Data Protection and Security

1.1 Iterpro shall use reasonable physical, electronic and procedural safeguards to protect against data loss, misuse, alteration, and dissemination of any personal data received by Iterpro from the Customer.

1.2 Any information provided by the Customer at the time of the drafting of the Contract or any other information provided by the Customer concerning his/her company or profession (Customer Data) is subject to the Iterpro Privacy Policy. Iterpro reserves the right to update or modify the Privacy Policy from time to time at its sole discretion.

1.3 The Customer states that he/she has received information from Iterpro regarding the processing of personal data required by the EU Regulation of 27 April 2016 n. 2016/679/EU.

2. Iterpro Security Specification

2.1 Iterpro undertook a list of design and operative choices to protect Customers and their data. Most of them are also related to protecting the privacy and data of the Customers, players and most of the club data imported in Iterpro.

a) The Password Criteria of every Customer in the system should respect the following rules.

  • Minimum 8 characters
  • Minimum 1 uppercase, lowercase, digit or special character

b) Two factors Authentication

With 2-Step Verification, also called two-factor authentication, you can add an extra layer of security to your account in case your password is stolen. After you set up 2-Step Verification, you can sign in to your account with:

  • Your password

  • Google Authenticator

The Customer is responsible for the safety of his password and should also contact Iterpro via a support ticket if doesn’t recognize activity done on his account.

c) Database Security The Database cluster is hosted on a private network and replicated through 2 availability zones. Only the application can communicate over HTTPS. Database contents are encrypted on a file system and also anagraphic and registry data on the database are encrypted as well to ensure the anonymity of data. Decryption is done on the fly with a crypto key randomly generated and hosted only on our infrastructure platform. Iterpro has a snapshot strategy in case of Customer error or disaster recovery every 6 (six) hours before deleting them after 2 (two) days, daily for 30 (thirty) days before deleting them, weekly for 5 (five) weeks before deleting, monthly snapshot before deleting them after 13 (thirteen) months.

d) Storage security From the Iterpro platform it is possible to upload files to a secure hosting as well. These files are hosted on a secure CDN and are not available to the public. A token is needed to access these files from the application. This token is regenerated every hour and is only valid to view data related only to the Customer’s club/teams.

e) Support Iterpro has a support service via HubSpot to check platform data problems with our Customers. Support is mostly done via HubSpot and remote calls, phone calls and support on-site. Passwords can be reset by customers themselves or by Iterpro upon Custormers’ request.

f) Infrastructure All the services and the resources of Iterpro are hosted on a cloud infrastructure. Access is only available to a select list of employees and only with 2 (two) factors of authentication. All the operations and/or interventions are logged on the infrastructure systems.

g) Iterpro Platform All the applications of Iterpro are under an HTTPS connection and it is not possible to access Iterpro without it. Each user has a set of permissions granted by the account’s administrator. A security layer is in place checking each interaction with the backend and assuring that a user can access only the data of its domain (e.g. the Club).

Our security measures include:

Transmitting data only using HTTPS and SSL/TLS including transmission between resources and external APIs. Storing files and relevant information only encrypted and on storage under HTTPS. Doing routine checks for the security and safety of the platform. In the event of a data breach that affects your club’s personal data, we will act promptly to mitigate the impact of a breach and notify any affected users without undue delay.