Security, Privacy and Control

We at eventPower understand your data is of utmost importance, requiring our products are secure, private, and reliable. All our tools are built with end-to-end security in mind to keep your data safe.

Schedule a Demo

eventPower's Commitment to Data Security

System and Organization Controls (SOC 2)

SOC 2 Compliant Logo

System and Organization Controls (SOC 2) is a well-known security compliance and certification created by the American Institute of Certified Public Accountants (AICPA). It is considered the gold standard to ensure customers’ data security and operational maturity.

eventPower has been independently reviewed and conforms to the Trust Services Criteria set out by SOC 2 and undergoes periodic audits to assure eventPower keeps customer data private and secure.

A formal SOC 2 report is available upon request for existing and prospective clients.

Payment Card Industry Data Security Standard (PCI DSS)

PCI DSS Logo

The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards which aims to secure credit and debit card transactions against data theft and fraud. eventPower handles all payment data securely, working closely with our payment processors to ensure compliance and top-tier security.

A formal SAQ report is available upon request for existing and prospective clients.

Data Privacy Framework

Privacy Shield Logo

The EU-US Data Privacy Framework has replaced Privacy Shield, providing a mechanism for companies to comply with data protection requirements when transferring data between the US and the European Union and the United Kingdom.

eventPower is certified to the U.S. Department of Commerce to properly manage cross-border personal data.

General Data Protection Regulation (GDPR)

GDPR Logo

The General Data Protection Regulation (GDPR) is a European Union (EU) law to protect data privacy. While it is focused on EU persons, it is applicable for any company that does business with European persons. eventPower is fully GDPR compliant to satisfy the needs of clients with worldwide event participation, as well as utilizing the law as a template for data privacy across all our clients regardless of their location.

eventPower has the policies, processes, and training in place to ensure GDPR compliance.

California Consumer Protection Act (CCPA & CalOPPA)

CCPA Logo

Beginning in 2020, businesses which collect personal information from California consumers have to protect that data, similar to other worldwide data protection laws. The CCPA requires greater transparency in data practices and give consumers more control over their personal information. Beginning 2023, CalOOPA expands on these protections for California residents.

eventPower's tools are CCPA and CalOPPA compliant, help provide personal data transparency and consent, and the eventPower team can help your team ensure proper data management and protection throughout your event. Additionally, eventPower remains on the forefront of privacy legislation including VCDPA (Virginia), CPA (Colorado), UCPA (Utah), CTDPA (Connecticut), PIPEDA (Canada).

Our Promise To You

Real-Time Backups
Disaster Recovery
Encryption
US Data Centers
99.9% + Uptime

Secure by Design

eventPower's suite of tools were built from the ground-up utilizing secure development practices. This provides a framework for managing your whole event while trusting eventPower to maintain your data securely.

Our security program is driven not only by compliance and regulatory requirements, but also by industry best practices such as the OWASP Top 10 and SANS Top 20. We work with partners to remain on the leading edge of threat intelligence.

Privacy

We work hard to maintain the privacy of the data you entrust with us. Data you store in eventPower is yours. We have a security program in place to protect it and use it only as needed to provide our tools to you as defined in our Terms of Service and Privacy Policy. We never share nor sell your data.

Compliance

eventPower is SOC 2 certified, PCI compliant to support data protection and security. eventPower is fully GDPR compliant and we provide tools such as consent management and reporting to help our customers ensure their GDPR compliance. eventPower can execute a Data Processing Agreement (DPA) and Standard Contractual Clauses (SCC) as needed for GDPR compliance. We stay up to date on evolving compliance requirements including CCPA and Privacy Shield changes.

Infrastructure

Our infrastructure runs on industry-leading hosting providers which ensure high levels of scalability, security and availability. We regularly maintain well over 99.9% uptime. When things do go wrong, we pride ourselves on a high level of communication via our publicly available status page.

We utilize a combination of firewalls, intrusion detection, DoS/DDoS protections, and alerting tools to achieve a high-level of availability and protection.

Security

Your data is always encrypted in transit (industry recommended TLS). Two-factor Authentication (2FA) is available for all your users to ensure both a password and an auto-changing code to login, effectively eliminating hacking attempts.

Backups and Disaster Recovery

Sometimes things go wrong, and eventPower has a tested backup and Disaster Recovery (DR) strategy to handle it. We utilize a multi-tier backup paradigm to allow restoration of data whether it is a simple error, such as an inadvertent deletion of a record, or something more significant, to be quickly and easily restored. The eventPower team regularly tests the backup and restoration processes.