Groupize takes our responsibility to protect our clients’ data extremely seriously. Groupize’s hosting strategy, technology architecture and team training program are all built around the concepts of security and data protection. We are focused on helping our clients feel confident that the platform they use for managing events meets their security standards.
Application hosted in the world’s leading cloud hosting service. Physical security provisions include:
- Highly-secure, access-controlled data centers
- Redundant, fault-tolerant infrastructure (redundant hardware, power and monitoring provisions)
- 2-factor authentication for all platform administrators
For more information on these environmental security provisions, click here: https://d1.awsstatic.com/whitepapers/Security/Intro_Security_Practices.pdf
Application architecture is built to be secure by design. Key architectural features include:
- SSL/TLS encryption for all system activities
- Any Transmission of data occurs over TLS 2.0 encryption
- Groupize leverages at-rest data encryption option within the Postgres database for all data
- Role-based security model that governs the rights of all users
- Groupize abides by a data retention policy that is designed to support the legitimate business
needs of our customers
- Groupize Information Security policy is designed, implemented, and maintained to protect
sensitive data. Identifying, classifying, ranking, and treatment of new vulnerabilities and risks
plays an integral part in the security of the application.
Groupize is focused on compliance with industry best-practices
- Payment Card Industry Data Security Standard (PCI DSS) certification. Attestation of Compliance available on request.
- GDPR – in our role as a data processor, our system meets the regulatory requirements to support our clients’ obligations as data controllers
- Upcoming: ISO 27001 – Scheduled for Q4 2021