TIXIFY SECURITY GUIDE

PCI COMPLIANCE AND PAYMENT HANDLING

  • All online payment processing is done via scoped secure iFrames, eliminating card data from touching our servers.
  • Passes internal and external application and network penetration testing performed by Skoda Minotti.
  • Scanned weekly by an Approved Scanning Vendor (ASV), Tenable.io.
  • PCI Attestation of Compliance (AOC) and Quarterly Scan Attestation of Compliance are both available upon request.
  • Credit Card data is never stored by Tixify.
  • Tixify provides organizers with the ability to opt into using EMV with point-to-point encryption (P2PE) for payment processing.

PRIVACY

  • We do not sell personal information of our customers to third parties.
  • We have full time staff focused on privacy and security issues.
  • Tixify processes user personal data in accordance to GDPR’s data protection principles and has appointed a Data Protection Officer to oversee our GDPR compliance.

HOSTING ENVIRONMENT

  • PCI-DSS Level 1 Service Provider
  • SOC 1 Type II and SOC 2 Type II
  • ISO 27001

ENCRYPTION

  • All web traffic is encrypted by TLS 1.2 or greater.
  • Tixify follows NIST recommendations for hashing, symmetric and asymmetric encryption.

STAFF

  • All staff regularly receives security training by trained professionals and must pass security quizzes testing their security awareness.
  • All staff regularly receive simulated phishing tests.
  • All staff must sign off on security and acceptable use policies and procedures.

RESPONSIBLE DISCLOSURE

  • If you discover a vulnerability, Tixify requests that you responsibly disclose the vulnerability to our security team by taking the following steps.
  • Do not attempt to exploit the vulnerability
  • Email our Security Incident Response Team at sirt@tixify.com
  • If the contents of the vulnerability are sensitive in nature, please use our PGP key, below
  • All staff regularly receives security training by trained professionals and must pass security quizzes testing their security awareness.

—–BEGIN PGP PUBLIC KEY BLOCK—–
Version: Keybase OpenPGP v1.0.0
Comment: https://keybase.io/crypto

