Internal Policies

Last updated: February 7, 2026

1. General Principles and Purpose of This Document

1.1 Purpose: To establish the internal guidelines that govern conduct and practices at Keybe Inc., ensuring that all team members act in alignment with the company’s core values and in compliance with international standards. This document aims to foster a healthy, ethical, and safe organizational culture where each team member’s potential is fully realized.

1.2 Vision and Values: These policies are inspired by the vision set forth in the Keybe Manifesto, in which the company advocates for transforming society through empathy, optimism, and creativity, unlocking the true potential of people. At its core, Keybe is guided by principles of ethical conduct that always put people first, safeguarding their integrity, safety, and protection as a fundamental premise. In alignment with this approach, the company promotes respect for human dignity, responsible innovation, and a balanced relationship between technology and nature, challenging us to bring out the best of our energy and abilities every day.

1.3 Scope: These internal policies apply to all members of the organization, including executives, employees, vendors, contractors, partners, shareholders, and temporary collaborators, across all geographies where Keybe operates. Each section of this document outlines specific guidelines, such as AI ethics, data protection, and conduct, that complement Keybe’s public terms and conditions and reflect international best practices in each respective area.

1.4 Compliance and Accountability: All team members are responsible for knowing and complying with these policies. Lack of awareness does not exempt anyone from their observance. The company expects each individual to demonstrate personal commitment to these principles, acting with integrity even in the absence of direct supervision. Adherence to these policies contributes to a strong corporate culture and to Keybe’s reputation as an ethical and trustworthy technology company.

2. Ethics in the Use and Development of Artificial Intelligence

Keybe is a technology company that uses artificial intelligence (AI) at the core of its products and processes. For this reason, it maintains a strong commitment to ethics in the development and use of AI, aligned with international standards such as those established by the OECD, UNESCO, and IEEE. The company ensures that its AI practices respect human rights and promote social well-being, avoiding any misuse or harm. Specifically, we are guided by the following principles:

  • AI in Service of People: The AI developed by Keybe must serve people and the planet, contributing to inclusive growth, sustainable development, and overall well-being. AI systems are designed to respect human rights, democratic values, and diversity, and to incorporate safeguards, such as human intervention when necessary, to help ensure a fair and equitable society.
  • Transparency: Keybe’s AI systems operate with transparency and responsible disclosure, ensuring that individuals are aware when they are interacting with artificial intelligence and can question or request a review of automated decisions. Key algorithms and decision-making processes are documented to enable explainability when needed.
  • Security and Robustness: Our AI solutions must be technically robust, reliable, and secure throughout their entire lifecycle. Keybe continuously assesses and manages potential risks, including bias, errors, and vulnerabilities, in order to proactively minimize them. Security also includes preventing unfair bias in models and conducting rigorous testing before deployment in environments that may impact real users.
  • Responsibility and Accountability: Both the organization and the teams and individuals who develop or manage AI at Keybe are accountable for its proper functioning and outcomes. Ethical review and audit processes are in place, and clear ownership is assigned to ensure accountability in the event of failures or negative impacts, in line with the principles outlined above.
  • Responsibility and Accountability: Both the organization and the teams and individuals who develop or manage AI at Keybe are responsible for its proper functioning and outcomes. Audit and ethical review processes are in place, and clear accountability is assigned to designated owners who must answer for any failures or negative impacts, in alignment with the principles outlined above.

Additionally, Keybe adopts the guidelines set forth in UNESCO’s Recommendation on the Ethics of Artificial Intelligence, approved in 2021 by 193 Member States. These guidelines emphasize, among other principles, proportionality and the principle of “do no harm,” meaning that AI should be used only for legitimate purposes while minimizing adverse impacts, as well as safety and risk prevention, the right to privacy and data protection, transparency and explainability of systems, appropriate human oversight, and accountability for AI-driven actions.

All of these ethical values and principles are an integral part of Keybe’s AI development lifecycle, from the initial conception of a model through its implementation and ongoing maintenance. Continuous training on AI ethics is provided to our teams, and a culture is encouraged in which any team member can raise ethical concerns about an AI project without fear of retaliation (see Section 8 on risk reporting).

