InEvent is certified and compliant with AICPA Service Organization Control Reports. InEvent protects its customer data following the compliance standards provided by AICPA and other governing bodies of data privacy both in the US and Europe. InEvent Certified Public Accountant is A-LIGN.
You may request a copy of this certificate through your selected account manager or customer success manager. Detailed policies can be found below in our Data Management and Privacy sections.
InEvent is certified and compliant with Health Insurance Portability and Accountability Act of 1996 (HIPAA). InEvent safeguards individual protected health information (PHI) in compliance with HIPAA by treating all PHI as confidential and private.
You may request a copy of this certificate and our Business Associate Agreement (BAA) through your customer success manager.
InEvent is certified and compliant with Payment Card Industry Data Security Standard (PCI DSS). InEvent protects our customer credit and debit card data using gateway providers such as integrations with Stripe and Paypal. The experience follows all the required steps per the standard and documented APIs.
InEvent only uses and integrates with gateway providers that are fully PCI DSS compliant.
InEvent follows the Web Content Accessibility Guidelines (WCAG), which makes web content more accessible to people with disabilities. InEvent has currently implemented WCAG Level AA on its products.
You may find more information about InEvent compliance through our Voluntary Product Accessibility Template (VPAT), available through your account manager or customer success manager. You may also access our country accessible compliance page .
InEvent is EU-US and SWISS-U.S. Privacy Shield Certified. InEvent uses Data Protection Authorities in the EU and US to handle any customer data requests as required.
You may access a digital copy of this certificate using the following link on the Privacy Shield website.
Our servers are located in Virginia, USA and Dublin, Ireland. We follow Data Processing Agreements (DPA) and Standard Contractual Clauses (SCC) with each of our sub-processors. These agreements ensure that each sub-processor is operating in compliance with the GDPR, subject to data processing best practices and other applicable privacy laws. Our Data Processing Agreement is reviewed yearly and satisfies all current GDPR requirements.
InEvent is fully GDPR compliant, ensuring that personal data is collected, processed, and stored securely with user transparency. A Data Processing Agreement (DPA) is available to define responsibilities and safeguard data handling between parties.
The platform offers built-in GDPR tools such as consent management, audit logs, and data anonymization, giving users full control to access, edit, export, or delete their information at any time.
All data is hosted in secure, compliant cloud regions, and third-party integrations are carefully vetted. You may read our policy on GDPR compliance and implementation.
InEvent adopts NIST compliance standards and cybersecurity guidelines developed by the National Institute of Standards and Technology (NIST), a US government agency, to protect sensitive information and systems. These guidelines, such as those in the NIST Special Publication 800 series, offer a risk-based approach to managing cybersecurity. Here are some of the key NIST Frameworks we implement:
InEvent follows Open Web Application Security Project (OWASP) Top Ten security risks and implements the most up to date security standards methodologies.
For a detailed guided on How InEvent implements OWASP Proactive Controls, get the latest copy of our quartely pentest from your project manager.
Secure access to your data is provided through a series of security policies implemented and enforced by InEvent's top team of experts, including countermeasures such as:
Your software can be customized to your organization's profile to limit access to external threats, accelerate deployment speed and increase brand awareness.
