Security Policy
Last updated: January 25, 2026
Event Parlour takes security seriously. We implement industry-standard security measures to protect your data, financial information, and privacy. This Security Policy outlines our security practices and your role in maintaining security.
In Transit
All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher. This protects your information from interception during transmission.
At Rest
Sensitive data stored in our databases is encrypted at rest using industry-standard encryption algorithms. This includes personal information, payment data, and authentication credentials.
- Password Security: Passwords are hashed using secure algorithms (bcrypt) and never stored in plain text
- OAuth Integration: Google OAuth follows OAuth 2.0 security best practices with secure token handling
- Session Management: Secure session tokens with expiration and refresh mechanisms
- Two-Factor Authentication: Available for enhanced account security (when enabled)
- Role-Based Access: Workspace roles (Admin, Moderator, Member) control access to features and data
- IP Tracking: We log IP addresses for security monitoring and fraud prevention
- PCI-DSS Compliance: We use PCI-DSS compliant payment processors (Paystack, Stripe, M-Pesa)
- No Card Storage: We do not store full credit card numbers or CVV codes on our servers
- Secure Processing: All payment data is processed through secure, encrypted connections
- KYC Verification: Required for organizers to process withdrawals, ensuring legitimate business operations
- Fraud Detection: We monitor transactions for suspicious activity and may require additional verification
- Secure Hosting: Our infrastructure is hosted on secure, reputable cloud providers
- Regular Updates: We apply security patches and updates promptly
- Firewall Protection: Network firewalls protect against unauthorized access
- Intrusion Detection: We monitor for unauthorized access attempts
- Backup Systems: Regular encrypted backups ensure data recovery capabilities
- DDoS Protection: Protection against distributed denial-of-service attacks
- Continuous monitoring of system logs and security events
- Automated alerts for suspicious activities
- Regular security audits and vulnerability assessments
- Penetration testing to identify and address vulnerabilities
- Security incident response procedures
You play an important role in maintaining security:
- Use a strong, unique password for your account
- Enable two-factor authentication when available
- Do not share your account credentials with others
- Log out from shared or public devices
- Report suspicious activity immediately
- Keep your device software and browsers updated
- Be cautious of phishing attempts and suspicious emails
- Review your account activity regularly
In the unlikely event of a data breach affecting your personal information, we will:
- Investigate the breach immediately
- Contain and remediate the security issue
- Notify affected users as required by law
- Report to relevant authorities if required
- Provide guidance on protective measures
- Verify attendee identities when scanning tickets
- Protect your workspace admin credentials
- Regularly review workspace member access
- Monitor event ticket sales for unusual patterns
- Keep event information accurate and up-to-date
- Respond promptly to security-related inquiries
If you discover a security vulnerability or suspect unauthorized access to your account, please report it immediately through the feedback feature in the platform. We take security issues seriously and will investigate promptly. Please do not publicly disclose vulnerabilities until we have addressed them.
We comply with applicable data protection regulations, including GDPR, CCPA, and other regional requirements. Our security practices are designed to meet or exceed industry standards and regulatory requirements.
Last updated: January 25, 2026