3. Personal Data Protection and Confidentiality

The protection of personal data and the confidentiality of information are absolute priorities for Keybe. The company is in the process of implementing a robust Information Security Management System (ISMS), aligned with international standards such as ISO/IEC 27001 and NIST best practices, to safeguard the integrity, confidentiality, and availability of the data it handles. In line with this approach, the following policies and measures are adopted:

3.1 Privacy Regulatory Compliance: Keybe complies with applicable data protection laws and regulations in all jurisdictions where it operates, including the EU General Data Protection Regulation (GDPR) and equivalent local laws. Clear policies are in place for the handling of personal data, with well-defined retention limits and compliance obligations established in accordance with recognized standards, such as ISO 27001 control A.18.1.4 on privacy. Privacy regulation is approached with a global scope, meaning that when we process data belonging to individuals in the European Union or other regions, we fully adhere to the relevant legal requirements.

3.2 Data Processing Principles: All personal data processing at Keybe is governed by the principles of lawfulness, fairness, transparency, and data minimization. Data is collected only for legitimate and explicit purposes, and its use is limited to the purposes communicated to and consented by the data subjects. The collection or retention of data beyond what is strictly necessary is avoided. Sensitive data is subject to additional protections, in accordance with applicable regulations, including explicit consent where required.

3.3 Security Measures and Access Controls: The company implements technical and organizational measures to protect data against unauthorized access, alteration, loss, or improper disclosure. These measures include encryption of sensitive information, role-based access controls, strong authentication, firewalls, regular backups, and continuous monitoring for potential security breaches. Any incident that compromises personal data triggers incident response and notification protocols, in accordance with applicable laws, such as notifying authorities and affected individuals within legally required timeframes in the event of a data breach.

3.4 Confidentiality and Duty of Secrecy: All team members have an explicit duty to maintain the confidentiality of the company’s and its clients’ confidential information. This duty extends to personal data, trade secrets, business strategies, source code, and any non-public information. Many of our clients entrust Keybe with their data under privacy agreements, and the company ensures that such client data remains their property and is used solely for the purposes authorized under the contract.

Each team member signs a non-disclosure agreement (NDA) upon joining and receives training on information handling policies. The disclosure of confidential information to unauthorized third parties is strictly prohibited, even after the employment or contractual relationship has ended.

3.5 Team Member Responsibility: Information security is a shared responsibility. Individual responsibilities related to data protection and information security are defined, communicated, and acknowledged by every employee, contractor, or third party who interacts with Keybe data. Each team member is expected to comply with these policies, exercise due care in handling information, such as not leaving sensitive documents unattended or sharing passwords, and promptly report any security incident or suspected data breach to the appropriate teams (see Section 8).

Maintaining the trust of our clients, partners, and colleagues is essential. For this reason, protecting the information entrusted to us is a core part of our values and organizational culture.

4. Conduct and Organizational Culture

Keybe strives to maintain an exemplary organizational culture characterized by integrity, respect, collaboration, diversity, and equity. The company’s culture is guided by high ethical and human standards, reflecting values such as empathy and optimism as promoted in our Manifesto. Every team member contributes to this positive and productive environment. The following outlines the expected standards of conduct and core cultural principles:

