Security and Compliance
EventSlot provides layered controls for protecting attendee and organizer data.
Security Controls
- Transport encryption for all client and API traffic
- Permission-based access for organizer roles
- Structured audit logs for sensitive actions
- Rate limiting and abuse protections on critical routes
Data Handling Principles
- Collect only required attendee data.
- Apply retention windows per legal and contractual obligations.
- Restrict exports to approved operator roles.
- Review integration permissions quarterly.
Incident Response Baseline
- Detect: monitor for abnormal traffic and auth patterns
- Contain: rotate compromised credentials and restrict affected access
- Recover: replay failed automations and reconcile records
- Learn: document post-incident changes and update controls
Compliance Readiness Checklist
- Written access policy
- Data retention policy
- Incident response playbook
- Processor/subprocessor visibility
- Audit evidence retention