Aiden is a software-as-a-service (SaaS) company providing guided selling software. Our solutions are designed with privacy in mind, ensuring that data collection is limited to what is strictly necessary for providing our services. We categorize data collection into two main groups: end users (visitors of Controller’s website that use a guided selling app) and business users (employees of Contoller that use the software to build and manage guided selling apps).

In accordance with the General Data Protection Regulation (GDPR), we implement a series of technical and organizational measures to ensure the confidentiality, integrity, and availability of data. This document outlines those measures to assure our clients and users that data privacy and security are top priorities.

Table of contents

1. Access control

• We implement role-based access control (RBAC) to ensure that employees have only the necessary access to perform their roles.
• We use 2-factor authentication (2FA) on all critical systems.
• Each quarter a regular audit is conducted on employees’ access rights, and the same is done whenever an employee is onboarded or offboarded.
• We use centralized account management (Google Admin) for all Aiden authorizations for streamlined data access control and accountability.

2. Data

Encryption & Access:

• All data in transit is encrypted using TLS/SSL.
• Only employees with a legitimate business need can access data, with access restricted and removed once tasks are completed.
• Data at rest that may include personally identifiable information is encrypted using industry-standard encryption techniques (AES).

Minimization & Pseudonymization: