This Information Security Policy outlines CFEX's approach to protecting information assets, maintaining data confidentiality, integrity, and availability, and complying with applicable regulations and industry standards.

CFEX is committed to implementing and maintaining a comprehensive information security program that addresses the evolving threat landscape and protects the interests of our customers, employees, and stakeholders.

• Confidentiality: Protecting sensitive information from unauthorized access, disclosure, or use.
• Integrity: Ensuring the accuracy, completeness, and reliability of information throughout its lifecycle.
• Availability: Ensuring information and systems are accessible to authorized users when needed.
• Compliance: Adhering to applicable laws, regulations, and industry standards.
• Continuous Improvement: Regularly evaluating and enhancing our security posture.

CFEX implements a range of security controls to protect our information systems and data, including but not limited to:

• Access control and authentication mechanisms
• Encryption for data at rest and in transit
• Regular security assessments and penetration testing
• Security monitoring and incident response
• Employee security awareness training
• Change management and system hardening
• Business continuity and disaster recovery planning

CFEX is committed to protecting personal and sensitive data in accordance with applicable data protection laws and regulations. We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.

For more detailed information on how we process personal data, please refer to our Data Processing Agreement.

CFEX is committed to complying with all applicable information security laws, regulations, and industry standards, including but not limited to:

• GDPR (General Data Protection Regulation)
• CCPA (California Consumer Privacy Act)
• ISO 27001 Information Security Management System
• SOC 2 Type II

This Information Security Policy is reviewed annually and updated as needed to reflect changes in the threat landscape, regulatory requirements, and CFEX's business operations.