App content and data are stored on various clouds, and it’s possible you may have security concerns or policies against cloud storage systems. Please see below for information regarding the security measures that exist to protect the information stored on each cloud, as well as our own security practices at EventMobi.
Privacy & Encryption
Data and personal information that is entered into EventMobi is never shared or sold with any third party organizations. We also provide various options to protecting your information such as:
- Password protected Content Manager
- Optional password activation for users
- SSL Encryption by GeoTrust
Data Hosting & Retention
With the exception of images and documents, all app data is stored in our database. The database is in a cloud on Amazon Web Services and only accessible via our servers. So the database itself is not accessible publicly. Our applications implement authentication and authorization and application logic on top of the database to ensure we return only the proper data for the event and user.
Amazon Web Services is the provider of choice for companies like Adobe, Netflix and Unilever, and allows EventMobi to ensure that our client information is securely stored. Amazon compliance includes:
- PCI-DSS Level 1 Service Provider
- ISO 27001 certified
- SAS-70 Type II and SSAE16
Additional information can also be found on Amazon Web Services' site https://aws.amazon.com/ec2/.
Servers: Amazon Web Services (Elastic Compute Cloud a.k.a EC2) using Ubuntu Server 12.04 LTS
Database: Amazon Web Services (Relational Database Service a.k.a RDS) using MySQL
High Availability / Redundancy: See Security doc.
Other Clouds: S3.amazonaws.com, cloudinary.com & res.cloudinary.com
These clouds only host the images and uploaded documents on the app. The data is public on all of these clouds, but the names and file paths are not indexed or listable. This means you have to know exactly which file you need in order to access it (which the app does).
Backup & Disaster Recovery
Every 20 minutes, EventMobi databases are backed up to minimize the impact of an unlikely critical failure.
Penetration Testing & Development Best Practices
To ensure the highest security, EventMobi abides by OWASP Top Ten and SDLC best practices.
Secure Payment Processing
Our partnership with industry-leader Stripe allows us to provide PCI Compliant payment processing for registrations.
Additional information on Stripe’s security measures can be found on their website https://stripe.com/docs/security.
Transparency & Communication
In the event that downtime or breaches should occur, we are committed to to maintaining open communication by offering:
- Incident Response Plan in Place
- 24/7 Monitoring with Automated Alerts
- Transparent Communication Strategy
On the rare occasion of system degradation, EventMobi staff follow strict guidelines regarding cause investigation, client communication and follow-up action.
Event App Distribution
Ensuring your event app ends up in the right hands doesn’t have to be complicated. With our password protection and controlled distribution options, you can rest assured that your app is reaching the right audience by providing access through one of the following methods:
- Distribute widely through the App Store
- Distribute widely by publicly sharing URL
- Distribute to focused group by privately sharing URL
Hiring & Training
Our staff are trained on positive identification practices over phone and email. Internally, principles of least privilege are followed with multi-factor authentication and permissioning utilized to manage access.
We are committed to applying security best practices through every aspect of development. That said, should you come across any vulnerabilities, please contact firstname.lastname@example.org.
For more detailed information, please visit www.eventmobi.com/security. You can also access our security document directly below, which covers Security, Reliability, Disaster Recovery and Compliance.