xsBNBF76PP8BCADnwh3ZZsb+UQwzbs72ho1TFpkbBRrcMLCAy1obgb9MVcIspFHu
zr27CpS8AvuS43molWHd8HbZKR6JlCOrdiw/Vf/59bjc4/cVDExfHDEiXeV3yhdA
kb0Zzy2wZzTnGNuF3Ra25TCr+hG7CTbv3DVJHETIrvx5Itfhv7T2/7UKJOM9vVBc
YadfavJjrONjFK6iQJeK86NGcuCAoGy+15U43GovOW8eHvOT5Eo2/l1Pd1qOU1AT
/uipHsj9AigQeMv7KsdXW/nitSG4UOWSWA7ZNhS6QfL9WjXvIy4qNnblJOm4gfgP
Of9KIx/M72OwiAHyh5lALBrNoXVVEfsex6rPABEBAAHNIFRpeGlmeSBMaW1pdGVk
IDxzaXJ0QHRpeGlmeS5jb20+wsBtBBMBCgAXBQJe+jz/AhsvAwsJBwMVCggCHgEC
F4AACgkQY2+hpQIVD12tsQf/VeqILEv/sX6j9m2z2g5glaC5CGsPamEX4jDy7jaT
s4gHWQQMU5d28+o8+rGeB2SdOXz8A721l51OhUx+F/Mb7k+7uX2TWMtVZMZqkjYo
gdkCgLjQ1JMOOuF1TuewMFQ//TkO51FJIlcIt/YYo9uWfj32tWbJNrZM/Qvy3vx/
dpuwe29kyBZh8CSEkr0C31Ruu8u2kbAx2wld/vBaIUzPAgRvJVzrBkUJujh5bnRJ
fjK6dbtszo0O//3Xan/b+h6Ujl2L4vCyvhI7sraVbmVa8kYPQnwKKRHj4R+0H1Fc
hoeLdiVHTlFBQoK+Ip7OEXrsibaD7+j3IgD1xq2V6haHRs7ATQRe+jz/AQgAuy+l
OsUOE51zLzVpeNrNlAC8fHnkzMBlSVwY9uF7fMxXMFfiEIYb0+aazCKj/wk85fTN
91Q/Z65Uj//PQ3G9DFsp7KALLCNS9WqpR7LrBQBeUM5lsF1LMjZc2ANizmzs+zwh
lzQL7e5sVkmzsb0Glqok3Wuwglp3K6t46gSN8YFqAjTobc3jKqvAOOTpXsWLkh/c
9r1PYDe/d40VhO0xIW8TdF3FRacdEPFZNNU4JvARZtvQUUHMolhxLHo9iIPFQXNZ
3OQjGRcexH4pYw//1vyEInoQ7rRg0pPk1nKYVQuIvOgHqx+UdvRo27gLLzbuqg51
39WOXmfOdYCep+kGrQARAQABwsGEBBgBCgAPBQJe+jz/BQkPCZwAAhsuASkJEGNv
oaUCFQ9dwF0gBBkBCgAGBQJe+jz/AAoJEHAUerpypVFPzHUIAIxgUOXhm58Zz77h
y9RP8f6tgE/tMamVjKsPe6mxPUBmU8+0rK0GvcLgN66nBqowcNnVyrpEWIhtsvJG
Uba8mrvKfFiCd6lzNBMt46A3jM9DkZFD8Vpef16cfeQPfHqpB9DihaDsCH4NfwQb
s5U2gV1kSGTz4eBr2NnhrCIEYBJ1Rkxj4MY07W64Sojs+qoSI+7g0C7kTKVWxupT
04eQJVvmuuhKlPqqWxEI/JS5FQ/QMp64ENtwXjpzlNFVLmjFuhz1KXBWTvHMIbII
Blyw90yz2utA9kjxSlDIK5Vmv0hQVDEVhsRPxKeVO0ErxdwvNuGww9vw2jfpaYqc
z1KVjykCyAf/S3GaVgcuSUd97wOA05P5cV/V2KcCEdY99ZB38h0NF1v1N8kHkKGu
m5sZEuLNA8GPicEdtPyaEp6QGF1AN1O8x5uW5zzPvCJivAnhURUirXEGIJkPLU/A
SGaDxTJ2vstJIOHoqXg8fqo9EhgOr8TUz+b5mne4n2SOMSDEs1OMDg4xW8wWqZg4
RextNunMcL4TFV6GsKYjZ4/jXlqDvp9s+lIQyxHzwKgethy50KjD+v2E6CJct7EP
6u4gWpfizjDYjNVwysIhualb87HJMrZmGzRTUHNO4MvLfZefIfUIVmMQQWee7bQe
/jaS3hEEHiSITuHP9TIAbOvvZZ6OrS0jYM7ATQRe+jz/AQgAnPqsG6Ko5VpDSbCk
vurzqnVZjNBN+iUGQdYUuFq0vlTge7N50G4T1S9lpBwN8QT32mxPI6ZHbK6jV2G5
9YIwxfrVx6iNcNn2U6Bb7NjH4UuORvEwVnT2Ju/GB/8kvTCO1boM3PuPmAjAhJ1g
jwABCaUXKgGVYu816fCpxPXH5Nyxzyi2Ff2mCGXalHZWlHE/y/tyyC0LUnzvvZX0
83rmKmIOP3gXylZ3YEfKEVqLK85BenKFuI3l83Xuu2w1It7Or0FIm2aCAuC1W4fG
2WOVrbMXLWH4cyYKxmv1fZd9A1dKBw1slhqtO8zjj76pu2HqpidrLTz+yy9Ma7O2
+ZqUIQARAQABwsGEBBgBCgAPBQJe+jz/BQkPCZwAAhsuASkJEGNvoaUCFQ9dwF0g
BBkBCgAGBQJe+jz/AAoJEESTHhe9Izc3NAoIAIUFxeh/WGEz/BJL0V6w7IXtyEY+
pLTuf7POs1qW6y0L+j54fWE1s9Fm7AOJbGZpDxgBUr6VoTr2mF86WqvWto/U9jrt
vvqY4kGSEDDnm18wnYDI9Auned9FzUehmbyJMczDCh119/2Q48SX+6g1BvYcbj8m
tcf/WwapnFtuAklrX/bnSA1NVgjsaooBC3H6kyewHUrtnCbckHZqzuytxBfPe+B5
FeMwhrWQFNLTNQ4cWY2T37FStImyrIAT3IL03tyQG74UHSX3VsIMk+lqxpoDueZ+
3b7r8JvyoROxKVjL8G2HQii4czNBDKoZpE7B90tB+lvp6cOB6YN6LqvS0TEY4Qf/
bRigwiWxNIfKgOjQ4oF06X/qvuNHDyAjDH0NLx65s2JFkxv40U4kScVpxi86EDxo
/IoZRZdlQcHyPr/ULMQq/EYyXdwXgnoRQjAAIr5H+3p+glY3/8FBURV2YuYJo+jO
v6IggVyNuHMYNlqOFfBktdN9Wl68ZkQM8c60e8n9+EExrPzOQVBqJS/BaDALGXdJ
LlbjHFGEIyehQWneFNnpVL14C9tiBMGdf5ytIMS21jJ+5QKBKMRkD5l65feGxC/1
kuJdRM3JMv0T3AQc1HAFVSVsAldpCzbF0ASfT20eBM06z5u3BG63GSkkE4vwfc5U
T/kaflY4AO5aRCwDCtu7Bw==
=tzb7
—–END PGP PUBLIC KEY BLOCK—–