Your trust is our foundation
We protect your data with industry-standard security measures. Security isn't just a feature — it's our commitment to you.
1. Data Encryption
All data transmitted to and from Alltix is protected using industry-standard encryption protocols.
Encryption in Transit
- TLS 1.3 encryption for all web traffic and API communications
- HTTPS enforced across all domains and subdomains
- Secure WebSocket connections for real-time features
- Certificate pinning for mobile applications
Encryption at Rest
- AES-256 encryption for stored data
- Encrypted database backups
- Secure key management with regular rotation
- Sensitive fields additionally encrypted at application level
2. Infrastructure Security
Our infrastructure is built on enterprise-grade cloud platforms with multiple layers of protection.
- Hosted on SOC 2 compliant cloud infrastructure
- Network isolation with virtual private clouds (VPC)
- Web Application Firewall (WAF) protection
- DDoS mitigation and traffic filtering
- Regular security patches and system updates
- Redundant systems across multiple availability zones
- Automated backups with geographic distribution
3. Access Control
User Authentication
- Secure password hashing using bcrypt
- Multi-factor authentication (MFA) available
- Session management with secure tokens
- Automatic session timeout for inactive users
- Account lockout after failed login attempts
Internal Access
- Role-based access control (RBAC) for all systems
- Principle of least privilege enforced
- Access reviews conducted regularly
- Audit logging of all administrative actions
4. Payment Security
Payment processing is handled through PCI DSS compliant payment processors. Alltix never stores full credit card numbers.
- PCI DSS compliant payment processing
- Tokenization of payment credentials
- 3D Secure authentication support
- Fraud detection and prevention systems
- Secure checkout with HTTPS
5. Monitoring & Detection
Continuous monitoring helps us detect and respond to potential security threats quickly.
- 24/7 system monitoring and alerting
- Intrusion detection systems (IDS)
- Anomaly detection for unusual activity patterns
- Real-time log analysis and correlation
- Automated vulnerability scanning
- Regular penetration testing by third parties
6. Incident Response
We maintain a documented incident response plan to handle security events efficiently and transparently.
Detection
Automated monitoring identifies potential incidents
Response
Security team investigates and contains threats
Recovery
Systems restored and lessons documented
In the event of a data breach affecting user data, we will notify affected parties in accordance with applicable laws and regulations.
7. Data Handling
Data Retention
We retain data only as long as necessary for operational purposes, legal requirements, or as specified in our Privacy Policy. Event organizers own their attendee data.
Data Deletion
Users may request deletion of their personal data. Upon verified request, data is securely deleted from active systems. Backup data is purged according to retention schedules.
Third-Party Data Sharing
We share data with third parties only as necessary to provide services (payment processors, email delivery, etc.). All vendors are vetted for security practices.
8. Compliance
Alltix is committed to meeting applicable regulatory and industry standards:
9. User Best Practices
Help us keep your account secure by following these recommendations:
- Use a strong, unique password for your Alltix account
- Enable multi-factor authentication (MFA) when available
- Never share your login credentials with others
- Log out of shared or public computers
- Keep your email address up to date for security notifications
- Report suspicious activity immediately
- Be cautious of phishing emails claiming to be from Alltix
- Verify you're on alltix.co before entering credentials
10. Contact Security Team
If you discover a security vulnerability or have security-related concerns, please contact us immediately.
Responsible Disclosure
We appreciate security researchers who responsibly disclose vulnerabilities. Please provide detailed information about the issue, including steps to reproduce, and allow reasonable time for us to address the vulnerability before public disclosure.