ITILITE Trustcenter

Making great experiences requires trust.

At ITILITE, we’re committed to protecting the privacy security, and availability of our products.

Industry – based Compliance

ITILITE is dedicated to continuously improving the security, technical and organizational measures to better protect the customer data and sensitive information shared with us.

We are always evaluating industry standard practices regarding technical data privacy and information security & strive to meet or exceed those standards.

Our security programs are comprehensive and dedicated to all facets of safety.

Our Security Standards

We adhere to globally recognized security and compliance standards

Product Security - Built for Protection, Designed for Trust

At ITILITE, security is embedded into every layer of our product. From secure authentication to real-time monitoring, we ensure that your data is always protected.

Acesss Control & Authentication

Our Access Control ensures that only authorized users can access systems and data. By implementing Role-Based Access Control (RBAC), We restrict access based on responsibilities, minimizing the risk of unauthorized data exposure. Additionally, SSO and Multi-Factor Authentication (MFA) strengthens security by requiring users to verify their identity through multiple methods, such as passwords and one- time passcodes.

Data Encryption

ITILITE ensures that all data at rest is secured using AES-256 encryption. Data in transit is protected using TLS 1.2+ encryption, which prevents interception during communication between users and servers. Additionally, end-to-end encryption ensures that only intended recipients can access critical data, further reinforcing security.

Compliance & Regulatory Adherence

ITILITE follows strict compliance with global security standards such as ISO 27001, SOC 2 and PCI DSS. These certifications demonstrate ITILITE's commitment to maintaining a secure environment for customer data. Regular compliance audits ensure that ITILITE continuously meets industry regulations and best practices. Additionally, ITILITE maintains transparent privacy policies that inform users about data collection, processing and protection measures.

Network Security & Firewalls

Network security plays a crucial role in protecting our IT infrastructure from cyber threats. ITILITE deploys Intrusion Detection & Prevention Systems (IDPS) to monitor traffic for suspicious activity and block malicious attempts. We enforce Web Application Firewalls (WAFs) to prevent attacks such as Distributed Denial-of-Service (DDoS) and code injections. Our Zero Trust Architecture (ZTA) approach ensures that no internal or external entity is trusted by default, enforcing strict authentication and access policies across the network.

Endpoint Security

ITILITE's endpoint security focuses on securing devices such as employee laptops, mobile phones and workstations against cyber threats. Advanced antivirus and anti-malware solutions are installed to detect and remove malicious software. Additionally, Mobile Device Management (MDM) policies ensure that all corporate devices comply with security protocols, reducing risks from unapproved applications or configurations.

Cloud & Infrastructure Security

ITILITE's platform and applications are hosted in AWS cloud data centers, distributed across multiple regional availability zones for high availability and security. Our security framework leverages AWS Identity and Access Management (IAM) for fine-grained access control, AWS Security Hub for continuous security monitoring, and Amazon Virtual Private Cloud (VPC) to isolate ITILITE's infrastructure, providing network-level security and controlled access. Additionally, AWS Key Management Service (KMS) ensures end-to-end encryption of sensitive data, protecting it from unauthorized access. By integrating these security capabilities, ITILITE maintains a resilient, secure and compliant cloud environment for our customers.

Our Secure Software Development Lifecycle

At ITILITE, security is embedded into every stage of our development process. Our SSDLC integrates secure design principles, threat modeling, automated and manual code reviews, and continuous security testing to proactively identify and mitigate risks. We ensure secure dependency management, rapid incident response, and compliance with industry standards like SOC 2, ISO 27001, and GDPR. Our engineers undergo regular security training, and we continuously monitor and enhance our security posture to protect against evolving threats.

Quality Assurance

Builds are put through stringent functionality tests, performance tests, stability tests, and Ux tests before the build is certified “Good to go”.

Product Roadmapping

The product road-map is defined and reviewed periodically by the Product Owner. Security fixes are prioritized and are bundled in the earliest possible sprint.

Code Review

All changes are tested by the Quality Assurance team and criteria are established for performing code reviews, web vulnerability assessment, and advanced security test practices.

