Billetto takes customer and organiser data very seriously and follows industry standards and regulations to protect such information. Billetto handles customer orders for events and this includes some personal information such as e-mail address, IP address and full name.
Security Audits
To maintain the integrity and security of our systems, Billetto has hired external security auditors to audit our systems and provide feedback.Databases & Encryption
Our databases to store the customer information are secured through industry standard encryption and hashing techniques. This adds additional layers of protection for sensitive information and making it not possible to view certain information such as passwords. Additionally to this security, access to this data is restricted with a number of security restraints and only accessible to essential Billetto personnel only and is logged and reviewed.Website and connections
Billetto uses TLS and HTTPS for all requests between the customer, our servers or third party providers. This additional layer of security and data verification prevents personal information being monitored or accessed by unauthorised third parties
Payment Providers
Billetto contracts with QuickPay, Reepay and Stripe directly to securely store customers' payment information. Billetto does not collect or hold this data and information is transferred securely through TLS and HTTPS to our providers who are all PCI DSS compliant. For more information on each companies Security and PCI DSS see here
- Reepay
- Quickpay
- StripeTo provide Billetto’s functionality, we may transfer your personal information to countries other than the country in which you are resident. Our website servers are located in the EU. However, third-party service providers and partners operate in a number of countries, including the US. This means that when we collect your personal information, we may process it in any of these countries.
Sub Processors
We implement appropriate safeguards to protect customer personal information in those countries in accordance with this Privacy Policy by securing, in our contracts with suppliers and others, that the level of protection is according to GDPR. We contract with third party companies that process your data and may send information to the United States. These third-party companies are required to follow the Standard Contractual Clauses for data transfers between EU and non-EU countries issued by the European Commission.
To see a fill list of our integrations and partners see here: Legal Docs - Subprocessors