AT A GLANCE TRANSPARENCY SUSTAINABILITY COMPASSION INCLUSION GOVERNANCE ESG GOALS APPENDIX CONTENTS GOVERNANCE Financial and Corporate Transparency Privacy and Data Security We regularly file public reports with the US Securities and We value the privacy and security of the data that our Exchange Commission (SEC) that detail our operational employees, customers, and business partners entrust us with. results, risks that could impact the business, and our financial We have robust policies and systems in place to ensure that performance. We publish all our SEC filings and quarterly data is protected and handled with care. Some of the ways performance reports on our website. we protect privacy and data are: Product Responsibility Annual cybersecurity trainings for employees. We take pride in creating beautifully designed, sustainable, Regular phishing tests and trainings for employees. and joyful products for our customers. Our Product Development, Multi-factor authentication for applications and accounts. Merchandising, Sourcing, and Marketing Teams work closely with Investing in and growing our IT team, including key roles our Legal & Compliance team to ensure that our products are focusing on cybersecurity, data and privacy compliance, responsibly designed. We carefully review products, designs, and and legal and regulatory oversight. marketing to avoid intellectual property or trademark conflicts Implementing secure platforms and systems that and to adhere to the Federal Trade Commission’s Green Guides, protect employee emails and customer credit card data which help us ensure that our environmental claims are accurate, and that guard against data breaches, viruses, malware, substantiated, and do not mislead consumers. and other threats. Brilliant Earth's natural and lab diamonds are independently Complying with the Sarbanes-Oxley Act, payment graded for quality characteristics of the 4Cs – cut, color, and clarity card industry requirements, and other legal and in a variety of carat weights. A diamond certificate or grading regulatory requirements. report from an independent gemological lab provides an expert Addressing potential threats and issues before they arise opinion on the quality of each diamond. These include some of by mapping our systems and data and undergoing regular the world’s leading gem-grading labs, such as the Gemological reviews and audits of our practices. Institute of America (GIA), International Gemological Institute (IGI), HRD Antwerp, and Gem Certification & Assurance Lab (GCAL). We had zero known cybersecurity incidents in 2022.