  • Integrity and Ethics: Act with honesty at all times, honoring commitments and obligations. Decisions must always be made with professional ethics, avoiding improper shortcuts. Any dishonest conduct or fraud is discouraged. Integrity also means consistency between what we say and what we do, building trust both within and outside the organization.
  • Diversity and Inclusion: Value and respect diversity of people and perspectives. As a global company, Keybe fosters an inclusive environment where discrimination is not tolerated on the basis of race, color, national origin, gender, gender identity or expression, sexual orientation, age, religion, disability, or any other protected characteristic. Individual differences are viewed as a strength that enhances creativity and innovation.
  • Respect and Dignified Treatment: Always maintain professional, courteous, and respectful conduct toward colleagues, clients, and anyone with whom one interacts on behalf of the company. Any form of workplace harassment, intimidation, verbal abuse, sexual harassment, or other behavior that undermines personal dignity is strictly prohibited. Any incident involving disrespect or harassment must be reported and will be addressed seriously in accordance with internal procedures.
  • Collaboration and Teamwork: Foster a spirit of collaboration and mutual support. Keybe teams are expected to work in a coordinated manner, sharing knowledge and best practices, communicating openly and constructively, and resolving disagreements through dialogue and professionalism. Support among colleagues and the achievement of collective goals are recognized and rewarded over individual accomplishments.
  • Equity and Opportunity: Promote fairness across all people management practices, ensuring equal opportunity in hiring, professional development, training, and compensation. Decisions regarding promotions or role assignments are based on merit, performance, and skills, never on favoritism or discrimination. The company is committed to eliminating unfair bias in its internal processes and to supporting the professional growth of all team members equally.

Each leader at Keybe has the additional responsibility of setting an example of these values and fostering an environment grounded in trust and respect. A healthy organizational culture not only improves the work environment but also directly influences innovation and the quality of the service we deliver to our clients. For this reason, protecting and nurturing this culture is a shared responsibility.

5. Responsible Use of Technology and Information

Keybe provides its team members with various technological tools, including equipment, systems, applications, internet access, AI platforms, and confidential information, to perform their roles. The use of these resources must always be responsible, secure, and aligned with internal policies, avoiding any action that could put the company, our clients, vendors, partners, or other team members at risk. The following guidelines define acceptable use of technology and information at Keybe:

  • Legal Compliance and Internal Policies: The use of Keybe’s systems, networks, or devices for unlawful purposes, unauthorized activities, or actions that violate company policies is strictly prohibited. Corporate resources may not be used to transmit, create, access, or store content that is illegal, harmful, obscene, discriminatory, threatening, or that incites hatred. The use of Keybe tools for personal purposes that infringe third-party rights, such as copyright violations, or that could harm the company’s reputation is also not tolerated.
  • System Integrity and Information Security: Team members must comply with all information security measures implemented by the company. Any attempt to bypass, disable, or undermine security controls, such as disabling antivirus software or firewalls or attempting to exploit vulnerabilities, is strictly prohibited. Unauthorized reverse engineering of company software, unauthorized access to internal systems, denial-of-service attacks, the introduction of malware, or any other activity that compromises the integrity or availability of the technological infrastructure is not permitted.
  • Each team member must protect their access credentials, including usernames, passwords, and tokens, and keep them confidential. Sharing corporate passwords is prohibited. Any indication of a security incident, such as the loss or theft of a device, unauthorized access, or a suspicious phishing email, must be reported immediately to the IT or Information Security team to activate response protocols.
  • Appropriate Use of Information and Resources: Information generated or collected in the course of work, including client data, strategies, code, and internal documents, must be used exclusively for legitimate work purposes and in accordance with the authorizations granted. Accessing data without proper authorization or using internal information for personal benefit or for the benefit of third parties is not permitted. Team members must follow the company’s information classification standards, such as public, internal, confidential, and restricted, and handle each type of information according to its level of sensitivity. Copying, transferring, or storing confidential information on unauthorized devices or services is prohibited. Upon termination of employment or any contractual relationship, the team member must return all company information assets and retain no copies of private data or documents.
  • Respect for Intellectual Property: Team members must respect the licenses and copyrights of all software, tools, and content they use. Installing or using unauthorized or unlicensed software on corporate equipment is not permitted. Likewise, downloading or distributing materials that infringe intellectual property rights, such as music, videos, images, or pirated software, through Keybe networks is prohibited. Any development, script, or program created by an employee to automate internal tasks must comply with security policies and be approved by the IT team before being used at scale.

In summary, the responsible use of technology and information means using company resources in a professional and ethical manner, while maintaining security and confidentiality at all times. The company may conduct periodic monitoring of its systems, within the limits permitted by law, to ensure compliance with these standards. Any violation may result in disciplinary action.

