Data and Security

Data management and privacy policies to keep your data safe from threats


Event Technology Award

InEvent is compliant with AICPA Service Organization Control Reports. InEvent protects its customer data following the compliance standards provided by AICPA and other governing bodies of data privacy both in the US and Europe. InEvent Certified Public Accountant is Assure Professional.

You may request a copy of this certificate through your selected account manager or customer success manager. Detailed policies can be found below on our Data Management and Privacy sections.

Data management

Secure access to your data is provided through a series of security policies implemented and enforced by InEvent's top team of experts, including countermeasures such as:

  • Payment Card Industry Data Security Standards (PCI DSS) compliant.
  • Data hosted in top-tier, world-class data center.
  • Limited IP ranges to user level access.
  • Physical token access to authenticate operations.
  • Employee access to limited amount of accounts.
  • Fire detection and suppression systems.
  • Fault tolerant, redundant servers.
  • Isolated end secure client environment.
  • Data encrypted and transmitted via Secure Socket Layers (SSL) technology.
  • Hourly backups of customer data stored in different geographic locations.
  • Unique account/username/password access control.
  • One-way encryption for all passwords.
  • Account lockout and password expiration.

See which Fortune Global 500 companies already use InEvent solutions

Software deployment

Your software can be customized to your organization's profile to limit access to external threats, accelerate deployment speed and increase brand awareness.

  • Mobile device management (MDM) support for secure corporate app deployment.
  • Proprietary Google Play or Apple Store accounts for deploys and updates.
  • Available CNAMEs for event url hosts and event directory pages.
  • Email DNS can be used to send emails as aliases from your company's domain.
  • Single sign-on (SSO) support, including SAML 2.0 and LDAP databases for secure authentication between domains.
Experience Tomorrow XP Investments

Experience Tomorrow XP Investments

XP Investments and InEvent partnership brings more technology and digital experiences to its private corporate event held at Four Seasons Hotel in Miami.

Santander Annual Meeting

Santander Annual Meeting

How InEvent & Santander created a digital experience at the largest corporate event in the Americas.

One System Conference

One System Conference

Held annually in India, the event proposed the reunion of its global leaders of Coca-Cola Asia to unite, act and grow into a single system.

GDPR compliance

The GDPR - General Data Protection Regulation - aims to create a new data protection regime, applicable to all organisations established in Europe and, depending on the circumstances, outside the limits of that territory as well.

When does GDPR takes place?

GDPR will require a series of items regarding data security, transparency, privacy and confidentiality. The regulation takes effect from May 25th 2018.

If your company does not comply with the legislation rules, fines can be as high as 20 million euros or 4% of total worldwide annual turnover, whichever is higher.

Who handles the data?

It is important to understand that GDPR is about 'who' is doing something. InEvent or any other software company will provide the meanings to understand where data came from, but we cannot prohibit an ill-intentioned employee in your organization from uploading a full list of contacts which you don't have permission to communicate with. In such a case, InEvent will identify who performed which action so you can apply your organization internal compliance.

Data Controllers Data Processors
It is your company It is the software you use to store and process customers and prospects data
Primary responsibility Secondary responsibility
It is responsible for security, transparency, privacy and confidentiality It is responsible for guaranteeing that the company data are stored and processed in a secure way
Collects information through forms and similar means It is responsible for security and privacy in processing the collected data

How InEvent helps?

InEvent helps your data compliance with tools to manage your customer's privacy:

Right to data portability

Customers have the right to receive their personal data from a controller in a structured, commonly used and machine-readable format so they can transfer those data to another data controller without interference. InEvent provides this through a public page where users can see all the events they are enrolled at and request their information stored on this event at anytime.

Right to erasure

The right to be forgotten is part of GDPR and users can request this at any minute during their days. Information is logged for administrative and forensic purposes. InEvent provides a public page where users can type their email address, receive a confirmation and confirm they want to be forgotten.

Consent requirements

Under the GDPR, consent must be given by a statement or a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of an individual’s agreement to the processing of their personal data. A request for consent cannot be bundled together with other terms in a contract; it must be presented in a manner which is clearly distinguishable from the other matters, in an intelligible and easily accessible form, using clear and plain language.

  • Clear opt-in forms for your leads marketing communication.
  • Fixed terms of use field for new app downloads.
  • Lead source viewable from your main event panel.
  • Email communication platform with obligatory unsubscribe button.
Data protection by design and by default

InEvent is compliant with a series of protocols, including SOC 2, which provides the Standard Operating Procedure for different cases scenarios. These documents, which include our Business Continuity Plan and Disaster Recovery Plan, ensure your data protection by product design.

Breach notification requirements

The GDPR requires that data breaches be reported to the competent supervisory authority (of the EU Member State concerned) without undue delay, and where feasible, within 72 hours of the organization becoming aware of it, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. InEvent monitors the API usage from each customer and provides a series of triggers that can be activated for your IT security team.

Ready to deliver INNOVATIVE event driven results?

Achieve outstanding customer experiences - InEvent is your successful ROI!

Pedro Goes

+1 470 226 3256

We use cookies to improve your website experience and provide more personalized services to you across our platform. To find out more about the cookies we use, see our Privacy Policy.