Security you can run an event on
Your attendees trust you with their data. We treat that data the way a measurement company should: encrypted, backed up, and access-controlled by default.
Encryption in transit & at rest
All traffic is served over TLS. Sensitive fields, including payment credentials, are encrypted at rest with AES-256.
Payments stay with Razorpay
Card and UPI details go straight to Razorpay, a PCI-DSS compliant gateway. We store only transaction references, never raw card numbers.
Encrypted offsite backups
The database is backed up nightly to encrypted, deduplicated offsite storage, with restores tested regularly so recovery is never a question mark.
Role-based access control
Manager, staff, and scanner roles scope every action to a single event. Platform admin access is least-privilege and audited.
Isolated, monitored infrastructure
The app runs on hardened, firewalled infrastructure with health monitoring and automated, versioned database migrations.
Signed webhooks & API keys
Outbound webhooks are HMAC-signed with automatic retries, and API keys are scoped and revocable, so integrations stay trustworthy.
Found a vulnerability?
We take responsible disclosure seriously. Email our team and we will respond quickly and work with you on a fix.
security@eventfloww.com