| Code of Ethics & Business Conduct | 2024 20 Non-public information While working at the Company, Affirmers may have access to non-public information (including trade secrets and personal data) about the Company, our customers, or our merchant partners. This information could cause harm if made public without permission, and could be in violation of law. Affirmers all have a responsibility to protect this information from unauthorized access and disclosure. Some examples of non-public information include, but are not limited to: Treat our non-public information with carejust as you would your own personal information. You should follow the requirements outlined in our Information Security Policy and Privacy Policy when handling or sharing any non-public information. Before sharing any non-public information outside of the Company, consult with the Ethics team even if you think you have permission to disclose it and be sure to have a Non-Disclosure Agreement (NDA), a Data Sharing Agreement (DSA), and/or a Data Processing Addendum (DPA) in place, as applicable. Always properly label and identify any information with the appropriate classifications in accordance with the Data Classification Policy. Be mindful of the risks associated with sharing different data types as identified by their classification. Do not share our non-public information with Generative AI tools (e.g., ChatGPT or Bard) unless the tool is an approved vendor and sharing non-public information is explicitly authorized. Additionally, your use of the tool should be in accordance with the Acceptable Use Policy and Open Source Policy. Once you confirm you can disclose non-public information to a particular party, please continue to be cautious. Affirmers must not use, reveal, or divulge any such information except as permitted and strictly necessary. Make sure the person who receives the information understands any restrictions related to its use or dissemination. Generally, access to non-public information should be provided on a need-to-know basis and must be authorized in writing by your manager. Business plans and strategie Budgets, projections, forecasts, and result Financial and operating informatio Technical dat Sales goals and marketing plan Unpublished data and report Business contract Database Employee, consultant, and contractor personal informatio Customer and merchant partner informatio Compensation information (where such information is learned solely through the performance of your job duties) Intellectual property and know-ho Confidential Supervisory Information (CSI), pertaining to our regulator Other Affirm-internal data or information P r o t e c t i n g o u r c o m p a n y