Jump to navigation Jump to content

Security

From the first line of code, we combine security best practices and enterprise-class security features to keep your data safe and sound.

Secure Access

Every single connection between you and our services, between our services internally, and everything our team connects to, is secured using HTTPS (SSL), the same security standard used in online banking.

Every account is password protected. All passwords pass through a one-way hash-and-salt technique before storing them in the database. This practice ensures passwords can’t be read or used in any way.

Alternatively, you may use your existing corporate or social credentials to login into our system, with all security features and measures they provide.

Role-based Access Control

We have a security subsystem inside the app that checks (on every single request) if the authenticated user has permission to access a certain set of data that they are trying to access. It is role-based access control that is scoped to a specific user and specific information that this user is accessing.

Direct Data Access

Only a few people in our Team have direct access to the live database and the backups. This access is granted on a need-to-know basis and is tightly controlled, following the Principle of Least Privilege Access.

You Decide about Your Data

You have complete control over your data. We don't share it, we don't copy it, we don't modify it. Our job is to keep your data 100% secure and available to you at all times.

A subset of Sessionize's personnel has access to the customer data via controlled interfaces. The intent of providing access to a subset of personnel is to provide effective customer support, troubleshoot potential problems, detect and respond to security incidents, and implement data security.

As a speaker, you can ask to be forgotten and all your personal data will be deleted from our system.

As an organizer, you can request event deletion, and all related data will be fully deleted from our system.

Working Environment

Every device our team uses is regularly updated, patched and checked for malware and viruses. All workstations have full disk encryption at rest and multi-factor authentication.

Built for the cloud

From the first line of code, our system is built for the cloud. We use only Platform-as-a-Service (PaaS) resources that have enabled us to build scalable, secure and future-proof service. Since we don't have to worry about the underlying infrastructure, servers and patches, we can focus more on adding new features and service development.

99.9% Uptime

Most updates and upgrades do not require any downtime, so we're proud to have 99.9% uptime. If it turns out that downtime is necessary, we'll schedule it on weekends and give you 24 hours notice.

You can check the status of our service at status.sessionize.com.

System Monitoring

We're using an advanced monitoring solution specifically designed for our PaaS environment that continuously assesses our environment. It identifies and tracks vulnerabilities, warns about potential risks, suggests solutions to harden resources and services, and detects and resolves threats to resources, workloads and services.

We also constantly monitor system performance and based on the results, we optimize the usage and automatically or manually finetune resources needed.

Our system is also monitored on the application level, tracking general app health parameters, errors that may occur and security alerts.

Encryption at Rest

Encryption at Rest provides key protection against data breaches. That means that all the data, including backups, are encrypted even while "resting" in the database and storage.

Continuous Backups and Redudancy

Our database has an automated backup process scheduled that creates full backup every week, differential backup every 12-24 hours and transaction log backups every 5-10 minutes. That means that we can restore the database to any point in time in the past month. All backups are geo-redundant — saved in two different geo-locations.

Data stored outside the database automatically replicates in two different geo locations, so it's being protected from transient hardware failures, network or power outages, and natural disasters.

Server Access and Location

We don't have any local server infrastructure and we never store data outside our providers' data centers. We use Microsoft Azure and Amazon AWS as our hosting providers, using only PaaS resources that are managed, upgraded, monitored and protected by them.

The data centers that we use are located in Ireland and the Netherlands. The actual location of these data centers are known only to their employees on a need-to-know basis.

Physical Security

Cloud data centers that we use to store data are designed, built and operated in a way that strictly controls physical access to the areas where the data is stored, including tall fences, surveillance cameras, biometrics two-factor authentication and full body metal detection screening.

If you want to know more, please check these links for Azure and AWS

Your Credit Card Is Safe

We use Paddle as our payment provider. Credit card information storage, transmission and processing are completely PCI-Compliant. Every transaction is processed with high-level secure encryption. We don’t store your credit info, nor do your credit card numbers pass through our servers at any time.

Questions

If you have any privacy and security questions, feel free to reach out to our support.

Secure. Private. Reliable.

Keeping your data safe and sound is our number one priority.