6. Relationships with Clients and Vendors

Keybe is committed to integrity, transparency, and professionalism in all its business relationships, including those with clients, vendors, and partners. We recognize that building trust-based relationships is essential to our long-term success. For this reason, we establish the following standards of conduct for our external interactions:

  • Customer Focus: All team members must treat Keybe’s clients with the highest level of respect, courtesy, and empathy, actively listening to their needs and striving to deliver high-quality solutions. Customer satisfaction is a priority, always within an ethical and legal framework. Team members are expected to honor commitments made to clients and to provide accurate and truthful information about our products and services. Any confidential client information to which access is granted, such as contact details, client business strategies, or the content of their communications, must be protected with the same level of care as internal information. Its use is limited to what is contractually agreed and must never be used for personal gain or for the benefit of unauthorized third parties.
  • Transparency and Honest Communication: In negotiations and agreements with clients and vendors, Keybe acts with full transparency. This includes clearly communicating terms and conditions without concealing or misrepresenting relevant information. No promises will be made that cannot be fulfilled, and no unrealistic expectations will be set regarding our solutions. Any error or incident that affects a client, such as a service disruption or delay, must be acknowledged honestly and addressed with a clear remediation plan. Communication will always be professional and constructive, focused on resolving issues and upholding the company’s reputation for trust.
  • Fair Selection and Treatment of Vendors: The company selects its vendors and contractors based on objective and fair criteria, such as quality, price, reliability, and alignment with our values. All team members involved in procurement or contracting processes must avoid any favoritism or conflicts of interest. Any situation that could create a conflict of interest, whether actual, potential, or even perceived, must be avoided in vendor relationships. For example, if an employee has a personal or financial relationship with a potential vendor, this must be disclosed and the individual must recuse themselves from the decision-making process. All current and prospective vendors must be treated fairly and respectfully. Negotiations are conducted in good faith, with the goal of building long-term, mutually beneficial relationships.
  • Legal Compliance and Anti-Corruption: In all interactions with clients, vendors, and government entities, Keybe team members must strictly comply with applicable laws, including competition, consumer protection, and tax regulations, as well as with our anti-corruption policies. Offering, giving, requesting, or accepting bribes, kickbacks, or any improper payments in exchange for favors or business advantages is strictly prohibited.

This prohibition includes facilitation payments to public officials, excessive gifts, lavish entertainment, or other courtesies that exceed reasonable and transparent limits. All gifts or business courtesies must be modest and permitted under the internal gifts policy. When in doubt, team members should consult the administrative team. Keybe also expects similar ethical conduct from its business partners, including vendors, distributors, and consultants, and communicates these expectations through third-party codes of conduct or contractual clauses.

Any team member who manages relationships with clients or vendors must act as an ambassador of Keybe’s values, demonstrating through their actions the trustworthiness, quality, and ethics that distinguish us. In turn, the company is committed to supporting its team members by providing training in customer service, ethical negotiation, and regulatory compliance, in order to ensure strong external relationships that are free from improper practices.

7. Innovation and Intellectual Property Policies

Innovation is a core pillar of Keybe Inc.’s culture. We encourage our team members, partners, and vendors to push the boundaries of creativity to develop solutions that create value and balance technology with people. At the same time, it is essential to properly protect and manage the intangible assets that result from this innovation, as well as to respect the intellectual property rights of third parties. This section outlines the policies related to internal innovation and intellectual property (IP):

7.1 Fostering Responsible Creativity: Keybe provides its teams with space, tools, and time for experimentation and innovation, such as R&D projects, advanced training, participation in hackathons, access to knowledge, and experimental labs, with the goal of driving continuous improvement in our products and services. Team members are encouraged to propose new ideas and optimizations.

At the same time, creativity must be exercised responsibly. Initiatives should align with the company’s strategic objectives and comply with internal and external regulations. The company values innovative initiatives and recognizes outstanding contributions, fostering a mindset of continuous growth and learning.

