|
List of notes
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|At StoneCo, cybersecurity risk management is an integral part of our overall risk management program. Our cybersecurity risk management program is based on industry best practices and on regulatory requirements. It provides a framework for handling cybersecurity threats and incidents and facilitating coordination across different departments of our company. This framework includes steps for assessing the severity of a cybersecurity threat, identifying the source of a cybersecurity threat including whether the cybersecurity threat is associated with a third-party service provider, implementing cybersecurity countermeasures and mitigation strategies, and informing management and our Board of Directors of material cybersecurity threats and incidents.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|cybersecurity risk management is an integral part of our overall risk management program
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block]
|implementing cybersecurity countermeasures and mitigation strategies, and informing management and our Board of Directors of material cybersecurity threats and incidents.
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Our Board of Directors has overall oversight responsibility for our risk management, including cybersecurity risk management. It delegates cybersecurity risk management oversight to the audit and risk committees of the Board of Directors. The audit and risk committees are responsible for overseeing that management has processes in place designed to identify and evaluate cybersecurity risks to which the company is exposed and implement processes and programs to manage cybersecurity risks and mitigate cybersecurity incidents. The audit and risk committees also report material cybersecurity risks to our full Board of Directors.
Management is responsible for identifying, considering and assessing material cybersecurity risks on an ongoing basis, establishing processes to ensure that such potential cybersecurity risk exposures are monitored, putting in place appropriate mitigation measures and maintaining cybersecurity programs. Our cybersecurity team, led by our Chief Information and Security Officer (“CISO”), who reports to our Chief Risk Officer, is responsible for our overall cybersecurity strategy and management. Our CISO and his senior personnel are certified and experienced information systems security professionals and information security managers with many years of experience. Our CISO and his team are independent from our technology team, that is led by our Chief Technology Officer. Our operational risk team is responsible for challenging the cybersecurity team’s strategy and management. In addition, our cybersecurity team provides training to all employees annually. Our technology team works closely with the risk teams to ensure systems, infrastructure, and data protection according to security strategy. Our technology team is responsible for implementing secure development practices, integrating security from the early stages of the software lifecycle and addressing vulnerabilities, ensuring that technical solutions align with security policies, and the organization's strategic objectives. Our technology and risk teams regularly update the audit and risks committees on the company’s cybersecurity programs, material cybersecurity risks and mitigation strategies. We do not use third parties on an ongoing basis to manage nor operate our cybersecurity processes; but we engaged consultants on an ad-hoc basis for specific engagements.
In 2024, we did not identify any cybersecurity threats that have materially affected our business strategy, results of operations, or financial condition. However, despite our efforts, we cannot eliminate all risks from cybersecurity threats, or provide assurances that we have not experienced an undetected cybersecurity incident.
For more information about our risk governance and these risks, please see “Item 4. Information on the Company — B. Business Overview—Risk Governance” and “Item 3. Key Information—D. Risk Factors” respectively in this annual report on Form 20-F.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Our Board of Directors has overall oversight responsibility for our risk management, including cybersecurity risk management
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|It delegates cybersecurity risk management oversight to the audit and risk committees of the Board of Directors.
|Cybersecurity Risk Role of Management [Text Block]
|Management is responsible for identifying, considering and assessing material cybersecurity risks on an ongoing basis, establishing processes to ensure that such potential cybersecurity risk exposures are monitored, putting in place appropriate mitigation measures and maintaining cybersecurity programs.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|Our cybersecurity team, led by our Chief Information and Security Officer (“CISO”), who reports to our Chief Risk Officer, is responsible for our overall cybersecurity strategy and management.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|The audit and risk committees also report material cybersecurity risks to our full Board of Directors.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef