AiboTask AiboTask Legal Public legal documents

Public legal documents

AiboTask — Security Overview (Technical & Organizational Measures)

Version: 1.1
Effective date: 5 April 2026
Provider / Platform Operator: AirTek Technologies (RUC 0924829179001)
Registered address: Cooperativa Adesdac MZ 70 S 13, Ecuador
Security/Privacy contact: ruben.lazaro@clitecser.com

This document summarizes the Technical and Organizational Measures (TOMs) used to protect personal data processed in aibotask.

This is a high-level summary intended for Customers (Tenants). Specific controls may vary by environment/configuration, and may be enhanced over time.

1) Infrastructure and hosting

  • Primary hosting provider: Amazon Web Services (AWS).
  • Primary region: us-east-1 (N. Virginia, United States).
  • No backups are maintained outside us-east-1 (N. Virginia, United States) (as of the effective date).

2) Access control

  • Role-based access controls (RBAC) for SaaS360 admin/commercial portal users.
  • Principle of least privilege for internal Provider access (support, security) on a need-to-know basis.
  • Administrative actions should be logged/audited (e.g., user creation, role changes).

3) Authentication and session management

  • Password policies and secure authentication for SaaS360 and related web-portal accounts.
  • Session timeouts and secure cookie/session settings for web portals.
  • Optional multi-factor authentication (MFA) can be enabled where supported.

4) Encryption

  • Encryption in transit using HTTPS/TLS for web and API communications.
  • Encryption at rest is applied where supported by the underlying AWS services and configuration (e.g., database/storage encryption).

5) Data segregation (multi-tenant)

  • Logical segregation of Customer/Tenant data (tenant identifiers, authorization checks).
  • Access to one Tenant’s data is restricted from other Tenants by design and controls.

6) Logging, monitoring, and telemetry

  • Application and infrastructure logs for security and reliability.
  • Monitoring and alerting for anomalous behavior and availability issues.
  • Performance and usage telemetry for Provider-operated web portals (including SaaS360) may be collected using Amazon CloudWatch RUM.

7) Secure development practices

  • Change management and code review practices for production releases.
  • Separation of environments (e.g., dev/test/prod) where feasible.
  • Secrets should be managed securely (e.g., environment variables / secret manager).

8) Vulnerability management

  • Use of vendor security updates and patching for dependencies and OS/images where applicable.
  • Periodic review of dependencies and remediation of critical vulnerabilities.
  • Security testing may include static analysis, dependency scanning, and/or penetration testing (scope dependent).

9) Backups and business continuity

  • Backups (if enabled) remain within us-east-1 (N. Virginia, United States).
  • Backup retention and recovery objectives are configuration dependent and may be aligned with Customer requirements for enterprise plans.

10) Incident response (high-level)

  • Provider maintains an incident response process to detect, contain, and remediate security incidents.
  • For incidents involving Customer data, the Provider will notify the Customer/Tenant without undue delay and in line with contractual obligations (see DPA).

11) Subprocessors

Key subprocessors and service providers include AWS (hosting, SES, Pinpoint, Location services, CloudWatch RUM), Apple/Google for push delivery, and Kushki for payment processing in SaaS360 subscription transactions. See the public Subprocessor List.

12) Customer responsibilities

Customers (Tenants) play an important role in protecting data:

  • maintain strong passwords / MFA where available
  • limit SaaS360 and other admin-portal access to authorized staff only
  • configure appropriate retention policies
  • use the app responsibly (e.g., do not upload unnecessary personal data)

13) Contact

For security/privacy questions: ruben.lazaro@clitecser.com.