EventNook Security & Safety

Privacy

EventNook maintains a comprehensive privacy programme. We are continually evaluating to protect personal information of our customers.

We participate in and comply with Singapore Personal Data Protection Act (PDPA) law. 

We do not sell the personal information of our customers to third parties. 

You can find our privacy policy

at: https://overview.eventnook.com/p/privacy

Hosting Environment

Microsoft Azure hosts EventNook’s production systems.

PCI DSS Level 1 Service Provider

ISO/IEC 27001

ISO 22301

ISO/IEC 27017:2015

ISO/IEC 27018

 MTCS 584:2013 from IDA

CDSA

(CSA) STAR Self-Assessment

SOC 1

SOC 2 SOC 3 https://www.microsoft.com/enus/trustcenter/Compliance

Location

EventNook hosts data in Singapore based Microsoft Azure data center.

Web and Mobile Application Development

EventNook is committed to designing, building and maintaining secure systems.

Web Application & Web API Security Control
We utilize Microsoft ASP.NET MVC Framework security controls to limit our exposure to OWASP Top 10 security flaws. These include inherent controls that reduce our exposure to Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), and SQL Injection (SQLi), among others.

In infrastructure level, we enable Microsoft antimalware in our cloud hosting machines for real time protection and regular scanning of malware. 

We establish automated security auditing and threat detection in place in data storage. 

In our engineering team, we provide secure code training and discussion about security. The training covers OWASP Top 10 security flaws, common attack vectors, and EventNook security controls.

No credit card information is permitted to be stored on eventnook’s server.

Use of encryption for both storage and transmission of sensitive information is regularly audited by the EventNook full-time engineering team.

All web and mobile applications are primarily developed, tested, deployed, and maintained by a full-time, in-house engineering team.

Secure Data Tier Access

Firewall and IP restriction

Our frontend application connecting with backend customer data information are tightly restricted by Firewall and only admit the IP addresses used by administrators.

Encryption

EventNook uses strong encryption methods and key management procedures to ensure your sensitive information is protected.

All credit card information is encrypted with strong industry-standard cryptographic protocols such as AES and TLS while in transit through our systems.

EventNook’s website and APIs are accessible via a 256-bit SSL certificate issued by Godaddy. Credit card information is never stored after transaction authorisation.

Access to encryption keys is held by the smallest number of EventNook employees possible.

Incident Response

While we don't anticipate there ever being a breach of our systems, we know that no computer system is perfectly secure.

In case of a system alert, EventNook has 24x7 monitoring of its systems and alerts in place to notify the administrators.

Access Privileges & Roles

Access to data within your EventNook is governed by access rights, and can be configured to define granular access privileges. EventNook has various permission levels for users (owner, admin, manager, analyst, etc.) to manage events.

Employee Vetting

Background Checks & Confidentiality Agreements

EventNook performs background checks on all new employees in accordance with local laws. These checks are also required to be completed for contractors. The background check includes Criminal, Education, and Employment verification. 

All new hires are screened through the hiring process and required to sign Non-Disclosure and Confidentiality agreements.