Security and Compliance Standards
Certain gives your teams the confidence to run global event programs securely, without slowing down innovation. With rigorous security controls, verified compliance, and privacy-first practices built into every layer of our platform, you can meet enterprise requirements while delivering exceptional event experiences worldwide.
Certain supports enterprise compliance requirements through verified controls, repeatable audits, and consistent operating discipline, helping your teams pass security reviews faster and with fewer exceptions.
Certain has maintained PCI DSS Level 1 compliance for more than six consecutive years, demonstrating long-term discipline in secure payment processing and operational security.
Certain operates SOC 2–aligned controls across our core cloud environments, covering security, availability, and confidentiality. These controls are embedded into day-to-day operations for smooth security reviews and continuous certification.
Our security governance model is designed to meet enterprise procurement and audit expectations, with documented controls, repeatable processes, and clear accountability across infrastructure, product, and operations.
Certain helps you meet privacy obligations while keeping control in your hands, across the full data lifecycle.
Your event data belongs to you. You decide what is collected, how it’s used, and how long it’s retained.
We provide configurable retention and deletion practices aligned with enterprise needs.
Our platform supports consent management and user preferences to help organizations meet global privacy expectations.
We maintain vendor governance practices and provide DPAs to support compliance and customer procurement.
Certain follows a strict approach to data destruction aligned with DoD 5220.22-M guidance, a high-assurance standard valued by government, financial services, and regulated industries.
Certain applies layered security controls across the entire platform, from cloud infrastructure to application design and daily operations, to protect your programs at scale.
Certain supports modern enterprise identity and authentication controls, enabling centralized access management and consistent login policies across teams.
Certain is built for enterprises with layered teams and complex programs, offering robust controls over access, visibility, and accountability. Role-based permissions and multi-level sub-account structures ensure users see only what they need: whether they’re building events, managing registrations, or reviewing reports. Predefined and custom roles support strong governance, auditability, and separation of duties across your organization.
Yes. Our platform supports GDPR and CCPA compliance with privacy controls including consent handling, data retention, and deletion processes.
