signs the Code of Conduct Commitment Agreement.

Validity and Revision

This Code of Conduct comes into effect upon its publication on Skyone's official communication channels and will be periodically reviewed to reflect best market practices, regulatory changes, and Skyone's own evolution.

Conclusion

This Code is a set of principles to unleash the best in every Skyowner. Ethics, integrity, and trust are what allow us to grow rapidly, scale safely, and impact the lives of 1 million people by 2028. Every decision counts. Every action matters. Tomorrow starts now.

"The cloud that scales AI securely, ethically, always."

Doubts?

Contact the Governance, Risk and Compliance (GRC) area; we are here to guide you, not to judge you.

Review Participants

Renata Miziés de Barros

Legal and Compliance Director

Change and Approval History

Version	Date	Change	Responsible
1.9	27/11/2018	Finalization of the Initial Version	Lauro de Lauro
2.0	03/12/2018	Final Review for Release	Lauro de Lauro
2.1	20/03/2019	Final Version	Aila Braga
3.0	23/05/2022	Final Version	Lauro de Lauro
3.1	22/03/2024	Full review	Renata Miziés de Barros
4.0	27/03/2026	Full review	Renata Miziés de Barros