The future of integrated travel & expense management is here! Get exclusive early access NOW!

The Security of your Data is important to us

ITILITE believes in fair, transparent and secure data management policies. We are committed to creating maximum value for our clients through the protection of this sensitive customer data

Security features

We understand how important this data is for you. And we ensure that our systems, processes and policies are up to date while implementing powerful in-built technologies on our platform.

Data Encryption at Rest

Our company wide security measures are watertight, and are active all across the enterprise’s processes not only technical and physical, but also in policies and procedures. Along with this, ITILITE has strict compliance policies for training and informing all staff members about the security initiatives undertaken.

Data Encryption in Transit

In addition to the lawful transfer, processing and storage of your Personal Information, the GDPR gives certain European Union members additional rights over our use of your Personal Information. ITILITE respects your control over your information and, in the event that you have provided Personal Information to us in your use of the site, we will provide you with details of your personal information we hold as detailed below. You may access, correct, or request deletion of your Personal Information by contacting us at privacy@itilite.com. We will respond to your request within a reasonable timeframe.

Regular updates and testing

In addition to the lawful transfer, processing and storage of your Personal Information, the GDPR gives certain European Union members additional rights over our use of your Personal Information. ITILITE respects your control over your information and, in the event that you have provided Personal Information to us in your use of the site, we will provide you with details of your personal information we hold as detailed below. You may access, correct, or request deletion of your Personal Information by contacting us at privacy@itilite.com. We will respond to your request within a reasonable timeframe.

Regular 3rd partyAssurance Process

In addition to the lawful transfer, processing and storage of your Personal Information, the GDPR gives certain European Union members additional rights over our use of your Personal Information. ITILITE respects your control over your information and, in the event that you have provided Personal Information to us in your use of the site, we will provide you with details of your personal information we hold as detailed below. You may access, correct, or request deletion of your Personal Information by contacting us at privacy@itilite.com. We will respond to your request within a reasonable timeframe.

Hosted in high-availability data centres

In addition to the lawful transfer, processing and storage of your Personal Information, the GDPR gives certain European Union members additional rights over our use of your Personal Information. ITILITE respects your control over your information and, in the event that you have provided Personal Information to us in your use of the site, we will provide you with details of your personal information we hold as detailed below. You may access, correct, or request deletion of your Personal Information by contacting us at privacy@itilite.com. We will respond to your request within a reasonable timeframe.

Protecting your data

In addition to the lawful transfer, processing and storage of your Personal Information, the GDPR gives certain European Union members additional rights over our use of your Personal Information. ITILITE respects your control over your information and, in the event that you have provided Personal Information to us in your use of the site, we will provide you with details of your personal information we hold as detailed below. You may access, correct, or request deletion of your Personal Information by contacting us at privacy@itilite.com. We will respond to your request within a reasonable timeframe.

Malware & Spam Protection

In addition to the lawful transfer, processing and storage of your Personal Information, the GDPR gives certain European Union members additional rights over our use of your Personal Information. ITILITE respects your control over your information and, in the event that you have provided Personal Information to us in your use of the site, we will provide you with details of your personal information we hold as detailed below. You may access, correct, or request deletion of your Personal Information by contacting us at privacy@itilite.com. We will respond to your request within a reasonable timeframe.

Access Control

In addition to the lawful transfer, processing and storage of your Personal Information, the GDPR gives certain European Union members additional rights over our use of your Personal Information. ITILITE respects your control over your information and, in the event that you have provided Personal Information to us in your use of the site, we will provide you with details of your personal information we hold as detailed below. You may access, correct, or request deletion of your Personal Information by contacting us at privacy@itilite.com. We will respond to your request within a reasonable timeframe.

Compliance

Internal security

Our company wide security measures are watertight, and are active all across the enterprise’s processes not only technical and physical, but also in policies and procedures. Along with this, ITILITE has strict compliance policies for training and informing all staff members about the security initiatives undertaken.

Information Security Policy

According to the ITILITE policy, all employees and applicable contractors are required to follow security protocols after they are hired. These best practices are enforced regularly, and training sessions are conducted to bring everyone on to the same page. Periodic reviews are also undertaken to ensure complete transparency.

Certifications

ITILITE is ISO 27001 certified organization and implemented best practices across the company. The AWS data centers in use already hold various certifications including SOC 1,2,3 and ISO 27001. Our PCI compliance parameter is fulfilled through our external payment provider, Stripe.

Employee Awareness Scheme

ITILITE provides security awareness training to every employee in the company on an annual basis. Delivered by our security team, it is role-specific to each member, and the training is tailored to company specific and consumer specific risks. This includes training employees on GDPR regulations and policies as well. All employees are also provided with security bulletins and emails. A dedicated security update section in the internal monthly newsletter is updated periodically.

Access control

ITILITE implements role-based access control to ensure that only authorised personnel have access to sensitive consumer information, based on their job requirements and role.

Business continuity

ITILITE’s application and support services have a combination of data layer led controls to ensure that the services and processes remain constant in case of emergencies. A secure data backup is kept in place to ensure business continuity at all times.

Physical security

All ITILITE offices have security personnel on site 24x7, and all premises are guarded through CCTV cameras as well.

