Security Policy (Jul 10, 2024)

Safety standards

We take the security of your data very seriously. We realize that data is one of the most valuable assets you have in these days.
Considering that transparency is a basic principle of security, we are trying to be as clear as possible about the way we deal with security and protection of personal data.
We do a number of security measures to protect your personal information as well as personal information from our users.
All data is stored in secure data centers in the India. Access to these servers is protected by personal identification and by the usual measures that quality data centers offer.
We use data protection technology to meet the latest technological developments and we implement all possible current known measures to protect personal data from unauthorized third party interventions.
We use Secure Socket Layer (SSL) for data protection when entering or viewing them. Sensitive data (card numbers, etc.) Not stored on our servers.
All safety measures on our part must be supplemented by responsible behavior on your part. Especially by not giving your user data (and passwords) to our applications to anyone else and following basic general security precautions.
Please keep in mind that if you communicate with us via email, chat or other applications, these methods of communication need not be encrypted. Therefore, you should not use them for reporting confidential information.

How do we protect your data?

Confidentiality

According to our Terms and Conditions, we guarantee the confidentiality of your data on our site. For employees and third parties, anyone who can display customer data is contractually committed to maintaining their confidentiality.

Employees and Contractors

we control every future employee during the recruitment process. Every employee has to undergo training on security and privacy with our security manager. The training is focused on how to safely use our internal tools, how to process sensitive information, and that a significant part of the training is a workshop and discussion about social engineering, phishing and physical security.
The operation of our portals requires some employees to have access to systems that store and process customer data. For example, if we want to diagnose a problem that you have while using our services, we may need access to customer data. All employees are committed to ensuring that customer data is not visible to anyone who should not have access to them. We use logical constraints on the application layer to ensure that each employee has access only to that portion of the customer data needed to fulfill their job responsibilities. These employees are prohibited from using these permissions to display customer data unless this is necessary.
Audits are part of security and proactively re-evaluate quarterly-based approaches or whenever someone new comes. We use strong passwords, password expiration, and blocking inactive and suspicious accounts to keep you safe. In addition to the above, we use multifactor authentication ("MFA") and password encryption through password management.

Infrastructure

The portal is hosted on own servers. Connecting servers to the Internet is heavily oversized. On any server, 20% of the line capacity is not exceeded. The entire datacenter has 330 Gbs connectivity. All hosting services are run on Supermicro's proprietary branded servers using SuperNetwork datacenter services. The datacenter is equipped with state-of-the-art technologies to ensure continuous operation and security meeting Tier III and IV requirements.

Accessibility and disaster recovery

Approximate availability of TDH Events website is 99.9%. Our infrastructure works on fault-tolerant systems on individual servers. Our operating team annually tests disaster recovery measures.
Customer data is stored redundant at multiple locations in the hosting provider's data centers to ensure availability. We have good backup and recovery procedures that allow recovery due to a major disaster. Customer data and our source code are automatically backed up regularly.
Monitoring and recording
Our solution is monitored at several levels. We use the infrastructure as well as the tools to monitor our site.

Lifecycle of software development

Our development process is based on the best techniques used to create web applications. We often optimize the workflow according to our current needs and lessons. We use a testing environment to analyze and optimize our site and then implement changes so that the customer does not come into contact with an error on our site. Thanks to backups and set process control of software creation, we can restore functionality to its original state if there is a crash on a sharper environment.
Managing and responding to incidents
Our team is responsible for managing and responding to incidents. It is also ready to face an external attack, or it is ready if data leaks.
Our main goal is:

  • actively review security-related logs and search for any signs of a security incident or vulnerable part of the system;
  • respond to security incidents in accordance with our security incident reporting and response rules.
  • In the event of a security breach, we will immediately alert you to any unauthorized access to customer data.

Bug Bounty

First of all, we would like to thank you for trying to make the internet safer, and for taking care of our platform's security, including our users.
We strive to keep up with industry standards by performing ongoing security controls as a natural part of our development lifecycle and by engaging respected third parties to carry out our regular penetration tests.
But we are aware that you could discover something that could be considered vulnerability. Unfortunately, we currently have no Bug Bounty program. If you have discovered something that we should be aware of, we will be happy to share such findings with us.
Depending on the extent and consequences of the discovered error, we could reward you.

Contact us

If you have any further questions about safety, we will be happy to answer. Contact us at info@tdhevents.com and we'll respond as quickly as possible.