Active
GDPR Compliant
Full compliance with UK GDPR and EU GDPR requirements including data minimisation, retention policies, and data subject rights.
Enterprise-Grade Security
Your data is safe with us
EventOn is built security-first with enterprise-grade encryption, compliance certifications, and transparent data handling. We take your trust seriously.
Certifications & Compliance
Independently verified security
In Progress
ISO 27001 Roadmap
Formal certification programme with quarterly internal audits and external audit partner. Expected completion Q2 2026.
Planned 2026
SOC 2 Type II
Independent audit of security controls for availability, processing integrity, confidentiality, and privacy.
Planned 2026
Cyber Essentials
UK Government-backed certification demonstrating protection against common cyber threats.
Security Controls
Built secure from the ground up
Every layer of EventOn is designed with security in mind, from infrastructure to application code.
Encryption Everywhere
All data encrypted at rest (AES-256) and in transit (TLS 1.3). Encryption keys managed with hardware security modules (HSM).
- AES-256-GCM encryption for sensitive data at rest
- TLS 1.3 for all data in transit
- Encrypted database backups with separate key storage
- OAuth tokens encrypted with per-tenant keys
Access Controls
Role-based access control (RBAC) with granular permissions, MFA support, and session management.
- 12 predefined roles with 200+ permission combinations
- Multi-factor authentication (TOTP, SMS, email)
- Session timeouts and concurrent session limits
- IP allowlisting for sensitive operations
Audit Logging
Comprehensive audit trail for all user actions, system events, and data changes with tamper-proof storage.
- Every action logged with actor, timestamp, and context
- Immutable audit logs with write-once storage
- Real-time alerting for suspicious activity
- Exportable audit reports for compliance reviews
Infrastructure Security
Secure cloud infrastructure with automated patching, intrusion detection, and DDoS protection.
- Hosted on AWS/Railway with SOC 2 certified infrastructure
- Automated security patching and vulnerability scanning
- DDoS protection with rate limiting and traffic analysis
- Network isolation with private subnets and VPC
Data Protection
GDPR-aware design with data minimisation, retention policies, and automated redaction.
- Data minimisation: collect only what's necessary
- Configurable retention periods (default 90 days for sensitive data)
- Automated PII redaction after retention period
- Right to access, rectification, erasure, and portability
Incident Response
24/7 monitoring with automated alerts and documented incident response procedures.
- 24/7 automated monitoring and alerting
- Documented incident response playbook
- 72-hour breach notification commitment (GDPR compliant)
- Post-incident reviews and remediation tracking
Data Handling
Transparent data practices
Data Residency
Choose where your data lives
- UK/EU data centres by default
- US data centre option available
- No cross-border transfers without explicit consent
- Standard Contractual Clauses (SCCs) for international transfers
Data Retention
Configurable retention policies
- Default 90-day retention for time & attendance data
- 7-year retention for financial records (UK law)
- Custom retention periods per data category
- Automated deletion or anonymisation after expiry
Data Access
Your data, your control
- Export your data anytime in machine-readable formats
- API access to all your organisation's data
- Granular permission controls for data access
- Data portability for switching providers
Privacy by Design
GDPR principles embedded
Every feature is built with privacy in mind, following GDPR principles from day one.
- Data minimisation: Only collect what's necessary for the service
- Purpose limitation: Use data only for stated purposes
- Storage limitation: Retain data only as long as necessary
- Integrity and confidentiality: Protect data from unauthorised access
- Accountability: Document all processing activities and decisions
Questions about security?
Our security team is here to help. Request our security documentation, discuss custom requirements, or report a vulnerability.