Follow

What security measures are in place to protect my information on the app?

Data Security

App content and data are stored on various clouds, and it’s possible you may have security concerns or policies against cloud storage systems. Please see below for information regarding the security measures that exist to protect the information stored on each cloud, as well as our own security practices at EventMobi. 

 

Privacy & Encryption

Data and personal information that is entered into EventMobi is never shared or sold with any third party organizations. We also provide various options to protecting your information such as:

  • Password protected Content Manager
  • Optional password activation for attendees
  • SSL Encryption by GeoTrust

 

Data Hosting & Retention

With the exception of images and documents, all app data is stored in our database. The database is in a cloud on Amazon Web Services and only accessible via our servers. So the database itself is not accessible publicly. Our applications implement authentication and authorization and application logic on top of the database to ensure we return only the proper data for the event and user.

Amazon Web Services is the provider of choice for companies like Adobe, Netflix and Unilever, and allows EventMobi to ensure that our client information is securely stored. Amazon compliance includes:

  • PCI-DSS Level 1 Service Provider
  • ISO 27001 certified
  • SAS-70 Type II and SSAE16

Additional information can also be found on Amazon Web Services' site https://aws.amazon.com/ec2/.

 

Database Infrastructure

Servers: Amazon Web Services (Elastic Compute Cloud a.k.a EC2) using Ubuntu Server 12.04 LTS

Database: Amazon Web Services (Relational Database Service a.k.a RDS) using MySQL

High Availability / Redundancy: See Security doc.

 

Other Clouds: S3.amazonaws.com, cloudinary.com & res.cloudinary.com

These clouds only host the images and uploaded documents on the app. The data is public on all of these clouds, but the names and file paths are not indexed or listable. This means you have to know exactly which file you need in order to access it (which the app does).

 

Backup & Disaster Recovery

Every 20 minutes, EventMobi databases are backed up to minimize the impact of an unlikely critical failure.

 

Penetration Testing & Development Best Practices

To ensure the highest security, EventMobi abides by OWASP Top Ten and SDLC best practices.

 

Secure Payment Processing

Our partnership with industry-leader Stripe allows us to provide PCI Compliant payment processing for attendee registrations.

Additional information on Stripe’s security measures can be found on their website https://stripe.com/docs/security.

 

Transparency & Communication

In the event that downtime or breaches should occur, we are committed to to maintaining open communication by offering:

  • Incident Response Plan in Place
  • 24/7 Monitoring with Automated Alerts
  • Transparent Communication Strategy

 

Incident Response

On the rare occasion of system degradation, EventMobi staff follow strict guidelines regarding cause investigation, client communication and follow-up action.

 

Event App Distribution

Ensuring your event app ends up in the right hands doesn’t have to be complicated. With our password protection and controlled distribution options, you can rest assured that your app is reaching the right audience by providing access through one of the following methods:

  • Distribute widely through the App Store
  • Distribute widely by publicly sharing URL
  • Distribute to focused group by privately sharing URL

 

Hiring & Training

Our staff are trained on positive identification practices over phone and email. Internally, principles of least privilege are followed with multi-factor authentication and permissioning utilized to manage access.

 

Responsible Disclosure

We are committed to applying security best practices through every aspect of development. That said, should you come across any vulnerabilities, please contact security@eventmobi.com.

For more detailed information, please visit www.eventmobi.com/security. You can also access our security document directly below, which covers Security, Reliability, Disaster Recovery and Compliance.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.
Powered by Zendesk