This page outlines the security practices implemented by Conference Badge. For any question, please contact us at email@example.com.
Our security.txt can be found here.
Our service is built on Heroku and Amazon Web Services, which implement strong security measures and are compliant with most certifications. You can read more about the practices of each:
All data stored in our database and cloud storage is encrypted at rest.
All connections to your website are encrypted using TLS (Transport Layer Security). This also applies to connections between our servers and third parties such as Eventbrite and Universe.
We encourage responsible disclosure of vulnerabilities found on our website. To report vulnerabilities, email us at firstname.lastname@example.org with a detailed description so we can understand and fix the vulnerability promptly.
We ask you to not publicly disclose vulnerabilities until they are fixed. We offer rewards based on the criticality of each vulnerability.
Exclusions (out-of-scope reports)
The following are excluded from our vulnerability disclosure program. We offer no reward for reports in these categories.
- Missing DKIM, SPF or DMARC records
- Missing DNSSEC
- Missing HTTP security headers, such as Strict-Transport-Security, X-Frame-Options, X-XSS-Protection, X-Content-Type-Options
- Password complexity
- “Back” button that keeps working after logout
- Reports affecting the help.conferencebadge.com subdomain
Conference Badge is compliant with the GDPR (General Data Protection Regulation). See more information on our GDPR page.
Payments made through our service are processed by Stripe which is certified as a PCI Level 1 Service Provider. We do not store payment information in our infrastructure.
October 18, 2019
Read more information on this page.
This document was last updated on October 24, 2019