ClearEvent Security, Safety & Reliability
At ClearEvent we know our customers depend on us as an important part of their event planning processes. That’s why we take our responsibilities to our customers seriously, and the security and reliability of the software, systems and data that make up the ClearEvent Event Management Platform are our top priority.
All information travelling between your browser and ClearEvent is protected from eavesdroppers and is secured using SHA-2 and 2048-bit encryption – the strongest on the market. This means all information you submit is always transferred encrypted across the internet. The lock icon in your browser lets you verify that you aren’t talking to a phishing site impersonating ClearEvent and that your data is secure in transit.
ClearEvent complies with Payment Card Industry Data Security Standards (PCI DSS). We are currently rated as PCI SAQ A as we have outsourced all cardholder data processing functions to Stripe (https://stripe.com). Stripe has been audited by a PCI-certified auditor, and has in turn been certified as a PCI Level 1 Service Provider, the most stringent level of certification available. Learn more about Stripe’s PCI compliance level here.
The ClearEvent application – including your data – rests securely behind our firewalls in our data center.
ClearEvent’s application platform is scanned for vulnerabilities regularly by our managed security provider. These scans test our servers both from the Internet and from inside our network, and any newly-identified problems are addressed as quickly as possible.
All user passwords are stored in our database using Hash-based Message Authentication Code (HMAC) SHA-256 encryption. This means we never store your original password in clear text.
ClearEvent does not store sensitive payment or credit card details on our servers. When payments are made, we dispatch all cardholder data securely to Stripe, our payments processor, via an iframe. Our company’s servers receive an opaque token object, from which the original cardholder data cannot be derived.
Tenant-level security safeguards ensure our customer’s event data is isolated for their organization and is secure.
ClearEvent’s servers are located in Microsoft Azure’s state-of-the-art datacenters, which provide biometric access controls, constant surveillance, redundant power feeds and generators, robust fire suppression, and carefully monitored climate control to protect the servers that store your data and manage your billing. Learn More
Event data in your ClearEvent account is replicated across multiple database servers and is backed up to two geographic locations to prevent a single failure from causing data loss. Additionally, that data is backed up daily and stored in a secure offsite location to ensure that, even in the event of a catastrophe like a tornado or flood, your information will be safe and your event data can be quickly restored.
ClearEvent uses multiple redundant web and database servers ensure access to your event data is uninterrupted. ClearEvent is able to scale our cloud resources on-demand to ensure application performance always meets user expectations.
ClearEvent has chosen Microsoft Azure for our platform hosting needs. Microsoft has decades-long experience building enterprise software and running some of the largest online services in the world. Azure is engineered to handle any workload. More than 66 percent of Fortune 500 companies rely on Azure, which offers enterprise grade SLAs on services, 24/7 tech support, and round-the-clock service health monitoring. Customers include Heineken, 3M, Dyson, Mazda, GE Healthcare, Trek, NBC Sports, and many, many more. Learn More
Currently, customer data is stored in secure U.S. data center locations.
For our Canadian customers:
Microsoft Azure is built with established ISO/IEC security standards in mind, and Microsoft maintains technical and organizational measures to protect customer data. These measures comply with the requirements set forth in such established security standards as ISO/IEC 27001 and ISO/IEC 27002, and the code of practice for cloud privacy, ISO/IEC 27018. Microsoft has assessed its practices in risk, security, and incident management; access control; data integrity protection; and other areas relative to the recommendations from the Office of the Privacy Commissioner of Canada, and has determined that in-scope Azure services can meet those recommendations. This means that Azure can help customers meet the requirements of Canadian privacy laws.
No matter where customer data is located, Microsoft does not control or limit the locations from which customers or their end users may access their data.
PIPEDA does not require Canadian businesses to keep personal information in Canada. However, depending on the province where organizations do business, or their industry, they could be required to keep certain types of data within Canadian borders. ClearEvent customers are advised to seek legal council regarding their specific data privacy needs in order to determine if their compliance needs are able to be met.
Responsible Disclosure of Security Vulnerabilities
If you are a security researcher and think you’ve found a security vulnerability with our service, product, or website please contact us.
If you have any security concerns or questions, please feel free to contact us directly.