Version Control

Source Code is managed centrally with version controls and access restricted based on various teams that are assigned to specific sprints. Records are maintained for code changes & code check-ins & check-outs.

Highly Resilient Architecture

Securing your data

All components are deployed in ‘n+1’ mode across multiple availability zones configured in active-active mode behind a load balancing service.

Highly Scalable DNS

Route users to the best endpoint based on geo-proximity, latency, health, and other considerations.

Data Backup

Near real-time backups taken across multiple availability zones in encrypted and access controlled containers.

Incident Response & Business Continuity

At ITILITE, we have a proactive and well-defined incident response framework to detect, mitigate, and recover from security incidents efficiently. Our 24/7 monitoring systems continuously track potential threats, ensuring swift identification and containment of risks.

ITILITE maintains redundant infrastructure, automated backups, and disaster recovery protocols to ensure seamless operations. Our approach aligns with industry standards and compliance frameworks, ensuring that customer data and services remain protected, resilient, and available at all times.

FAQ

Where is ITILITE’s data stored?
ITILITE’s infrastructure is hosted on Amazon Web Services (AWS), leveraging AWS’s robust security, compliance, and high availability features. AWS adheres to stringent security protocols, helping us provide a secure and resilient platform for our customer
Is customer data encrypted?
ITILITE applies advanced encryption techniques to safeguard data. All data is encrypted at rest using AES-256 and in transit using TLS 1.2+, ensuring protection against unauthorized access or breaches
What happens to customer data if a contract is terminated?
ITILITE is committed to data privacy and compliance. Upon contract termination, we follow a secure data deletion process, ensuring customer data is removed in accordance with SOC 2, NIST, GDPR, ISO 27001, and other relevant regulations.
How does ITILITE handle payment and card transactions securely?
We comply with PCI DSS standards to ensure that all payment and corporate card transactions are encrypted and securely processed. ITILITE also integrates with secure payment gateways and enforces tokenization to protect sensitive financial data.
What data does ITILITE collect for travel bookings and expense management?
ITILITE collects only the necessary data required for seamless travel bookings, policy compliance, and expense reporting. This includes traveler details (name, email, contact information), itinerary details, and expense-related information. We do not store sensitive payment information unless required for compliance and operational needs.
Can ITILITE customers request security certifications and compliance reports?
Yes, customers can request security certifications, audit reports, and compliance documentation by reaching out to our Information Security team at infosec@itilite.com. Our team will review the request and can expect a response within 7 to 21 business days.
How does ITILITE handle personal identifiable information (PII) of travelers?
Traveler data such as passport details, corporate IDs, and payment credentials are stored securely with encryption at rest and in transit. We ensure that all PII information is protected, aligning with GDPR and SOC 2 best practices.
How does ITILITE monitor for security threats?
ITILITE employs continuous security monitoring, real-time intrusion detection, and anomaly detection to identify and mitigate threats. Our Security Operations Center (SOC) ensures that potential risks are swiftly addressed to maintain data security.
How often does ITILITE conduct penetration testing and vulnerability assessments?
We conduct annual regular penetration testing and vulnerability scans through internal security teams and third-party experts. These assessments help us proactively identify and address security gaps before they can be exploited.
How often is ITILITE’s Security Policy reviewed and updated?
To remain effective against evolving threats, our Security Policy is reviewed on an annual basis, or more frequently when significant changes in technology or regulatory requirements occur. This ensures that our practices stay current and resilient.

More Information

ITILITE is committed to data privacy and transparency. We have a designated Data Protection Officer (DPO) and a Grievance Redressal Office to address any concerns related to data privacy, security, and process integrity.

If you have questions regarding the data we collect, how it is used, or your rights under applicable privacy laws, please reach out to our DPO at dpo@itilite.com. Based on the nature of your query, you can expect a response within 7 to 21 business days.

For any requests related to security certifications and compliance documentation, please contact our Information Security team at infosec@itilite.com

Please refer to our Cookie Declaration and Privacy Policy to know more.