Security

As an EU company, run.events is dedicated to the security and privacy of all our users. We combine security best practices and the latest cloud security tools to keep your data secure and protected.

Cloud-Native Application

From day one, run.events was built for cloud. Our entire architecture and all our code are created to take advantage of cloud computing capabilities. We use only PaaS (Platform as a Service) resources that allow us to build systems that are scalable and secure. Since we don’t need to worry about underlying infrastructure (physical security, servers, updates, etc.), we can focus on development and providing the best service and experience for our users.

Physical Security

run.events doesn’t use any local infrastructure; all our resources are hosted in Microsoft Azure. Microsoft Azure datacenters provide physical security that is up to the highest industry standards. All facilities are covered by cameras and alarms with security staff operating 24/7. In order to access datacenter facilities, several checkpoints need to be passed and include biometrics two-factor authentication. All Microsoft Azure datacenters have days of backup power to ensure uninterrupted operations, including all security processes. Microsoft Azure adheres to security controls for ISO 27001, ISO 27018, SOC 1, SOC 2, SOC3, FedRAMP, HITRUST, MTCS, IRAP, and ENS.

Server Location and Access

All our services are running on Microsoft Azure, in the West Europe region, which is located in the Netherlands. Additional backups of data are also stored in North Europe (Ireland).

Exceptions are availability monitoring and CDN (Content Delivery Network). Both are used to ensure smooth and uninterrupted delivery of our services, and no sensitive data is exposed or stored using these resources.

Data Security and Access

All data in run.events is encrypted at all times, in rest and transit. This includes all files stored in the Storage account, database, and all the backups.

Data in transit is encrypted over HTTPS protocol using SSL. Every connection to our services, both from your device to our services and internal communication between our services, is secured and encrypted. We are using the same security standards that are used for online banking to ensure the best protection of our users.

Only a limited number of our staff have direct access to data. Access is strictly controlled and approved only when needed using the Principle of Least Privilege. Access is only approved for a limited set of data to provide customer support, troubleshooting, and responding to potential security incidents.

Availability and Redundancy

Our system uses PaaS services to ensure maximum uptime, and we can proudly say our uptime was over 99.99% in the last 12 months. Most of our deployments do not require any downtime. If downtime is necessary, we will announce maintenance slots with 24 hours' notice to our users.

Advanced monitoring tools designed for PaaS are used to track any health issues, errors that may occur, and to track security alerts and recommendations.

All data is backed up using Point in Time Restore, which allows us to restore to any 10-minute interval within the last 30 days. Additional full backups are saved monthly (on the 1st day of every month) within the last 24 months.

For additional redundancy, backups are stored using geo-redundancy and are stored in two different locations (West Europe as the primary location and North Europe as the secondary).

Accounts

We don’t store passwords in our system. Instead, we use external login providers, and you can choose between personal or corporate accounts. Currently supported login methods are Microsoft, Google, Apple, LinkedIn, and Facebook. No personal data is collected during the process, and we only request authentication tokens to validate the user’s identity. No data is shared with login providers at any point.

On every single request in our system, we validate permissions to access certain sets of data or to perform an action. This is achieved with role-based access control that ensures the authenticated user has authorization to access parts of the system and perform actions within these parts.

Payment Information

We use Stripe and Monri as our payment providers. Both providers are PCI-certified and ensure maximum safety of credit card information storage, transmission, and processing. We don’t store your credit card information, nor does your credit card information pass through our system at any time. The only payment information we have is the status of your payment we receive from the payment provider.

Plan Your Event

Market Your Event

Sell Tickets Seamlessly and Securely

Deliver an Exceptional Experience

Analyze Performance with Robust Analytics

See all features

B2B Conference and Conventions

Expos and Fairs

Event Agencies and Professionals

Venues and Event Locations

Corporate Events

Professional Associations

Upgrading to run.events is easy!

Eventbrite

Whova

Event Tech Consulting Services

Badging and Check-In Services

White-labeled Event App

Ticketing Services

Event Marketing

Event Web Sites

Blog

Testimonials and Customer Stories

Community Portal and Knowledgebase

Newsletter

Speaker Directory

Security and Compliance

Agency Partners

Ambassadors