Security and Privacy at Itemize
Security is at the heart of what we do—helping our customers improve their data security and compliance posture starts with our own.
Data at restAll customer data in datastores, including S3 buckets, is encrypted while at rest. Row-level encryption is also employed for sensitive collections and tables. This ensures that data is encrypted even before it is stored in the database, providing an additional layer of security. Unauthorized physical or logical access to the database is insufficient to read the most sensitive information.
Data in transit
Itemize employs TLS 1.2 or higher to encrypt data transmitted over potentially insecure networks. Additional security measures such as HSTS (HTTP Strict Transport Security) are utilized to enhance the protection of data in transit. The management of server TLS keys and certificates is entrusted to AWS.
Encryption keys are managed using the AWS Key Management System (KMS). Key material is stored in Hardware Security Modules (HSMs) to prevent direct access by any individuals, including Amazon and Itemize employees. These keys stored in HSMs are utilized for encryption and decryption through Amazon’s KMS APIs.
Application secrets are encrypted and securely stored via AWS Secrets Manager and Parameter Store, with access strictly restricted to authorized personnel.
Itemize collaborates with a top-tier penetration testing consulting firm to conduct testing.
These assessments encompass all aspects of the Itemize product and cloud infrastructure, with full access to source code granted to testers to maximize their effectiveness and coverage.
Itemize maintains an active Privacy Shield membership.
Itemize evaluates updates to regulatory and emerging frameworks continuously to evolve our program.