Security at Gevme
Security
Security at Gevme is the highest priority. As organisations embrace the scalability and flexibility of Event Management, Gevme is helping them evolve security, identity, and compliance into key Event Management. Gevme builds security into the core of its cloud infrastructure, and offers foundational services to help Event Organisers meet their unique security requirements in the cloud.
As a Gevme customer, you will benefit from an Infrastructure built to meet the requirements of the most security-sensitive organisations. You inherit all the best practices of our policies, architecture, and operational processes built to satisfy the requirements of our most security-sensitive customers.
Finally, Gevme is continuously audited, with certifications from accreditation bodies across geographies and verticals.
What we do to keep you secure.
Here’s a list of things we are doing to keep you and your data secure.
Policy
We are ISO 27001, ISO 27017, ISO 27018, PDPA, SOC2 Type 2 compliant.
We have an internal #secops-advisory channel where we raise awareness and share and discuss all the latest relevant threats. We continuously review and update policies here.
All teammates and consultants that handle sensitive data must sign a contract that covers NDA, 2FA, encrypted hard drives, update management, and more.
We run a Vulnerability Disclosure program and are continuously penetration tested, both by automated scanners as well as humans.
All teammates are vetted, access is granted on a need-to-know basis, and revoked when the need no longer exists. We confirm that during employee offboarding.
Hardening & Process
Our service runs on AWS, and we follow their security best practices.
Our Best Practices make it easy and give Gevme the least amount of access to your files
We scan incoming files for viruses.
We deploy Rate Limiting on account, IP, and audit event level.
All relevant production log entries are stored remotely, with pattern matching and alerts for malicious intent, as well as unexpected crashes, exceptions and other error conditions.
Authorization & Encryption
All data in transit is encrypted with TLS, non-HTTPS requests to our API and website are forced to switch to use HTTPS.
Sensitive data at rest is encrypted with AES256.
Uptime & Continuity
We run in AWS-Singapore Region and in multiple availability zones. Active production can handle the outage of multiple AZs without the need for manual intervention.
All Systems are backed up regularly.
Compliance
We at Gevme take data security and privacy very seriously, and are committed to providing our clients with a platform that meets the highest standards of compliance. As part of our efforts to ensure that our platform is secure and compliant, we have undergone auditing for several key compliances, including ISO 27001, ISO 27017, ISO 27018, and SOC2 Type 2.
We are pleased to inform you that we have successfully completed these audits and are compliant with all of the relevant standards. We understand that compliance is an important consideration for our clients, and we are committed to providing transparent and comprehensive information about our compliance efforts.
In order to address your compliance concerns, we are happy to share our compliance reports and certificates with you. These reports provide detailed information about our compliance efforts and demonstrate our commitment to data security and privacy.
We understand that compliance can be a complex issue, and we are here to help you navigate the process. Please do not hesitate to contact us if you have any questions or concerns about our compliance efforts.
Thank you for considering Gevme for your event management needs.
- Attendees Privacy
- Attendees Terms
- Privacy Policy (Client)
- Terms of Use (Client)
- Privacy Policy (Visitors)
- ©2024 Gevme. All Rights Reserved
Data Retention Policy Update Notice
As part of our ongoing commitment to data privacy and security, we are updating our data retention policy. In alignment with our Data Protection Trustmark certification requirements, we have modified how long we retain customer data after subscription termination.
Key Change: Customer data will now be retained for 2 years after subscription termination (reduced from 5 years). This change takes effect from January 1, 2025.
For questions or to learn more, read the full notice.