Security and Privacy at Eventlify
While your teams use Eventlify to manage and streamline events, rest assured that your data is fully protected. Eventlify isn't just efficient and user-friendly — it's built with security at its core.
Trusted By Organizations Worldwide
Enterprise-Grade Security
In addition to an industry-leading security program, our product has numerous built-in security features to ensure Eventlify is used per your organization’s security requirements.
Data at rest
We encrypt all data at rest using AES-256 encryption, ensuring your information is securely stored and protected from unauthorized access.
Data in transit
All data sent to or from our infrastructure is encrypted in transit using industry-standard Transport Layer Security (TLS) 1.2+, keeping your information safe while it's being transmitted. You can see our SSLLabs report here.
Secret management
Access to encryption keys is strictly controlled and limited to authorized users with a business need, ensuring that your data remains confidential and secure. We leverage a key management vault with key rotation to protect and secure keys.
Intrusion detection and prevention
We use advanced intrusion detection and prevention systems to monitor and protect our environment, quickly identifying and addressing potential threats to keep your data safe. These systems scan for anomalistic or suspicious activity and page alerts to our 24x7 on-call security engineer.
Product Security
Protection and privacy
We collect two types of user data.
User Content
When a user is signed into the Eventlify web application, we collect IP address, browser type, machine type, OS type, city-level geolocation, and user ID. This information is shared with subprocessors for troubleshooting, error reporting, product improvement, and user analytics. This data is securely hashed, aggregated, and encrypted by our subprocessors.
User Session Data
When a user is signed in to the Eventlify web application, we collect IP address, browser type, machine type, operating system type, city-level geolocation, and user ID. This data is shared with our subprocessors to support troubleshooting, error reporting, product enhancement, and user analytics.
Penetration testing
We conduct regular penetration testing to identify and address potential security vulnerabilities, keeping our systems robust against external threats.
Vulnerability scanning
Our infrastructure undergoes continuous vulnerability scanning at least monthly alongside continuous automated monitoring to detect and resolve weaknesses, maintaining a secure environment for your data.
Data encryption
All data is encrypted both in transit and at rest using industry-standard AES-256 and TLS 1.2+ protocols, ensuring comprehensive protection of your information.
Organizational Security
Asset inventory maintained
We keep a detailed inventory of all our production system assets to ensure everything is tracked and managed efficiently, helping us maintain a secure and organized environment. The inventory tracks the status of annual security reviews for assets supporting service delivery.
Employee background checks performed
To ensure a secure workplace, we conduct thorough background checks on all new employees and contractors, including criminal and educational history.
Information security training
Our employees receive ongoing training in information security at least annually, keeping everyone updated on best practices and the latest security protocols to protect your data.
Endpoint management
We use advanced endpoint monitoring tools to monitor and secure all devices connected to our network, ensuring they meet our security standards and protecting against potential threats.
Offboarding process formalized
Our offboarding process ensures that when an employee leaves, their access to our systems is promptly and securely revoked, protecting your data and maintaining our security standards.
Infrastructure Security
Overview
Eventlify’s infrastructure is hosted in SOC 2 Type II and ISO 27001 compliant data centers. Eventlify has backup data center regions with failover and restore capabilities to ensure high availability.
Least permissions access control
We enforce least permissions access control, granting employees the minimal access necessary for their roles. We continuously monitor these permissions to protect your data.
Segregated production environment
Our development, staging, and production environments are fully segregated to prevent unauthorized access and ensure the integrity of our live systems.
Network and system pardoning
We apply rigorous network and system hardening practices, including disabling unnecessary services, changing defaults, and applying security patches, to reduce vulnerabilities and bolster defenses.
Web application firewall
Our web application firewall (WAF) shields against common threats like SQL injection and cross-site scripting, providing an additional layer of protection for our applications.
Reliability & Availability
Uptime and availability
Uptime commitment
We are committed to providing the best service and availability. Learn more about our service status here.
Global support
Our global Support team works diligently to address any issues quickly. Enterprise customers receive priority support by a dedicated team.
Near-instantaneous backups
We back up all our critical assets and regularly run backup restores to guarantee fast recovery in case of disaster. Your data is backed up within minutes of transmission to our service. All of our backups are encrypted for data protection and are subject to heightened access control.
Geographically redundant backups
We have redundant data center zones in place with failover capabilities to ensure availability of services. Eventlify's RTO is 8 hours and RPO is 24 hours, providing quick restoration of services in the event of an outage and minimal to no data loss. We test our restore capabilities quarterly and consistently exceed our RTO.
Failover and recovery procedures
We have robust failover and recovery procedures to quickly restore services and minimize downtime, ensuring your business continues to operate smoothly.
AI Security
Eventlify AI
Although our core functionality of managing your event does not use AI, we do offer supporting features powered by third-party AI services.
AI-powered features
- Event Descriptions
- Auction Item Descriptions
- Auction Item Sheets
Your privacy is our priority
Eventlify partners with 3rd party AI providers to provide the fastest, easiest documentation experience. Your data security is our top priority, and we ensure that these partners adhere to the same high standards for protecting your intellectual property.
Protecting your data
We do not allow our AI service providers to use your data to train their models. Our AI providers delete any Eventlify content it has processed for the purpose of providing services to you within 30 days.
Rigorous security controls
Our service providers each have an executed data processing agreement with Scribe that binds the vendor to the same or more rigorous security controls that Eventlify implements, including data encryption, backups, and retention measures.