Data is securely stored in the Amsterdam (Netherlands) data centers by Digital Ocean, Inc. DigitalOcean is certified in the international ISO/IEC 27001:2013 data protection requirements, as well as fully PCI DSS compliant. The servers have SOC 2 Type II reporting, a global standard for data privacy and security, and are monitored 24/7/365 to prevent unauthorized access.
Evalato is fully PCI DSS compliant, integrating with 3rd party payment gateways for credit card payment processing. We don’t store any credit card details, raw magnetic stripe, card validation code, or PIN block data – that information is just passed from the person making the payment directly to the payment gateway for processing. The payment gateways we’ve integrated are certified Level 1 PCI DSS compliant service providers.
SendGrid maintains the email servers and infrastructure for all communication sent through Evalato, ensuring the highest deliverability and protection for your emails. They have EU-U.S. and Swiss-U.S. Privacy Shield certifications, as well as SSAE-16 SOC2 Type II reporting for data privacy and security.
Evalato is fully compliant with the EU General Data Protection Regulation (GDPR). You can find the Data Processing Agreement here. You, as the program organizer, can add consent options for your programs’ registration process, download user data for information requests, or permanently delete user data.
We use TLS 1.2 (Transport Layer Security) encryption protocols with 256-bit encryption key to provide privacy, protect data and keep its integrity for you and your customers. We utilize monitoring and analytics capabilities to identify potentially malicious activity. System behaviors are monitored for suspicious activity and have response procedures in case of an incident report.
Data is backed up several times a day in multiple remote locations, so that in the unlikely event of data loss information is quickly restored. Our backups are stored on an internal non-publicly visible network on NAS/SAN servers. We are dedicated to keeping downtimes to a minimum and the service successfully maintains an uptime of 99.98%.
To ensure maximum protection of data, our support staff do not have access to the data, nor direct access to the NAS/SAN storage systems where snapshots and backup images reside.