GDPR

ITILITE reviews all our data sub-processors to ensure that they maintain high standards of security that gives customers the confidence that their data is safe at all times. We also ensure that a DPA is in place with each supplier. For more detailed information, please visit our GDPR page.

Any more queries?

Send an email to securityteam@itilite.com with any questions you may have. Our team will get back to you at the earliest.

For more information about privacy at ITILITE, you can find our privacy policy and other details here

Making great experiences requires trust.

At ITILITE, we're committed to protecting the privacy security, and availability of our products.

Industry - based Compliance

ITILITE is dedicated to continuously improving the security, technical and organizational measures to better protect the customer data and sensitive information shared with us. We are always evaluating industry standard practices regarding technical data privacy and information security & strive to meet or exceed those standards. Our security programs are comprehensive and dedicated to all facets of safety.

ITILITE holds the following trusted security certifications for which we are audited regularly.

pci dss

Backstage Practices

ITILITE being a custodian of customers' data, a Zero-Trust model of security architecture, robust product delivery, and a highly resilient service platform are the key tenets of its service delivery.

Securing your data

The multi-tiered data security model

Committed to security

End-to-end security integrated into the product lifecycle

Highly Resilient Architecture

Our system availability and performance at all times.

Securing your data

We understand the value of personal data. With our robust system of data safeguards, we allow you to focus on the data rather than on its security - So your data is protected first. Not last our secure cloud partners

Gateway Security

Our network security architecture consists of multiple security zones. More sensitive systems, like database servers, are protected in our most trusted zones.

Anti-Malware & Spam Protection

Anti-Malware solution and Spam protection applied based on latest threat signatures and threat intelligence ensuring end-user platform security.

Encryption

AES 256 bit encryption with 1,024-bit key-strength for data at Rest and FIPS 140-2 compliant TLS encryption for data in transit.

Access Controls

Role-based access through an explicit need-to-know basis utilizes the least privilege & two-factor authentication and end-to-end audit trails ensuring access monitoring.

Securing your data

We understand the value of personal data. With our robust system of data safeguards, we allow you to focus on the data rather than on its security - So your data is protected first. Not last our secure cloud partners

Gateway Security

Our network security architecture consists of multiple security zones. More sensitive systems, like database servers, are protected in our most trusted zones.

Anti-Malware & Spam Protection

Anti-Malware solution and Spam protection applied based on latest threat signatures and threat intelligence ensuring end-user platform security.

Encryption

AES 256 bit encryption with 1,024-bit key-strength for data at Rest and FIPS 140-2 compliant TLS encryption for data in transit.

Access Controls

Role based access through an explicit need-to-know basis, utilizes the least privilege & two-factor authentication and end-to-end audit trails ensuring access monitoring.

Secure Product Build

Information security and data privacy requirements are baked into every release cycle and form part of the blueprint considerations of the product.

Quality Assurance

Builds are put through stringent functionality tests, performance tests, stability tests, and Ux tests before the build is certified "Good to go".

Product Roadmapping

The product road-map is defined and reviewed periodically by the Product Owner. Security fixes are prioritized and are bundled in the earliest possible sprint.

Code Review

All changes are tested by the Quality Assurance team and criteria are established for performing code reviews, web vulnerability assessment, and advanced security test practices.

Version Control

Source Code is managed centrally with version controls and access restricted based on various teams that are assigned to specific sprints. Records are maintained for code changes and code check-ins and check-outs.

Secure Product Build

Information security and data privacy requirements are baked into every release cycle and form part of the blueprint considerations of the product.

Quality Assurance

Builds are put through stringent functionality tests, performance tests, stability tests, and Ux tests before the build is certified "Good to go".

Product Roadmapping

The product road-map is defined and reviewed periodically by the Product Owner. Security fixes are prioritized and are bundled in the earliest possible sprint.

Code Review

All changes are tested by the Quality Assurance team and criteria are established for performing code reviews, web vulnerability assessment, and advanced security test practices.

Version Control

Source Code is managed centrally with version controls and access restricted based on various teams that are assigned to specific sprints. Records are maintained for code changes and code check-ins and check-outs.

Highly Resilient Architecture

Component Redundancy

All components are deployed in ‘n+1’ mode across multiple availability zones configured in active-active mode behind a load balancing service.

Highly Scalable DNS

Route users to the best endpoint based on geo-proximity, latency, health, and other considerations.

Data Backup

Near real-time backups taken across multiple availability zones in encrypted and access controlled containers.

Business Continuity and Disaster Recovery

Our Disaster Recovery (DR) program ensures that our services remain available and are easily recoverable in the case of a disaster. This is accomplished through building a robust technical environment, creating Disaster Recovery plans, and testing activities.

More Information

Itilite has a designated Data Protection Officer and a Grievance Redressal Office. If you have any questions on data privacy or process integrity, like which data is collected from you and how your data will be used, you can write to dpo@itilite.com. Depending on the nature of your query, you can expect a response within 7 to 21 business days.

Please refer to our Cookie Declaration and Privacy Policy to know more.

Product
Company
Resources

Manage your travel & expense from anywhere, anytime

App store
Play store
aicpa
ISO 27003
pci dss

contact@itilite.com

©  ITILITE