Top Ranked, Unbelievably Easy-to-Use
Highly-rated and thousands of reviews worldwide, EventCreate is independently ranked a top event management platform.
Employing strict SOC 2 standardized practices, continuous penetration testing, and a robust bounty program, EventCreate is intensely committed to the security and privacy of our customers' data. EventCreate also provides security measures to its customers, including daily backups, 2FA support, SSO support, and fully encrypted traffic, both in transit and at rest. EventCreate uses an array of industry-leading technologies and services to protect your data against unauthorized access, disclosure, use, and loss. All EventCreate administrators undergo background checks and are routinely trained on security practices during company onboarding and on a quarterly basis.
For a copy of our SOC 2 report or for further information regarding our security policies, please contact us at [email protected]. If you are interested in joining our bounty program, please apply through our program on HackerOne.
SOC 2 / EventCreate is certified in accordance with the SOC 2 standards set by the AICPA. Achieving SOC 2 compliance demonstrates a high level of commitment to data security and operational excellence.
GDPR / EventCreate is designed to comply with the requirements stated by both GDPR and the CCPA. EventCreate is self-certified under the Data Privacy Framework.
Encrypted Traffic / To ensure the security of all data in transit, EventCreate mandates the use of Transport Layer Security (TLS) 1.3 or higher. Our systems are configured to reject any connection attempting to use outdated protocols (TLS 1.1 and below) or insecure cipher suites. Additionally, all inbound requests are logged and continuously monitored using a combination of rule-based and anomaly-detection systems.
Secure Storage / Our data protection strategy for data at rest is comprehensive. We enforce full disk encryption across all datastores, including databases and their backups. Furthermore, sensitive data is separately encrypted at the application level before it is committed to storage, ensuring it remains protected even in the event of a storage-level breach.
Daily Backup / To ensure business continuity and guard against data loss, EventCreate utilizes a point-in-time recovery (PITR) system for all data. This advanced approach allows for granular restoration to a specific moment, minimizing potential data loss. Backups are securely stored and available for a 7-day retention period.
Access Control / Access to EventCreate's infrastructure is strictly limited to a select group of authorized administrators. All team members granted this privileged access are required to undergo extensive background checks.
CICD / EventCreate utilizes a Continuous Integration and Continuous Deployment (CI/CD) pipeline for rapid and secure software development. All source code modifications are tracked in GitHub, where they undergo peer review and automated testing before being deployed. This agile methodology significantly enhances our ability to respond swiftly to bugs, vulnerabilities, and security incidents.
Penetration Testing / To proactively ensure the security of our platform, we hire an independent, certified agency to conduct a thorough penetration test every year. These security experts simulate real-world attacks against our live application to identify potential vulnerabilities. We then use these findings to prioritize immediate security improvements. Enterprise customers can contact their Account Manager for a summary of our most recent test results.
Bug Bounty Program / EventCreate operates a robust bug bounty program in partnership with HackerOne to encourage the responsible disclosure of security vulnerabilities. We treat all submissions with the utmost seriousness.
Upon receipt, our security team promptly verifies each disclosure, prioritizes the vulnerability, and implements the necessary containment and remediation measures. We are committed to maintaining open communication with the researcher throughout this process by providing regular status updates and collaborating on coordinated public disclosure if requested.
This entire process is governed by our formal, well-documented Security Incident Response Plan, which ensures all potential incidents are handled consistently and effectively.
SSO / For administrators, SSO centralizes user management, simplifies onboarding and offboarding, and enforces corporate security policies, such as multi-factor authentication. It's the ideal solution for enhancing security, ensuring compliance, and simplifying access control across your team.
2FA / When you enable 2FA, logging in requires two steps: your password, plus a unique, time-sensitive code from an authenticator app on your smartphone (like Google Authenticator or Authy). This means that even if your password were compromised, your account, attendee data, and ticket revenue would remain safe. Activate 2FA today for complete peace of mind.
Collaborator Team Roles / Varying access roles on EventCreate allow you to securely and efficiently manage your team by granting members permissions tailored to their specific responsibilities. This enhances security by ensuring team members only access the data and settings they need, protecting sensitive information like revenue and attendee lists. It streamlines teamwork by reducing clutter and preventing accidental changes, allowing designers, marketers, and on-site staff to collaborate seamlessly. By assigning roles like Admin, Editor, or Viewer, you maintain complete control while empowering your team to work effectively, ensuring a smooth and secure event execution.
Highly-rated and thousands of reviews worldwide, EventCreate is independently ranked a top event management platform.
