ポリシー

株式会社ロビテクの個人情報保護および情報セキュリティに関する基本方針を掲載しています。

プライバシーポリシー

株式会社ロビテク(以下「当社」)は、個人情報の重要性を認識し、個人情報の保護に関する法律(個人情報保護法)およびその他の関連法令を遵守し、お客様の個人情報を適切に取り扱います。

1. 個人情報の収集

当社は、業務遂行上必要な範囲内で、適法かつ公正な手段によって個人情報(氏名、メールアドレス、電話番号等)を収集いたします。

2. 利用目的

当社は、収集した個人情報を以下の目的で利用いたします。

  • 当社のサービスおよび製品の提供・運営のため
  • お問い合わせへの回答および技術サポートのため
  • ご本人確認および認証のため
  • メールマガジン、イベント、キャンペーン等のご案内のため
  • サイトの利用状況を分析し、ユーザーエクスペリエンスを向上させるため

3. 安全管理措置

当社は、個人情報への不正アクセス、紛失、破壊、改ざんおよび漏洩を防止するため、厳重なセキュリティ対策を講じます。また、従業員に対し適切な教育を実施し、情報管理を徹底いたします。

4. 第三者への提供

当社は、次の場合を除き、あらかじめご本人の同意を得ることなく個人情報を第三者に提供いたしません。

  • 法令に基づく場合
  • 人の生命、身体または財産の保護のために必要がある場合
  • 業務委託先に対し、機密保持契約を締結した上で業務遂行に必要な範囲で提供する場合

5. クッキー(Cookie)の使用について

当社のウェブサイトでは、利便性の向上や利用状況の把握のためにクッキーを使用することがあります。ブラウザの設定によりクッキーを無効にすることも可能ですが、その場合、サイトの一部機能が利用できなくなることがあります。

6. 個人情報の開示・訂正・削除

お客様がご自身の個人情報の開示、訂正、削除などを希望される場合は、ご本人であることを確認の上、速やかに対応いたします。

7. お問い合わせ窓口

本ポリシーに関するお問い合わせ、または個人情報の取り扱いに関するご相談は、下記までご連絡ください。

株式会社ロビテク 個人情報保護担当
account(at)robitech.co.jp

Information Security Policy

Robitech, Inc.
October 12, 2025

1. Overview

Objective: The objective of this Information Security Policy (ISP) is to establish a comprehensive framework that ensures the confidentiality, integrity, and availability of organizational information systems. It aims to align security practices with business objectives, mitigate risks, and ensure compliance with applicable regulations.

Scope: This policy applies to all systems, data, and networks of the organization, including those accessed via Amazon’s Selling Partner API (SP-API).

2. Security Governance

Policy Management: Establish, maintain, and enforce security policies to ensure consistent governance across the organization

Risk and Compliance Regulations Management: Identify and assess security risks, and ensure compliance with applicable laws, standards, and industry regulations.

Privacy Regulation Management: Ensure personal data is collected, processed, and protected in accordance with privacy laws and regulatory requirements.

Third Party Risk Management: Evaluate and monitor third-party partners to ensure they meet the organization’s security and compliance requirements.

Business Continuity: Establish and maintain business continuity and disaster recovery plans to ensure the organization can continue critical operations and recover from disruptions.

Acceptable Use Policy: Define acceptable and unacceptable use of organizational systems, networks, and data. Organizational resources must only be used for authorized business purposes. Unauthorized activities such as installing unapproved software, accessing inappropriate content, or using company resources for personal gain are prohibited. Users must protect organizational information, follow access controls, and comply with all security requirements.

3. Infrastructure Security

Data Storage: Store organizational data in approved environments with appropriate access controls and encryption. Maintain an inventory of all information assets and apply security controls to protect them throughout their lifecycle.

Device Access Policy: Personal or mobile devices (e.g., smartphones, tablets) are strictly prohibited from accessing the corporate network or Amazon data. Only company-managed and approved devices may connect through VPN with IPS restrictions. Endpoint security is enforced via centralized management (MDM), device encryption, and malware protection. Use of USB or removable media is disabled, and local admin rights are restricted to approved exceptions.

Asset Baseline Configuration: Implement standardized baseline configurations for systems and devices to minimize vulnerabilities and unauthorized changes.

Cloud Security: Continuously monitor cloud configurations for all in-scope assets against a defined security baseline such as CIS or AWS foundational benchmarks. Utilize a Cloud Security Posture Management (CSPM) tool to detect configuration drift and take risk-based corrective action. Generate and retain monitoring reports and alerts as audit evidence, reviewed by the IT Security Manager.

Asset Destruction: Ensure secure disposal or sanitization of data and assets when they are no longer required.

Anti-malware Controls: Deploy and maintain anti-malware solutions to detect, prevent, and remediate malicious software threats.

Physical Security Policy: All operations are conducted in a controlled remote environment. Access to organizational resources is managed through secure connections, ensuring that data remains protected and is not stored on local devices.

Restriction of Unauthorized Software: Only authorized and approved software may be installed or executed on organizational systems. Unauthorized software is strictly prohibited.

4. Data Protection

Encryption Protocols: Apply strong encryption standards to protect data at rest and in transit.

Management and Classification of Data: Classify data based on sensitivity and apply appropriate protection measures accordingly. Amazon data is stored separately with clear identifiers to ensure traceability and compliance with attribution requirements.

Data Retention and Back-up: Retain data only for the required period and ensure regular, secure backups are maintained.

Dark Web Review: Conduct periodic reviews of the dark web to identify potential data leaks or threats.

API Key Security: Securely manage API keys with strict access controls, rotation policies, and monitoring.

Removable Media Policy: Removable media must not be used to store or transfer Amazon data or organizational programs.

Data Loss Prevention (DLP) Controls: Implement technical and procedural controls to prevent unauthorized transfer or exposure of Amazon data. Deploy a Data Loss Prevention (DLP) solution or equivalent mechanisms to monitor and detect data exfiltration attempts. DLP coverage includes email, endpoints, and cloud storage containing Amazon data. The DLP system configuration and data definitions are reviewed and updated quarterly to ensure continued protection. All Amazon data stored on desktops, laptops, and removable media is encrypted to prevent unauthorized access or leakage.

AI/ML Usage Policy: This organization does not use Amazon or seller data for training AI/ML models, nor will it permit such use in the future.

5. Network security and vulnerability management

Security Controls: Implement firewalls, VPNs