TIXIFY SECURITY GUIDE
PCI COMPLIANCE AND PAYMENT HANDLING
- All online payment processing is done via scoped secure iFrames, eliminating card data from touching our servers.
- Passes internal and external application and network penetration testing performed by Skoda Minotti.
- Scanned weekly by an Approved Scanning Vendor (ASV), Tenable.io.
- PCI Attestation of Compliance (AOC) and Quarterly Scan Attestation of Compliance are both available upon request.
- Credit Card data is never stored by Tixify.
- Tixify provides organizers with the ability to opt into using EMV with point-to-point encryption (P2PE) for payment processing.
PRIVACY
- We do not sell personal information of our customers to third parties.
- We have full time staff focused on privacy and security issues.
- Tixify processes user personal data in accordance to GDPR’s data protection principles and has appointed a Data Protection Officer to oversee our GDPR compliance.
HOSTING ENVIRONMENT
- PCI-DSS Level 1 Service Provider
- SOC 1 Type II and SOC 2 Type II
- ISO 27001
ENCRYPTION
- All web traffic is encrypted by TLS 1.2 or greater.
- Tixify follows NIST recommendations for hashing, symmetric and asymmetric encryption.
STAFF
- All staff regularly receives security training by trained professionals and must pass security quizzes testing their security awareness.
- All staff regularly receive simulated phishing tests.
- All staff must sign off on security and acceptable use policies and procedures.
RESPONSIBLE DISCLOSURE
- If you discover a vulnerability, Tixify requests that you responsibly disclose the vulnerability to our security team by taking the following steps.
- Do not attempt to exploit the vulnerability
- Email our Security Incident Response Team at sirt@tixify.com
- If the contents of the vulnerability are sensitive in nature, please use our PGP key.
- All staff regularly receives security training by trained professionals and must pass security quizzes testing their security awareness.