Privacy & Sharing
Last updated: June 22, 2022
Security
For our cloud customers, security is a high priority. For our cloud customers, ItemPath is run on a sharded server. Every web connection is end-to-end encrypted using SSL. When connecting to corporate data, a secure port is used and all data is sanitized in and out to prevent cross-site and SQL injection.
Within ItemPath, no data or access is available without a user/password login. ItemPath has strict controls and a role-based authentication system. Corporate data access is limited to top-level user accounts only by default, and each access is logged for audit and history purposes. Additionally, all API endpoints requires a signed and encrypted JWT token with each request.
ItemPath does cache and keep some data stores on the sharded server, but this data is unavailable and bound locally to the server itself.
Is my corporate data shared?
For our cloud customers, your corporate data (including database information, historical records, and usage information) is not shared outside of your installation. Each cloud customer is sharded onto a separate server, so there is no risk of data being exposed via cross-contamination.
There are a number of ways that data is shared within ItemPath. This is all initiated by a user process, including:
- Via workflows (for example, setting up an automated email report to an external email address)
- Exporting data from reports or from the ItemPath dashboard
Each instance of data being exported from ItemPath is logged for audit and security purposes. The content of the data export is not kept, but only metadata about the export.
We take every precaution to avoid data leakage outside of ItemPath, but we cannot take responsibility for connected applications and workflows that are controlled by our customers outside of our application.
What data is collected by ItemPath?
In ItemPath, we collect a number of different metrics for development and debugging purposes. During the normal use of our software, we can collect information about users and their activity, including:
- Names, email addresses of users using ItemPath
- Actions that users take within ItemPath
- Errors and exception data, which may include specific pieces of corporate data that are relevant to the exception
This information may be collected and stored by ItemPath to help with bug triage and development, and is not shared outside of the organization.