TIXIFY SECURITY GUIDE

• All online payment processing is done via scoped secure iFrames, eliminating card data from touching our servers.
• Passes internal and external application and network penetration testing performed by Skoda Minotti.
• Scanned weekly by an Approved Scanning Vendor (ASV), Tenable.io.
• PCI Attestation of Compliance (AOC) and Quarterly Scan Attestation of Compliance are both available upon request.
• Credit Card data is never stored by Tixify.
• Tixify provides organizers with the ability to opt into using EMV with point-to-point encryption (P2PE) for payment processing.

• We do not sell personal information of our customers to third parties.
• We have full time staff focused on privacy and security issues.
• Tixify processes user personal data in accordance to GDPR’s data protection principles and has appointed a Data Protection Officer to oversee our GDPR compliance.

HOSTING ENVIRONMENT

• PCI-DSS Level 1 Service Provider
• SOC 1 Type II and SOC 2 Type II
• ISO 27001

ENCRYPTION

• All web traffic is encrypted by TLS 1.2 or greater.
• Tixify follows NIST recommendations for hashing, symmetric and asymmetric encryption.

STAFF

• All staff regularly receives security training by trained professionals and must pass security quizzes testing their security awareness.
• All staff regularly receive simulated phishing tests.
• All staff must sign off on security and acceptable use policies and procedures.

RESPONSIBLE DISCLOSURE

• If you discover a vulnerability, Tixify requests that you responsibly disclose the vulnerability to our security team by taking the following steps.
• Do not attempt to exploit the vulnerability
• Email our Security Incident Response Team at sirt@tixify.com
• If the contents of the vulnerability are sensitive in nature, please use our PGP key.
• All staff regularly receives security training by trained professionals and must pass security quizzes testing their security awareness.