• GDPR
• Info for ticket buyers
• Terms and conditions
• Website Terms of use
• Security
• Third party sub-processors
• Privacy Policy
• Cookie Policy
• Acceptable Use Policy

Security

Effective Date: 8th Apr 2025

At Booking Momentum, the security and privacy of your data is our top priority. We’re committed to industry-leading practices to protect your events, attendees, and information. Here’s an overview of the steps we take to keep everything secure.

Product Security

• Uptime: We aim for 99.9% uptime and monitor all systems continuously.
• Password Protection: User passwords are hashed using bcrypt and subject to strong password policies.
• Two-Factor Authentication: Optional 2FA is available to all account holders.
• Role-Based Permissions: Admins can assign permission levels such as Administrator, Event Manager, Order Manager, and Viewer.

Infrastructure & Data Hosting

• Hosting: We host on Microsoft Azure in the UK South (London) region.
• Redundancy: Systems are distributed across Azure availability zones for fault tolerance.
• Network Isolation: Infrastructure runs in a secured Virtual Network environment.

Monitoring, Logging & Backups

• Real-time Monitoring: All systems are continuously monitored for anomalies and performance.
• Audit Logs: Activity logs are securely streamed to Datadog for analysis and alerting.
• Backups: Daily encrypted backups are stored in Azure and regularly tested for recovery.

Access Management

• Access is restricted to essential personnel and protected by strong authentication measures, including MFA.
• Privileged access is temporary and audited regularly.

Data Encryption

• In Transit: All data is encrypted via HTTPS (TLS 1.2+).
• At Rest: Azure-native encryption ensures all data is secured using AES-256.

Security Reviews & Incident Response

• Regular internal reviews and automated vulnerability scans help us stay ahead of potential risks.
• External penetration tests are performed periodically.
• We maintain a structured incident response plan, including impact assessment and escalation processes.

Internal Practices

• Staff Training: Employees receive security training during onboarding and on an annual basis.
• Confidentiality: All team members sign NDAs and follow strict internal access policies.

Payment Security

All payments on Booking Momentum are securely processed by Stripe, a PCI DSS Level 1 certified provider. We never handle or store card details directly.

Learn more about Stripe’s security practices.

Contact Us

If you have any questions about our security practices or need to report a concern, please email us at [email protected].