Security

Attendium is trusted by event organizers to manage their events, guest lists, and ticket sales. We take the security and privacy of your data seriously.

Infrastructure & Encryption

All data is hosted on Amazon Web Services (AWS) in the EU (Ireland)
All connections are encrypted in transit
All data is encrypted at rest
Passwords are securely hashed and never stored in plaintext
Payments are processed by Stripe (PCI DSS Level 1 certified). We never store card numbers

Access Control

Role-based access control for managing team permissions
Password strength enforcement
Automatic session expiration

Application Security

Security headers enforced across all endpoints
Input validation on all API endpoints
Dependency scanning for known vulnerabilities
API query depth and complexity limits

Monitoring

24/7 infrastructure and application monitoring with automated alerting
Centralized logging with audit trails
Status page: status.attendium.com

GDPR

Attendium is committed to GDPR compliance:

All core data processing takes place in the EU
We process data under clear lawful bases (contract performance and consent)
Users can exercise their data rights (access, rectification, erasure, portability)
Cookie consent is required before any non-essential tracking
Data processor agreements are in place with all sub-processors
Data deletion is permanent after the retention period

Vulnerability Disclosure

If you discover a security vulnerability, please report it responsibly:

Email: security@attendium.com

We ask that you:

Give us reasonable time to investigate and fix the issue before public disclosure
Avoid accessing or modifying other users' data
Act in good faith

Our security.txt file is available at attendium.com/.well-known/security.txt.

Security Documentation

We can provide additional security documentation to customers and prospects upon request:

CSA CAIQ self-assessment
Security questionnaire responses
Sub-processor list
Data Processing Agreement

Contact support@attendium.com for access.

Help center