As an EU company, run.events is dedicated to the security and privacy of all our users. We combine security best practices and the latest cloud security tools to keep your data secure and protected.
From day one, run.events was built for cloud. Our entire architecture and all our code are created to take advantage of cloud computing capabilities. We use only PaaS (Platform as a Service) resources that allow us to build system that is scalable and secure. Since we don’t need to worry about underlaying infrastructure (physical security, servers, updates etc.), we can focus on development and providing the best service and experience for our users.
run.events doesn’t use any local infrastructure, all our resources are hosted in Microsoft Azure. Microsoft Azure datacenters provide physical security that is up to the highest industry standards. All facilities are covered by cameras and alarms with security staff operating 24/7. In order to access datacenter facility, several checkpoints need to be passed and include biometrics two-factor authentication. All Microsoft Azure datacenters have days of backup power in order to ensure uninterrupted operations, including all security processes. Microsoft Azure adheres to security controls for ISO 27001, ISO 27018, SOC 1, SOC 2, SOC3, FedRAMP, HITRUST, MTCS, IRAP, and ENS.
All our services are running on Microsoft Azure, in West Europe region which is located in Netherlands. Additional backups of data are also stored in North Europe (Ireland).
Exceptions are availability monitoring and CDN (Content Delivery Network). Both are used to ensure smooth and uninterrupted delivery of our services, and no sensitive data is exposed or stored using these resources.
All data in run.events is encrypted at all times, in rest and transit. This includes all files stored in Storage account, database and all the backups.
Data in transit is encrypted over HTTPS protocol using SSL. Every connection to our services, both from your device to our services and internal communication between our services, is secured and encrypted. We are using same security standards that are used for online banking to ensure best protection of our users.
Only a limited number of our staff have direct access to data. Access is strictly controlled and approved only when needed using the Principle of Least Privilege. Access is only approved on limited set of data in order provide customer support, troubleshooting and responding to potential security incidents.
Our system is using PaaS services to ensure maximum uptime and we can proudly say our uptime was over 9.99% in the last 12 months. Most of our deployments do not require any downtime. If downtime is necessary, we will announce maintenance slot with 24 hours notice to our users.
Advanced monitoring tools designed for PaaS are used to track any health issues, errors that may occur, and to track security alerts and recommendations.
All data is backed up using Point in Time Restore which allows us to restore to any 10 minutes interval within the last 30 days. Additional full backups are saved on monthly bases (1st day of every month) within the last 24 months.
For additional redundancy, backups are stored using geo-redundancy and are stored in two different locations (West Europe as primary location and North Europe as secondary).
We don’t store passwords in our system. Instead, we are using external login providers, and you can choose between personal or corporate accounts. Currently supported login methods are Microsoft, Google, Apple, LinkedIn, and Facebook. No personal data is collected during the process and we only request authentication tokens to validate the user’s identity. No data is shared with login providers at any point.
On every single request in our system, we validate permissions to access certain set of data or to perform an action. This is achieved with role-based access control that ensures that authenticated user has authorization to access parts of the system and perform actions within these parts.
We use Stripe and Monri as our payment providers. Both providers are PCI-certified and ensure maximum safety of credit card information storage, transmission, and processing. We don’t store your credit card information not do your credit card information pass though our system at any time. Only payment information we have is status of your payment we receive from payment provider.