This policy was originally prepared in the Japanese language, which language shall control, and any translation in any other language shall be for reference only and shall not bind you or the Company.

Basic Principles

SmartDrive inc. (the "Company") deals with information rooted in people's real lives and is in the business of providing data related to movement of people and things through data analysis services and other means. We believe it is our responsibility to protect the information assets entrusted to us by our customers and business partners through our business, as well as our own information assets. We will implement activities to maintain the confidentiality, integrity, and availability of the information assets.

1. In order to protect the information assets, we have established an information security policy and conduct our business in accordance with such policy, while at the same time complying with laws, regulations, and other standards related to information security, as well as contracts with our customers.
2. We will clarify the standards for analyzing and assessing the risks of leakage, damage, and loss, etc. to information assets, establish a systematic risk assessment method, and conduct risk assessments on a regular basis. Based on the results, we will implement necessary and appropriate security measures.
3. We will establish an information security system led by an officer in charge, and clarify the scope of authorization and responsibility for information security. In addition, we will regularly educate, train, and enlighten all employees to ensure that they recognize the importance of information security and handle the information assets appropriately.
4. We will periodically inspect and audit the status of compliance with the information security policy and handling of information assets, and will promptly take corrective measures for any deficiencies or items for improvement that are discovered.
5. In addition to taking appropriate measures against the occurrence of information security events and incidents, we will establish procedures in advance to minimize damage in the event of such events or incidents, and in the event of an emergency, we will promptly respond and take appropriate corrective measures. In particular, we will establish a framework for the management of incidents that may result in business interruption, and ensure the continuity of our business by conducting periodic risk assessments, recovery tests, and review of the framework.
6. We will establish and implement an information security management system that sets the goals to realize our Basic Principles, and will continuously review and improve such system.