The Security of your Data is important to us
ITILITE believes in fair, transparent and secure data management policies. We are committed to creating maximum value for our clients through the protection of this sensitive customer data
Security features
We understand how important this data is for you. And we ensure that our systems, processes and policies are up to date while implementing powerful in-built technologies on our platform.
Our company wide security measures are watertight, and are active all across the enterprise’s processes not only technical and physical, but also in policies and procedures. Along with this, ITILITE has strict compliance policies for training and informing all staff members about the security initiatives undertaken.
In addition to the lawful transfer, processing and storage of your Personal Information, the GDPR gives certain European Union members additional rights over our use of your Personal Information. ITILITE respects your control over your information and, in the event that you have provided Personal Information to us in your use of the site, we will provide you with details of your personal information we hold as detailed below. You may access, correct, or request deletion of your Personal Information by contacting us at privacy@itilite.com. We will respond to your request within a reasonable timeframe.
In addition to the lawful transfer, processing and storage of your Personal Information, the GDPR gives certain European Union members additional rights over our use of your Personal Information. ITILITE respects your control over your information and, in the event that you have provided Personal Information to us in your use of the site, we will provide you with details of your personal information we hold as detailed below. You may access, correct, or request deletion of your Personal Information by contacting us at privacy@itilite.com. We will respond to your request within a reasonable timeframe.
In addition to the lawful transfer, processing and storage of your Personal Information, the GDPR gives certain European Union members additional rights over our use of your Personal Information. ITILITE respects your control over your information and, in the event that you have provided Personal Information to us in your use of the site, we will provide you with details of your personal information we hold as detailed below. You may access, correct, or request deletion of your Personal Information by contacting us at privacy@itilite.com. We will respond to your request within a reasonable timeframe.
In addition to the lawful transfer, processing and storage of your Personal Information, the GDPR gives certain European Union members additional rights over our use of your Personal Information. ITILITE respects your control over your information and, in the event that you have provided Personal Information to us in your use of the site, we will provide you with details of your personal information we hold as detailed below. You may access, correct, or request deletion of your Personal Information by contacting us at privacy@itilite.com. We will respond to your request within a reasonable timeframe.
In addition to the lawful transfer, processing and storage of your Personal Information, the GDPR gives certain European Union members additional rights over our use of your Personal Information. ITILITE respects your control over your information and, in the event that you have provided Personal Information to us in your use of the site, we will provide you with details of your personal information we hold as detailed below. You may access, correct, or request deletion of your Personal Information by contacting us at privacy@itilite.com. We will respond to your request within a reasonable timeframe.
In addition to the lawful transfer, processing and storage of your Personal Information, the GDPR gives certain European Union members additional rights over our use of your Personal Information. ITILITE respects your control over your information and, in the event that you have provided Personal Information to us in your use of the site, we will provide you with details of your personal information we hold as detailed below. You may access, correct, or request deletion of your Personal Information by contacting us at privacy@itilite.com. We will respond to your request within a reasonable timeframe.
In addition to the lawful transfer, processing and storage of your Personal Information, the GDPR gives certain European Union members additional rights over our use of your Personal Information. ITILITE respects your control over your information and, in the event that you have provided Personal Information to us in your use of the site, we will provide you with details of your personal information we hold as detailed below. You may access, correct, or request deletion of your Personal Information by contacting us at privacy@itilite.com. We will respond to your request within a reasonable timeframe.
Compliance
Internal security
Our company wide security measures are watertight, and are active all across the enterprise’s processes not only technical and physical, but also in policies and procedures. Along with this, ITILITE has strict compliance policies for training and informing all staff members about the security initiatives undertaken.
Information Security Policy
According to the ITILITE policy, all employees and applicable contractors are required to follow security protocols after they are hired. These best practices are enforced regularly, and training sessions are conducted to bring everyone on to the same page. Periodic reviews are also undertaken to ensure complete transparency.
Certifications
ITILITE is ISO 27001 certified organization and implemented best practices across the company. The AWS data centers in use already hold various certifications including SOC 1,2,3 and ISO 27001. Our PCI compliance parameter is fulfilled through our external payment provider, Stripe.
Employee Awareness Scheme
ITILITE provides security awareness training to every employee in the company on an annual basis. Delivered by our security team, it is role-specific to each member, and the training is tailored to company specific and consumer specific risks. This includes training employees on GDPR regulations and policies as well. All employees are also provided with security bulletins and emails. A dedicated security update section in the internal monthly newsletter is updated periodically.
Access control
ITILITE implements role-based access control to ensure that only authorised personnel have access to sensitive consumer information, based on their job requirements and role.
Business continuity
ITILITE’s application and support services have a combination of data layer led controls to ensure that the services and processes remain constant in case of emergencies. A secure data backup is kept in place to ensure business continuity at all times.
