ISO 27001 Information Security Policy

This ISO 27001 Information Security Policy outlines Mowly's commitment to establishing, implementing, maintaining, and continually improving an information security management system (ISMS). The policy applies to all employees, contractors, suppliers, and stakeholders who have access to Mowly's information assets, including customer data, legal information, and business records. It sets the direction and principles for managing information security in alignment with ISO 27001 requirements.

Mowly has established the following information security objectives to guide our ISMS and ensure the protection of information assets:

• Achieve and maintain ISO 27001 certification for our information security management system, demonstrating our commitment to internationally recognized security standards
• Ensure the confidentiality, integrity, and availability of customer, legal, and business information throughout its lifecycle
• Protect the mowly.ai platform and services against unauthorized access, disruption, and misuse through robust technical and organizational controls
• Manage security risks in a structured, proportionate manner aligned with our risk assessment and risk treatment plan
• Maintain secure relationships with suppliers and service providers critical to service delivery, ensuring they meet our security requirements
• Promote security awareness and responsible information handling among all personnel, fostering a culture of security across the organization
• Support the secure operation of all systems, processes, and services that underpin the delivery of Mowly's platform
• Ensure responsible AI use: customer data is not used to train AI models; AI outputs undergo professional review; transparency and human oversight are maintained in line with EU AI Act expectations as they apply to the company