Security & Safety

Last updated: 11 February 2026

1. Purpose

Eventboost prioritizes information security and data protection. This page outlines our main organizational and technical measures and should be read together with our:

2. Privacy governance and internal culture

We maintain policies and procedures supporting a privacy and security management program, including:

  • internal awareness and training;
  • least-privilege access controls;
  • supplier due diligence and contractual safeguards.

Important note: Eventboost does not sell personal data and does not share personal data with third parties for third-party marketing purposes. We may share data with service providers acting on our behalf to deliver the Services, under appropriate contractual and security controls.

3. ISO/IEC 27001 certification journey

Eventboost has launched a structured program to achieve ISO/IEC 27001 certification for its Information Security Management System (ISMS). The program includes a gap assessment, policy definition and updates, risk assessment, control strengthening, and internal audits, with the goal of continuous improvement in security and accountability.

Until the program is completed, Eventboost continues to implement appropriate technical and organizational measures and uses best efforts to align with industry best practices.

4. People controls and confidentiality

  • onboarding checks where applicable;
  • confidentiality obligations and internal policies;
  • role-based access, authentication and logging.

5. Infrastructure / production environment

Eventboost production systems are hosted on Amazon EC2 (AWS). The hosting environment relies on provider security assurances and audits, including (as stated by the provider):

  • PCI-DSS Level 1 Service Provider
  • ISO 27001
  • independent audits/assessments
  • SAS-70 Type II / SSAE16 (as applicable to historical provider attestations)

6. Application security (Web & Mobile)

  • web platform and mobile apps are developed and maintained by our internal engineering team;
  • encryption keys are restricted to the smallest feasible number of authorized personnel;
  • secure standard protocols such as AES and SSL/TLS are used for encryption and secure transport;
  • payment card data is handled under security standards: card data is not stored after transaction and is not stored on mobile devices.

7. Encryption and secure transmission

  • SSL/TLS is used to protect sensitive information in transit;
  • encryption is applied during data transmission between systems where applicable;
  • website and APIs are accessible via a 256-bit SSL certificate issued by DigiCert.

8. Operational security

We implement operational measures aimed at preventing, detecting and responding to security events, including:

  • security logging and monitoring;
  • backups and business continuity controls;
  • patching and vulnerability management;
  • protection against unauthorized access.

9. Incident response and data breaches

If a security incident involves personal data:

  • where Eventboost acts as Controller, we assess and comply with applicable legal obligations;
  • where Eventboost acts as Processor on an Organizer’s behalf, we notify the Organizer without undue delay in accordance with the DPA.

10. Contacts