Physical security
All ITILITE offices have security personnel on site 24x7, and all premises are guarded through CCTV cameras as well.
GDPR
ITILITE reviews all our data sub-processors to ensure that they maintain high standards of security that gives customers the confidence that their data is safe at all times. We also ensure that a DPA is in place with each supplier. For more detailed information, please visit our GDPR page.
Any more queries?
Send an email to securityteam@itilite.com with any questions you may have. Our team will get back to you at the earliest.
For more information about privacy at ITILITE, you can find our privacy policy and other details here
Making great experiences requires trust.
At ITILITE, we're committed to protecting the privacy security, and availability of our products.
Industry - based Compliance
ITILITE is dedicated to continuously improving the security, technical and organizational measures to better protect the customer data and sensitive information shared with us. We are always evaluating industry standard practices regarding technical data privacy and information security & strive to meet or exceed those standards. Our security programs are comprehensive and dedicated to all facets of safety
ITILITE holds the following trusted security certifications.
Backstage Practices
ITILITE being a custodian of customers' data, a Zero-Trust model of security architecture, robust product delivery, and a highly resilient service platform are the key tenets of its service delivery.
Securing your data
The multi-tiered data security model
Committed to security
End-to-end security integrated into the product lifecycle
Highly Resilient Architecture
Our system availability and performance at all times.
Securing your data
We understand the value of personal data. With our robust system of data safeguards, we allow you to focus on the data rather than on its security - So your data is protected first. Not last our secure cloud partners
Gateway Security
Our network security architecture consists of multiple security zones. More sensitive systems, like database servers, are protected in our most trusted zones.
Anti-Malware & Spam Protection
Anti-Malware solution and Spam protection applied based on latest threat signatures and threat intelligence ensuring end-user platform security.
Encryption
AES 256 bit encryption with 1,024-bit key-strength for data at Rest and FIPS 140-2 compliant TLS encryption for data in transit.
Access Controls
Role-based access through an explicit need-to-know basis utilizes the least privilege & two-factor authentication and end-to-end audit trails ensuring access monitoring.
Securing your data
We understand the value of personal data. With our robust system of data safeguards, we allow you to focus on the data rather than on its security - So your data is protected first. Not last our secure cloud partners
Gateway Security
Our network security architecture consists of multiple security zones. More sensitive systems, like database servers, are protected in our most trusted zones.
Anti-Malware & Spam Protection
Anti-Malware solution and Spam protection applied based on latest threat signatures and threat intelligence ensuring end-user platform security.
Encryption
AES 256 bit encryption with 1,024-bit key-strength for data at Rest and FIPS 140-2 compliant TLS encryption for data in transit.
Access Controls
Role based access through an explicit need-to-know basis, utilizes the least privilege & two-factor authentication and end-to-end audit trails ensuring access monitoring.
Secure Product Build
Information security and data privacy requirements are baked into every release cycle and form part of the blueprint considerations of the product.
Quality Assurance
Builds are put through stringent functionality tests, performance tests, stability tests, and Ux tests before the build is certified "Good to go".
Product Roadmapping
The product road-map is defined and reviewed periodically by the Product Owner. Security fixes are prioritized and are bundled in the earliest possible sprint.
Code Review
All changes are tested by the Quality Assurance team and criteria are established for performing code reviews, web vulnerability assessment, and advanced security test practices.
Version Control
Source Code is managed centrally with version controls and access restricted based on various teams that are assigned to specific sprints. Records are maintained for code changes and code check-ins and check-outs.
Secure Product Build
Information security and data privacy requirements are baked into every release cycle and form part of the blueprint considerations of the product.
Quality Assurance
Builds are put through stringent functionality tests, performance tests, stability tests, and Ux tests before the build is certified "Good to go".
Product Roadmapping
The product road-map is defined and reviewed periodically by the Product Owner. Security fixes are prioritized and are bundled in the earliest possible sprint.
Code Review
All changes are tested by the Quality Assurance team and criteria are established for performing code reviews, web vulnerability assessment, and advanced security test practices.
Version Control
Source Code is managed centrally with version controls and access restricted based on various teams that are assigned to specific sprints. Records are maintained for code changes and code check-ins and check-outs.
Highly Resilient Architecture
Component Redundancy
All components are deployed in ‘n+1’ mode across multiple availability zones configured in active-active mode behind a load balancing service.
Highly Scalable DNS
Route users to the best endpoint based on geo-proximity, latency, health, and other considerations.
Data Backup
Near real-time backups taken across multiple availability zones in encrypted and access controlled containers.
Business Continuity and Disaster Recovery
Our Disaster Recovery (DR) program ensures that our services remain available and are easily recoverable in the case of a disaster. This is accomplished through building a robust technical environment, creating Disaster Recovery plans, and testing activities.
