Anti-Bribery, Ethics & Whistleblowing Policy

Home > Anti-Bribery, Ethics & Whistleblowing Policy

ZeroPact is committed to conducting business honestly, ethically, transparently, and in compliance with applicable anti-bribery, anti-corruption, fraud, procurement, tax, accounting, whistleblowing, and data-protection obligations.

ZeroPact has zero tolerance for bribery, corruption, facilitation payments, kickbacks, fraud, retaliation, or unethical conduct.

This policy applies to all ZeroPact founders, directors, employees, contractors, temporary staff, consultants, agents, representatives, suppliers, and any third party acting for or on behalf of ZeroPact.

It applies to dealings with public officials, private-sector customers, suppliers, partners, investors, auditors, regulators, competitors, and any other business contact.

• Bribe: anything of value offered, promised, given, requested, or received to improperly influence a decision, secure an advantage, reward improper performance, or induce someone to misuse their role.
• Anything of value: cash, gifts, hospitality, travel, meals, discounts, donations, sponsorships, jobs, internships, loans, credits, information, services, favours, preferential access, or commercial opportunities.
• Public official: any government, regulator, public-sector, state-owned enterprise, political-party, public-international-organization, or judicial representative, including candidates and relatives/intermediaries acting for them.
• Facilitation payment: a small unofficial payment or benefit intended to speed up or secure a routine government or administrative action.
• Whistleblower: a person who raises a concern in good faith about suspected wrongdoing, legal breach, unethical conduct, fraud, bribery, corruption, retaliation, security incident, or policy breach.

ZeroPact personnel and representatives must not directly or indirectly:

• Offer, promise, give, request, authorize, accept, or receive a bribe or improper advantage.
• Use a third party, consultant, supplier, partner, customer, family member, or intermediary to make or conceal an improper payment.
• Make facilitation payments unless there is an immediate threat to personal safety, in which case the incident must be reported as soon as possible.
• Offer gifts, hospitality, travel, donations, sponsorships, discounts, jobs, or other benefits to improperly influence a decision.
• Falsify records, split invoices, create sham services, hide payments, or misclassify expenses.
• Retaliate against a person who raises a concern, refuses to pay a bribe, or assists an investigation.

Gifts and hospitality may only be offered or accepted if they are lawful, modest, occasional, transparent, accurately recorded, directly related to legitimate business purposes, and not intended or reasonably perceived to influence a decision.

Cash, cash equivalents, secret benefits, lavish hospitality, and benefits during active procurement or contract negotiations are prohibited unless expressly approved by ZeroPact management for a lawful and documented purpose.

Any gift, hospitality, travel, or entertainment involving a public official, regulator, procurement decision-maker, or customer security/risk assessor requires prior management approval.

ZeroPact does not make political donations on behalf of the company unless explicitly approved by management and permitted by law.

Charitable donations, sustainability initiatives, sponsorships, community contributions, and memberships must be legitimate, documented, approved, and not used to obtain improper business advantage or influence an official/customer decision.

Third parties acting for or supporting ZeroPact must be selected and managed with appropriate due diligence based on risk.

Higher-risk third parties include public-sector intermediaries, sales agents, resellers, consultants paid by success fee, subcontractors with access to customer data, and providers operating in higher-risk jurisdictions or regulated sectors.

ZeroPact expects that:

• Contracts should include confidentiality, data protection, anti-bribery, audit/cooperation, and termination rights where appropriate.
• Payments must be made only for legitimate, documented services at commercially reasonable rates.
• Unusual payment requests, offshore accounts, cash payments, vague invoices, excessive commissions, or refusal to provide compliance information must be escalated.

Personnel must disclose actual, potential, or perceived conflicts of interest as soon as they become aware of them.

Examples include personal relationships with customer or supplier decision-makers, outside employment, advisory roles, ownership interests, family relationships, gifts, loans, investment interests, or any situation that could impair independent judgement.

ZeroPact must keep accurate books, records, invoices, approvals, expense records, contracts, and supporting evidence.

Payments and expenses must reflect the true nature of the transaction.

Personnel must not create false, misleading, incomplete, backdated, hidden, or off-book records.

Any suspected fraud, accounting irregularity, or concealed payment must be reported promptly.

Concerns may be reported to ZeroPact management, the CTO/CSO, or by email to:

• tech@zeropact.co
• dpo@zeropact.co

Reports may relate to bribery, corruption, fraud, conflicts of interest, harassment, retaliation, security incidents, data-protection breaches, inaccurate customer/security statements, unsafe conduct, legal violations, or any serious policy breach.

Reports should include, where available: date of the concern or incident; people or organizations involved; business area, customer, supplier, or project affected; description of the concern; documents, messages, records, or other evidence; potential witnesses; any urgent risk to people, customers, systems, data, or ZeroPact.

A report may still be made if not all details are known.

ZeroPact will handle whistleblowing reports sensitively and share information only with those who need it to assess, investigate, respond, or meet legal obligations.

ZeroPact prohibits retaliation against anyone who raises a concern in good faith, refuses to participate in bribery or unethical conduct, or assists an investigation.

Retaliation includes dismissal, demotion, threats, harassment, exclusion, reduced work, adverse treatment, or any penalty connected to the report.

Reported concerns will be assessed by ZeroPact management or another appropriate person with sufficient independence from the issue.

Investigations should be proportionate, documented, fair, timely, and evidence-based.

Where required, ZeroPact may involve legal counsel, external advisors, customers, cloud/service providers, regulators, law enforcement, or other competent authorities.

Confirmed breaches may result in corrective action, training, process changes, contract termination, access removal, disciplinary action, customer notification where required, regulator/law-enforcement notification where legally required, and recovery of losses where available.

Action will consider severity, intent, impact, recurrence, cooperation, and legal obligations.

Personnel with access to customer data, procurement, sales, finance, supplier management, public-sector dealings, or customer due-diligence responses must be made aware of this policy.

ZeroPact will review this policy at least annually and when there is a material change in law, customer requirements, risk profile, operating model, or services.

ZeroPact is committed to ethical business, transparency, accountability, and protection for people who raise concerns in good faith.

Everyone working for or on behalf of ZeroPact is responsible for preventing bribery, avoiding conflicts of interest, keeping accurate records, reporting concerns promptly, and cooperating with fair investigations.