7.2 Intellectual Property of Internal Developments: Any development, invention, discovery, artistic work, trademark, design, AI model, algorithm, software component, or technical improvement created by team members, partners, or vendors in the course of their duties or through the use of company resources is considered the intellectual property of Keybe. The company retains exclusive ownership of all IP rights over the technologies and artificial intelligence models it develops, including any future improvements or modifications.

By joining Keybe, team members agree, through employment and confidentiality agreements, that the copyrights and industrial property rights of creations related to the business belong to the company, in accordance with applicable law. Each team member has a duty to protect these assets by not disclosing them without authorization, not registering them in their own name, and promptly reporting to the company any creation or idea developed during their work that may be patentable or registrable.

7.3 Rights Over Client Data and Content: When Keybe receives data, content, or feedback from clients to customize or train our systems, such as data used for AI models, we acknowledge that such data remains the property of the client or the original rights holder. The company commits to using this data solely for the purposes contractually agreed upon and to protecting its confidentiality. No team member may extract, reuse, or exploit client data for purposes beyond those expressly permitted.

Likewise, when developing solutions that generate client-specific content, such as customized configurations or reports, the rights of use are governed by the agreements in place with that client, ensuring that Keybe does not improperly appropriate client information. By contrast, the underlying models, methods, and technologies developed by Keybe, including know-how, algorithms, and frameworks, are not transferred. The client receives a limited license of use as agreed, while ownership of these core tools remains with Keybe.

7.4 Respect for Third-Party Intellectual Property: Throughout the innovation process, it is essential to respect external intellectual property rights. No team member may introduce third-party materials, including code, libraries, images, text, or other assets, into Keybe products or projects without ensuring that the appropriate license or authorization is in place. The use of open-source software must comply with the applicable licenses, and a record of third-party components incorporated into our developments will be maintained to manage compliance.

Any form of plagiarism or unauthorized copying of ideas, trademarks, or technologies from other companies is prohibited. If a team member has any doubt as to whether a particular idea or technology may infringe third-party rights, they must consult the Legal or Compliance team before proceeding. In addition, Keybe expects ethical behavior regarding intellectual property even outside the company context. Team members must not bring trade secrets or protected information from previous employers into Keybe, nor improperly use information obtained through unauthorized means.

7.5 Management of Trade Secrets and Technical Confidentiality: Keybe’s trade secrets, such as proprietary algorithms, AI strategies, client lists, and product plans, are critical assets. Every team member has a duty to protect the confidentiality of this sensitive technical and business information. This includes avoiding discussion in unsecured environments, not sharing it with unauthorized third parties, and using secure communication and storage practices when working with such information. Any unauthorized disclosure of trade secrets or privileged company information will be considered a serious violation and may result in legal and disciplinary action.

In summary, Keybe seeks a balance in which innovation can thrive within an environment of trust and respect for rights. The company will provide the necessary support, including legal, training, and technical resources, so that team members can innovate with confidence, knowing that their creations are protected and that the intellectual property ecosystem in which we operate is respected.

8. Internal Risk Reporting and Management Mechanisms

To maintain a culture of integrity and a safe environment, Keybe establishes clear mechanisms for reporting irregularities, as well as internal risk management processes. All team members have both the right and the duty to report any situation that violates these policies or represents a significant risk to the company, without fear of retaliation. Likewise, Keybe’s leadership is committed to handling such reports diligently and to proactively mitigating risks. The following mechanisms are outlined below:

8.1 Confidential Reporting Channels: Keybe provides secure and confidential channels for team members to report potential violations of internal policies, unethical conduct, information security incidents, fraud, or other risks. The primary reporting channel is the founder’s email address: [email protected]. All reports received are handled with strict confidentiality.

Any team member who reports an issue in good faith will be protected, and the company strictly prohibits any form of retaliation. Clients or third parties may also report potential misconduct. It is important to report any violation or significant threat immediately, so that Keybe can investigate and address the issue promptly.

8.2 Investigation Procedure and Actions: Once an internal report is received, the company will initiate an investigation process led by the administrative team. This process will be conducted with impartiality, respect, and due diligence. Efforts will be made to gather evidence, interview the parties involved, and document findings.

