Security, Privacy and Control
Security, Privacy and ControlWe at eventPower understand your data is of utmost importance, requiring our products are secure, private and available. All our tools are built with end-to-end security in mind to keep your data safe.
Schedule a Demo
eventPower's Commitment to Data Security
System and Organization Controls (SOC 2)
System and Organization Controls (SOC 2) is a well-known security compliance and certification created by the American Institute of Chartered Public Accountants (AICPA). It is considered the gold standard to ensure customers’ data security and operational maturity.
eventPower has been independently reviewed and conforms to the Trust Services Criteria set out by SOC 2 and undergoes periodic audits to assure eventPower keeps customer data private and secure.
A formal SOC 2 report is available upon request for existing and prospective clients.
Payment Card Industry Data Security Standard (PCI DSS)
The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards which aims to secure credit and debit card transactions against data theft and fraud. eventPower handles all payment data securely, working closely with our payment processors to ensure compliance and top-tier security.
A formal SAQ report is available upon request for existing and prospective clients.
Privacy Shield provides a mechanism for companies to comply with data protection requirements when transferring data between the US and the European Union and Switzerland.
Though Privacy Shield has undergone changes over the past few years and continues to be in a state of flux, we believe participation in Privacy Shield is an important indication of our commitment to personal and organizational data privacy.
General Data Protection Regulation (GDPR)
The General Data Protection Regulation (GDPR) is a European Union (EU) law to protect data privacy. While it is focused on EU persons, it is applicable for any company that does business with European persons. eventPower is fully GDPR compliant to satisfy the needs of clients with worldwide event participation, as well as utilizing the law as a template for data privacy across all our clients regardless of their location.
eventPower has the policies, processes, and training in place to ensure GDPR compliance.
California Consumer Protection Act (CCPA)
Beginning in 2020, businesses which collect personal information from California consumers have to protect that data, similar to other worldwide data protection laws. The CCPA requires greater transparency in data practices and give consumers more control over their personal information.
eventPower's tools are CCPA compliant, help provide personal data transparency and consent, and the eventPower team can help your team ensure proper data management and protection throughout your event.
Our Promise To You
Secure by DesigneventPower's suite of tools were built from the ground-up utilizing secure development practices. This provides a framework for managing your whole event while trusting eventPower to maintain your data securely.
Our security program is driven not only by compliance and regulatory requirements, but also by industry best practices such as the OWASP Top 10 and SANS Top 20. We work with partners to remain on the leading edge of threat intelligence.
ComplianceeventPower is SOC 2 certified, PCI compliant to support data protection and security. eventPower is fully GDPR compliant and we provide tools such as consent management and reporting to help our customers ensure their GDPR compliance. eventPower can execute a Data Processing Agreement (DPA) and Standard Contractual Clauses (SCC) as needed for GDPR compliance. We stay up to date on evolving compliance requirements including CCPA and Privacy Shield changes.
InfrastructureOur infrastructure runs on industry-leading hosting providers which ensure high levels of scalability, security and availability. We regularly maintain well over 99.9% uptime. When things do go wrong, we pride ourselves on a high level of communication via our publicly available status page.
We utilize a combination of firewalls, intrusion detection, DoS/DDoS protections, and alerting tools to achieve a high-level of availability and protection.