Security Policy

PCI Compliant


TrustWave Compliance Certificate


PCI Milestone Report


Event Essentials complies with PCI-DSS 2.0 Level 1 as both a Merchant and a Service Provider.


Registered with both Visa and MasterCard as a PCI-compliant Service Provider.


Passes internal and external application and network penetration testing


Event Essentials employs a cross-functional team responsible for oversight of PCI Compliance.




Event Essentials maintains a comprehensive privacy program. To us, this means that although we are required by law or regulation to do certain things, we are continually evaluating whether we can and should do more.


We do not sell the personal information of our customers to third parties.


We have a full time legal and security team focused on privacy and security issues.


You can find our privacy policy at:




Event Essentials uses strong encryption methods and key management procedures to ensure your sensitive information is protected.


All credit card information is encrypted with strong industry-standard cryptographic protocols such as AES and SSL while in transit through our systems.


Credit card information is never stored after transaction authorization.


Access to encryption keys is held by the smallest number of Event Essentials employees possible.


Our Organization


At Event Essentials all employees are subject to reference, education, and other personnel checks. Certain employees are also subject to detailed background checks. Event Essentials requires written acknowledgement by employees of their roles and responsibilities with respect to protecting user data and privacy.


Web and Mobile Application Development


Event Essentials is committed to designing, building, and maintaining secure systems.


All applications are regularly scanned for common security.


No credit card information is permitted to be stored on any mobile device.


We use encryption for both storage and transmission of sensitive information.


Web and mobile applications are primarily developed, tested, deployed, and maintained by a full-time, in-house team