Security and Compliance
This guide outlines the security measures and compliance standards implemented by Ideal Factory to protect your data across the Customizer, Production Hub & OMS, Print Hub, and Digital Asset Management (DAM) systems. For integration-specific details, refer to the Ecommerce Integration Overview.
Overview
At Ideal Factory, we prioritize the security and privacy of your data. Our platform, encompassing the Customizer, Production Hub & OMS, Print Hub, and DAM, is built with robust security measures to safeguard customer information, product data, and ecommerce integrations. We adhere to industry-standard practices and comply with global privacy regulations to ensure a trusted environment for your business and customers.
Data Protection Measures
We implement comprehensive measures to protect data across all Ideal Factory services:
-
Encryption:
- Data in transit is secured using TLS 1.3 for all communications between your ecommerce platform, the Customizer, Production Hub & OMS, Print Hub, and DAM.
- API keys and webhook secrets are encrypted at rest using AES-256.
-
Access Controls:
- Role-based access control (RBAC) restricts access to sensitive areas of the Production Hub & OMS and Print Hub admin panels.
- API keys are generated with scoped permissions (e.g.,
products.read, orders.write) and are recommended to be rotated periodically (e.g., every 90 days).
-
CSRF Protection:
- Cross-Site Request Forgery (CSRF) protection is implemented for all form submissions and API requests in the Customizer and Production Hub & OMS to prevent unauthorized actions.
-
XSS and SQL Injection Prevention:
- Cross-Site Scripting (XSS) prevention ensures user inputs are sanitized to protect against malicious scripts.
- SQL injection protection validates and escapes database queries to safeguard data integrity.
-
Data Storage:
- Customer data, including customization metadata and digital assets, is stored in secure cloud infrastructure with automated backups.
- Data is segmented by service (e.g., Customizer, Print Hub) to prevent unauthorized cross-access.
-
Monitoring and Auditing:
- Real-time monitoring detects suspicious activity across API endpoints and webhooks.
- Audit logs, accessible via the Production Hub & OMS admin panel, track all actions, including API requests and webhook deliveries.
Compliance with Regulations
Ideal Factory complies with global privacy regulations to ensure your business meets legal requirements:
- GDPR (General Data Protection Regulation):
- A Data Processing Agreement (DPA) is included in Ideal Factory’s General Terms and Conditions, automatically in place for all customers.
- The host ecommerce platform is responsible for implementing customer consent mechanisms for data processing, as Ideal Factory’s Customizer iframe does not handle consent directly.
Security for Integrations and Services
Our ecommerce integrations and services are designed with security first:
-
Secure Customizer Integration:
- The Customizer iframe is designed to support Content Security Policy (CSP) headers, which we recommend implementing to restrict scripts to trusted sources (e.g.,
https://cdn.idealfactory.com). CSP support is planned for future updates.
- Cross-origin resource sharing (CORS) is configured to allow only authorized domains (e.g., your ecommerce store).
-
Product Synchronization:
- Product data synced between your ecommerce platform (e.g., Shopify, WooCommerce) and Production Hub & OMS is validated and sanitized to prevent injection attacks.
- API endpoints are rate-limited to mitigate abuse, as outlined in the OMS API documentation.
-
Print Hub Security:
- Print job data is protected with access controls and secure API endpoints, as described in the Print Hub API documentation.
- Webhooks use signed payloads to ensure data integrity.
-
DAM Security:
- Digital assets in the DAM are protected with access controls, as noted in the DAM Overview.
- Asset metadata is sanitized to prevent injection vulnerabilities.
For platform-specific security details, refer to: