Privacy Policy
Last updated: February 14, 2025
Security & Encryption
Security is a high priority at ItemPath. For our cloud customers, ItemPath is run on a sharded server. Every web connection is end-to-end encrypted using SSL. When connecting to corporate data, a secure port is used, and all data is sanitized in and out to prevent cross-site and SQL injection.
Within ItemPath, no data or access is available without a user/password login, based on OAuth standards. The platform has strict controls and a role-based authentication system. Corporate data access is limited to top-level user accounts by default, and each access is logged for audit and history purposes. Additionally, all API endpoints require a signed and encrypted JWT token with each request.
ItemPath does cache and store some data on the ItemPath Cloud server. This data is inaccessible outside of ItemPath and is bound locally to the server itself. While the database is not encrypted, sensitive records are encrypted using AES-256 encryption. Each customer instance of ItemPath Cloud is run on a separate server to reduce the risk of data leakage.
Encryption plays a critical role in protecting data. Users are responsible for managing encryption keys securely when held by them. ItemPath secures its encryption keys to limit access to authorized administrators, with all access logged. Encryption is applied to all production databases holding sensitive data, and all network connections enforce encryption to protect data in-transit. Any data handled and stored by sub-processors is encrypted both in-transit and at-rest, in line with generally accepted industry practices. Additionally, ItemPath enforces key management policies, including key generation, rotation, and destruction. Production databases require data encryption at-rest, restricted direct access with approval, regular backups, and annual restoration tests to ensure effective recoverability.
Data Collection & Usage
When you use our services, we collect your personal data to support those services. Data privacy is a priority at ItemPath, and we take the protection of user information seriously.
ItemPath acts as both a Data Controller and a Sub-Processor. As a Data Controller, we determine the purpose and means of processing personal data. As a Sub-Processor, we collect, process, and use data in accordance with agreements made with the Data Controller, which includes ItemPath customers and resellers.
Various metrics for development and debugging purposes are collected. During normal software usage, we may collect user information such as names and email addresses, actions taken within ItemPath, and error or exception data that may include specific pieces of corporate data relevant to an issue. This information helps with bug triage and development and is not shared outside of ItemPath.
ItemPath collects personal data to personalize user experiences, provide support and troubleshooting, analyze and improve services, market our services, and meet legal and compliance obligations. The types of data collected include name and contact information, corporate data such as banking information, and user data such as IP addresses, database information, and historical records.
Data Handling & Privacy
ItemPath does not share corporate data, including database information, historical records, or usage information, outside of its installation for cloud customers. Each cloud customer is sharded onto a separate server, preventing the risk of data exposure through cross-contamination.
For on-premise customers, all data is stored locally on hardware provided by the customer. Data ownership is controlled by the organization running the computer environment that ItemPath is installed on.
Data sharing outside ItemPath is always initiated by a user process. For example, workflows may be configured to send automated reports to external email addresses, or users may export data from reports or dashboards. Every instance of data being exported from ItemPath is logged for audit and security purposes. Although the content of data exports is not stored, metadata about the export is retained.
To prevent data leakage, ItemPath follows strict protocols. However, we cannot take responsibility for connected applications and workflows controlled by customers outside of the ItemPath application.
Data handling policies are critical to protecting the security, confidentiality, integrity, and availability of information used by ItemPath and its customers. Data is only collected when there is a legitimate business need, and all collected data is protected by default unless otherwise approved. Information is classified and labeled based on sensitivity, and all sensitive data is restricted to secure storage locations. Any public release of sensitive data requires management and customer approval. Key information and documents are backed up regularly, and data retention and disposal policies define how long data must be kept before deletion.
Data Retention, Archiving & Disposal
Data retention policies ensure compliance and service continuity. Different types of data are retained for varying periods.
- Account management data is retained for one year after account closure.
- Service information remains available for 30 days after license expiration.
- Employment records are kept for seven years to meet compliance requirements.
- Usage data is retained for 30 days or anonymized as needed.
When information is no longer actively used but still required for record-keeping, it is archived securely. Archived data remains protected with restricted access and is stored in DigitalOcean, GitHub, and Google Drive, each of which employs robust security measures. Archived data is retained in line with the Data Retention policy plus an additional year.
When system assets, devices, or hard copy documents are no longer needed, all sensitive data must be completely erased or destroyed. Regular backups ensure protection against unauthorized data erasure, and data cannot be deleted without permission from the responsible owner. If a data erasure request is made, data will be erased within 30 days unless compliance obligations require otherwise.