Here's the important legal and security stuff, in one place
Welcome! Come on in to learn what’s up and what’s down, legally speaking and security-wise, when using Ticket Tailor.
Ticket Tailor security
Last updated 21st January 2025
Ticket Tailor is an online software service that lets event organisers sell tickets directly to their audience. We uphold the highest standards and best practices for data handling, privacy and security. If you have any questions not address by this page, please reach out to our team via [email protected].
Product security
Uptime
We're proud to have uptime of 99.9% or higher.
Password and credential storage
Ticket Tailor enforces a password complexity standard and passwords are stored as hashes using the bcrypt function.
2FA
All Ticket Tailor accounts have the ability to turn on 2-factor authentication (2FA).
Permissions
We enable permission levels within the app to be set for teammates. There are four levels to chose from: Admin, Event Manager, Order Manager or Overview.
Network and application security
Regional data hosting and storage
Ticket Tailor services and data are hosted in Amazon Web Services (AWS) facilities in Dublin, Ireland (eu-west-1)
Failover and DR
All of our infrastructure and data are spread across 2 AWS availability zones and will continue to work should any one of those data centers fail.
Virtual private cloud
All of our servers are within our own virtual private cloud (VPC).
Backups and monitoring
On an application level, we produce logs for all activity, ship logs to Datadog for analysis and use S3 for archival purposes.
Permissions and authentication
Access to customer data is limited to authorised employees who require it for their job. Ticket Tailor is served 100% over https. We run a zero-trust corporate network. There are no corporate resources or additional privileges from being on Ticket Tailor’s network.
We use 2-factor authentication (2FA), Yubikey MFA keys, and strong password policies company wide.
Encryption
All data sent to or from Ticket Tailor is encrypted in transit using 256 bit encryption. Our API and application endpoints are TLS/SSL only and score an “A+” rating on Qualys SSL Labs‘ tests. This means we only use strong cipher suites and have features such as HSTS enabled. We also encrypt data at rest using an industry-standard AES-256 encryption algorithm.
Pen tests, vulnerability scanning and bug bounty program
At least annually Ticket Tailor engages third-party security experts to perform detailed penetration tests on the Ticket Tailor application and infrastructure. Ticket Tailor also runs a ‘bug bounty’ program.
Incident response
Ticket Tailor implements a protocol for handling security events which includes escalation procedures, rapid mitigation and post mortem. All employees are trained on our policies.
Additional security information
Training
All employees complete Security and Awareness training on joining and annually.
Policies
Ticket Tailor has developed a comprehensive set of security policies covering a range of topics. These policies are updated frequently and shared with all employees.
Confidentiality
All employee contracts include a confidentiality agreement.
PCI obligations
Ticket Tailor is a PCI DSS Level 1 service provider.
Payment providers
All payments made to Ticket Tailor go through our partners, Stripe, PayPal, or Square. Details about their security setup and PCI compliance can be found on their security pages: