Privacy EventNook maintains a comprehensive privacy programme. We are continually evaluating to protect personal information of our customers. | We participate in and comply with Singapore Personal Data Protection Act (PDPA) law. We do not sell the personal information of our customers to third parties. You can find our privacy policy at: https://overview.eventnook.com/p/privacy |
Hosting Environment Microsoft Azure hosts EventNook’s production systems. | PCI DSS Level 1 Service Provider ISO/IEC 27001 ISO 22301 ISO/IEC 27017:2015 ISO/IEC 27018 MTCS 584:2013 from IDA CDSA (CSA) STAR Self-Assessment SOC 1 SOC 2 SOC 3 https://www.microsoft.com/enus/trustcenter/Compliance Location EventNook hosts data in Singapore based Microsoft Azure data center. |
Web and Mobile Application Development EventNook is committed to designing, building and maintaining secure systems. | Web Application & Web API Security Control
We utilize Microsoft ASP.NET MVC Framework security controls to limit our exposure to OWASP Top 10 security flaws. These include inherent controls that reduce our exposure to Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), and SQL Injection (SQLi), among others. In infrastructure level, we enable Microsoft antimalware in our cloud hosting machines for real time protection and regular scanning of malware. We establish automated security auditing and threat detection in place in data storage. In our engineering team, we provide secure code training and discussion about security. The training covers OWASP Top 10 security flaws, common attack vectors, and EventNook security controls. No credit card information is permitted to be stored on eventnook’s server. Use of encryption for both storage and transmission of sensitive information is regularly audited by the EventNook full-time engineering team. All web and mobile applications are primarily developed, tested, deployed, and maintained by a full-time, in-house engineering team. |
Encryption EventNook uses strong encryption methods and key management procedures to ensure your sensitive information is protected. | All credit card information is encrypted with strong industry-standard cryptographic protocols such as AES and TLS while in transit through our systems. EventNook’s website and APIs are accessible via a 256-bit SSL certificate issued by Godaddy. Credit card information is never stored after transaction authorisation. Access to encryption keys is held by the smallest number of EventNook employees possible. |
Incident Response | While we don't anticipate there ever being a breach of our systems, we know that no computer system is perfectly secure. In case of a system alert, EventNook has 24x7 monitoring of its systems and alerts in place to notify the administrators.
|
Access Privileges & Roles | Access to data within your EventNook is governed by access rights, and can be configured to define granular access privileges. EventNook has various permission levels for users (owner, admin, manager, analyst, etc.) to manage events. |
Employee Vetting Background Checks & Confidentiality Agreements | EventNook performs background checks on all new employees in accordance with local laws. These checks are also required to be completed for contractors. The background check includes Criminal, Education, and Employment verification. All new hires are screened through the hiring process and required to sign Non-Disclosure and Confidentiality agreements. |