- All online payment processing is done via scoped secure iFrames, eliminating card data from touching our servers.
- Passes internal and external application and network penetration testing performed by Skoda Minotti.
- Scanned weekly by an Approved Scanning Vendor (ASV), Tenable.io.
- PCI Attestation of Compliance (AOC) and Quarterly Scan Attestation of Compliance are both available upon request.
- Credit Card data is never stored by Tixify.
- Tixify provides organizers with the ability to opt into using EMV with point-to-point encryption (P2PE) for payment processing.
- We do not sell personal information of our customers to third parties.
- We have full time staff focused on privacy and security issues.
- Tixify processes user personal data in accordance to GDPR’s data protection principles and has appointed a Data Protection Officer to oversee our GDPR compliance.
Tixify utilizes exclusively carrier-grade datacenters that meet at least the following certifications.
- PCI-DSS Level 1 Service Provider
- SOC 1 Type II and SOC 2 Type II
- SO 27001
- All staff regularly receives security training by trained professionals and must pass security quizzes testing their security awareness.
- All staff regularly receive simulated phishing tests.
- All staff must sign off on security and acceptable use policies and procedures.
If you discover a vulnerability, Tixify requests that you responsibly disclose the vulnerability to our security team by taking the following steps:
-Do not attempt to exploit the vulnerability Email our Security Incident Response Team at sirt@tixify.com If the contents of the vulnerability are sensitive in nature, please use our PGP key.
All staff regularly receives security training by trained professionals and must pass security quizzes testing their security awareness.
Let one of our event specialists work with you on a personalized tour of our platform.