| Code of Ethics & Business Conduct | 2024 19 Information security and privacy As a financial technology company, some of our most valuable assets are intangible. Information drives our business and allows us to connect people globally. Our non-public information, including intellectual property and personal data, is an important asset and critical to our business. Both our information systems and our data are especially vulnerable to security risks. Protecting our information systems When using our information systems and technology, do your part to protect them from viruses, data breaches, and other risks. Never: Refer to the Information Security Policy and Acceptable Use Policy for additional information. Respecting intellectual property The innovative ideas, works, and solutions we develop in our work, such as copyrights, trademarks, patents, utility designs, industrial and community designs, trade secrets, know-how, databases, and the Affirm brand, are all forms of intellectual property. Protect our intellectual propertynever disclose it to a third party without legal approval and a Non-Disclosure Agreement (NDA) in place. Also, remember that anything you create, invent, design, or develop within the scope of your work for Affirm is either the sole property of or must be transferred to the Company pursuant to your respective employment agreement. Our responsibilities also include respecting the intellectual property rights of others. We take care not to infringe copyrights, trademarks, patents, or other rights of third parties. Intellectual property is a critical component of our business and the business of others. We all must do our part to ensure that it is protected. You should ensure that your work for Affirm is either original or that you have secured the necessary permissions or licenses for any third-party intellectual property you might use. If using open-source code or code generated using generative AI tools (e.g., ChatGPT or Bard), you should ensure compliance with the Open Source Policy. Install unapproved software, applications, or hardware Use unauthorized devices to access our network Access unauthorized websites Share passwords, access codes, or non-public data without authorization; o Open suspicious or unsolicited email. P r o t e c t i n g o u r c o m p a n y