Eventurbo’s Information Security Practices

Protecting Customer Data

In this technological era, maintaining the privacy of visitors to our website and that of the users of our applications is of high importance to us, this because we collect your information. Customer data, more than just being part of the business, has become its cornerstone, and one that is constantly under attack. We take several security measures to protect your data and are fully committed to safeguard your information. We work constantly to make our system better, faster and more secure. This document outlines the policies, procedures and technical safeguards we have implemented to achieve this.

DESIGN SECURITY

a. Secure Development (Code)

All EVENTURBO developers are required to follow EVENTURBO’s policies and procedures that provides standards, strategies, and tactics for each phase of the product development lifecycle while they need to be informed and consistent in following the industry best practices. The procedure requires product classification based on risk rankings determined by use cases, and various testing procedures.

a.Secure Release (Code)

Before releasing any product to the EVENTURBO customers, several testings (OWASP) and scanning processes are performed. Any bugs or vulnerabilities are logged and tracked using our internal defect tracking system. These defects are assigned different severity levels and resolved depending upon the impact to the end user.

Severity LevelDescriptionTarget Response1Incidents that have severe impact on EVENTURBO and its customers business2 Hours2Incidents that have the significance or the potential to severely impact EVENTURBO and its customers business4 Hours3Incidents that have minimal impact but can lead to severe impact to EVENTURBO and its customers business 1+ Business Day4Incidents that have minimal impact but no potential to have significant or severe impact on EVENTURBO and its customers business 2+ Business Day

HOW A CUSTOMER’S DATA IS OBTAINED BY EVENTURBO AND ITS PROTECTION

a.The Information You Provide (EVENTURBO Organization)

For instance, most of our services require that you create an account with us. When you do so, we obtain information such as, your name, email address, telephone number, information related to the purchase of our products or services, and, purchase information such as, the products or services purchased, the dates of purchase and the purchase price.

The Information Your Customer Provides (EVENTURBO Registrations Pages)

The information your customers/participants provide during the registration process. The data includes their name, email address, phone number and any other information you requested from them.

The information we collect from your use of our services are detailed below.

Device Information - We collect information about the devices you use to access our services or products, such as the hardware settings, browser type, browser language, the date and time of your access and the referral URL.

Log Information - When you use our products or services, our server logs collect and stores certain information automatically . These are;

  1. Search Queries - This details how you used our products or services.
  2. IP Address - This is the number assigned to an Internet connected device such as a tablet or s smartphone that helps identify the geographic location of that device.
  3. Cookies - This is a small file containing a string of characters that uniquely identifies your browser and collects information on how you use our products or services. This information gets sent to your computer or the device you used to access our products or services. These cookies recognize any subsequent visits and stores information about your preferences, other personal information and helps us identify errors on our pages.
  4. Location Information - When you access our products or services, we collect and process information about your actual location. We use various technologies to determine the location, including the IP address.
  5. Local Storage - We may collect and locally store information (including personal) on your device, using mechanisms such as browser web storage (like HTML5) that stores data on a browser even after it has been closed and reopened. This is made possible by an application data cache that stores your browser's data on your device enabling the browser to run without an internet connection and load content faster.
  6. li> Collection and Storage Technologies - We and our partners use various technologies to collect and store information when you access the Eventurbo Service, and this may include using cookies or other technologies to identify your browser or device. We also use these technologies to collect and store information when you access and interact with the contents and products and services we offer, such as advertising services too.

EVENTURBO Authorized User Names, Passwords and Authentication

EVENTURBO monitors access rights, this to ensure the access adheres to user specific responsibilities assigned to a specific user within an organization, it logs all accesses and security events, and uses a software that enables tracking of user activities.

EVENTURBO’s passwords are administered in the following manner:

  • Passwords are communicated in a separate communication from that sent for the user IDs.
  • Passwords are not shared.
  • Initial password generation is random.
  • Initial password change is required.
  • Passwords must have a minimum length and complexity and must be changed on a regular interval without reuse of recently used previous passwords.
  • Passwords are encrypted, and passwords are never recoverable and can only be securely reset.
  • Restricting access to active users and active user accounts only.
  • Blocking access to a user account after multiple unsuccessful attempts to gain access.

ENTERPRISE ROLE-BASED ACCESS

The logical access procedures restrict user access based on user job function within the Organization (role/profile based appropriate access). We perform reasonable monitoring of systems for unauthorized use or access to personal information. User access reviews are performed throughout the year to ensure access is appropriate.

For customer data entered via the Registration page, EVENTURBO database administrators may be required to access customer data for various technical operations. Database access is granted upon formal authorization through a approval process and access is granted only to authorized personnel. The Database can be accessed only on the Intranet.

All database accesses are logged. EVENTURBO Employees’ user access accounts are reviewed on a regular basis. Review and approval are documented in the EVENTURBO support ticket when any discrepancies areuse and resolutions are provided.

COMPLIANCE WITH DATA PRIVACY LAWS

  • a. EVENTURBO’s Privacy Statement is posted on our website (www.eventurbo.com/privacy-policy).
  • b. EVENTURBO implements processes designed to ensure that we comply with all applicable data privacy and security laws in the US and in all countries in which we do business.
  • c. EVENTURBO has several internal Privacy Policies, including an HR Privacy Policy and Data Protection Policy, which ensures the Data Privacy requirements are met.

If you have any questions, please feel free to send an email to info@eventurbo.com.