Privacy
Data minimisation, approved sources and project-specific processing boundaries.
Trust
ITYES IT FACTORY S.R.L. · Last updated: July 6, 2026
This page describes the security and data-handling approach ITYES applies when designing custom software, integrations, automation and enterprise AI systems. Specific controls depend on the project scope, environment and client requirements.
Data minimisation, approved sources and project-specific processing boundaries.
GDPR-aware handling and documented responsibilities for controller / processor roles.
Logs for tool calls, approvals, operator actions and integration events where implemented.
Access model review, least privilege and role boundaries before production use.
Role-based access control can be scoped for operator, admin and integration permissions.
Transport encryption and data-at-rest options depend on the selected hosting and storage model.
Deployment and storage locations are defined during project scoping when required.
ISO 27001 / SOC 2 readiness support can be discussed; this page does not claim certification.
Integrations with ERP, SAP, Salesforce, Microsoft Dynamics, internal databases, legacy systems and custom APIs are assessed per project. Before implementation, ITYES reviews available APIs, authentication model, data fields, access boundaries, environment options and rollback or manual fallback needs.
For AI systems, ITYES defines what the agent can read, what tools it can call, what actions require human approval, and what logs must be retained. RAG is scoped to approved sources. MCP, tool calling, LangGraph-style workflows and observability tools such as LangSmith may be used when they fit the security and operational requirements.
Production credentials should not be sent through public chat, email threads or website forms. For project work, credentials are handled through agreed secure channels or client-managed access. Access should be revoked when no longer required.
Where implemented, logs may include integration events, agent decisions, tool calls, source references, approval status, operator actions and system errors. Analytics is used to understand operational performance, not to create hidden automated decisions about individuals.
When appropriate, ITYES separates development, staging and production environments. Test data, synthetic data or anonymised data is preferred during discovery and early prototyping. Production data use should be explicitly approved.
If a security or data incident is suspected, ITYES prioritises containment, investigation, client notification, evidence preservation and remediation. Contractual incident procedures may define specific notification timelines and responsibilities.
Unless explicitly agreed and verified for a project, ITYES does not claim ISO 27001 certification, SOC 2 certification, sector-specific compliance certification or guaranteed compatibility with every enterprise system. Security commitments should be stated in the project contract.
For security or data-handling questions, contact contact@ityes.eu.