If the investigation confirms a policy violation or a genuine risk, the company will take appropriate corrective actions. These may include additional training, disciplinary measures for the responsible party, if an employee, adjustments to internal controls, or legal action in cases of serious or unlawful conduct. At all times, the focus will be on addressing the root cause of the issue, not only its immediate consequences. Where the reporting individual has been identified, they will be informed of the closure of the case and, where possible, of the general outcome, while respecting privacy.

8.3 Whistleblower Protection and Non-Retaliation: Keybe guarantees an environment in which team members feel safe raising concerns. Any act of retaliation, intimidation, or discrimination against a person who has reported an ethical or security concern is considered a serious violation of these policies. If anyone believes they are experiencing retaliation for having reported an issue, they must report it immediately through the same channels so that senior leadership can take appropriate action. The non-retaliation policy is essential to ensure that issues are brought to light and addressed in a timely manner.

8.4 Proactive Risk Management: Beyond responding to incidents, Keybe adopts a proactive approach to internal risk management. The company regularly identifies and assesses risks that may affect its operations, information assets, legal compliance, business continuity, or reputation. This is carried out through formal risk assessments, internal audits, and monitoring of key indicators.

Based on these analyses, controls and mitigation plans are implemented to reduce the likelihood and impact of identified risks, keeping exposure within acceptable limits. For example, the company manages information security risks by updating technologies and patches and conducting penetration testing, workplace risks through occupational health and physical safety programs, legal risks through compliance with new regulations, financial risks through accounting and fraud controls, and operational risks more broadly. All team members are expected to cooperate with risk management initiatives by providing accurate information and complying with established controls.

8.5 Incident Response and Continuous Improvement: When, despite preventive measures, an incident occurs, whether a security breach, workplace accident, or ethical violation, Keybe has response and contingency plans in place to manage it. Priority is given to containing the impact, notifying affected parties as appropriate, such as informing clients or authorities in the event of a data breach, and learning from what occurred.

Continuous improvement is an integral part of risk management. Each incident or near miss is treated as an opportunity to strengthen our policies and processes. Lessons learned are documented, and internal policies, procedures, or controls are adjusted accordingly to prevent future recurrence. This ongoing feedback loop ensures that Keybe’s internal control system continues to evolve and improve over time.

9. Review and Update of This Document

These internal policies are not static. They are a living document that may evolve as the company, its environment, and best practices change. Keybe is committed to keeping this document up to date and relevant. To that end, the following guidelines are established:

9.1 Review Frequency: A comprehensive review of all the policies described herein will be conducted at least once per year. In addition, if significant changes occur, such as new applicable laws or regulations, changes to the business model, the adoption of new technologies, or findings from internal audits, the policies will be updated immediately without waiting for the annual cycle. Keeping these policies current ensures their effectiveness and alignment with business needs and applicable regulatory requirements.

9.2 Update Responsibility: Responsibility for coordinating the review and update of these policies rests with Keybe’s Compliance and Ethics Committee, in collaboration with the Human Resources department and other relevant areas, such as Information Security and Legal. This committee will evaluate proposed changes, incorporate feedback from team members, and ensure that any updates remain aligned with corporate values and applicable laws. All updates must be approved by Keybe’s senior management before taking effect.

9.3 Communication and Training: When changes or additions are made to the internal policies, they will be communicated to all team members in a timely and clear manner through official internal channels, such as corporate email, the employee portal, or informational sessions. In addition to communication, training will be provided when necessary to ensure that everyone understands the new expectations. Each team member, partner, or vendor must acknowledge, through the established internal mechanisms, such as electronic signature, that they have received and understood the updated policies.

9.4 Continuous Improvement: Keybe encourages team members to contribute suggestions for improving these policies based on their practical experience. Internal feedback, along with industry trends and recommendations from international organizations, will be taken into account in future reviews. This commitment to continuous improvement and adaptation reflects our dedication to maintaining a culture of excellence, where internal policies not only meet international standards but also genuinely help unlock the true potential of people within a safe, ethical, and thriving work environment.

Prepared by:Daniel Jokka
Founder & CEO
Keybe Inc