Jump to main content

Este conteúdo também está disponível em Português.

Cybersecurity Policy

Presentation

At Nubank we develop simple, secure, and 100% digital solutions for you to have control of your money literally in your hands. We value our customers and understand how important cybersecurity is to enable them to enjoy our services with peace of mind.

The security of your data is in our DNA and we provide here a summary of our Cybersecurity Policy so you can learn more about our guidelines for protecting your data.

Security objectives

Our CYBERSECURITY POLICY describes the purpose of information security of Nubank, which guarantees the three keys pillars of security:

  1. Confidentiality: a condition where only authorized users have permission to access information;
  2. Integrity: a condition where only authorized changes can be made to the data;
  3. Availability: a condition in which the data must be available to authorized users when requested.

Guidelines

  1. Classify data according to its criticality and sensitivity to the business and its customers, so that adequate security is applied to reduce vulnerabilities, according to the following levels:
  • Confidential;
  • Restricted or Internal Use;
  • Public.
  1. Apply the defense-in-depth strategy by implementing more than one layer of security to mitigate the possible compromise of one of the layers of defense;
  2. Maintain the ability to prevent, detect and reduce vulnerability to incidents related to the cyber environment, using records of traceability of data manipulation of the company and its customers;
  3. Ensure that the data of the company and its customers are accessed and manipulated by authorized persons and securely;
  4. Protect technological assets and establish procedures for monitoring company networks and employee machines to detect intrusions
  5. Conduct incident monitoring and response, following the steps of detection, emergency mitigation, and root cause analysis;
  6. Develop incident scenarios for periodic continuity testing;
  7. Ensure team awareness through mandatory training and periodic assessments.

Nubank's Cybersecurity Policy is reviewed at least annually.