Security, GDPR & Compliance

A DPO dedicated to Digitevent oversees and guarantees Digitevent's compliance with GDPR (General Data Protection Regulation) and answers your questions about data protection.

You remain the exclusive owner of all data you import or collect via Digitevent. We act as a data processor on your behalf to provide you with the service.

Your data is never sold, rented, or shared for commercial purposes. It is used solely to provide you with the service you have subscribed to.

Digitevent enables you to easily respond to your attendees' rights requests: right of access, right of rectification, right to erasure, and right to data portability.

Every data modification is tracked with context, timestamp, and the user involved, ensuring full auditability of your event.

The platform includes granular consent controls: cookie management, opt-in/opt-out for communications.

The list of our subprocessors is available upon request. A Data Processing Agreement (DPA) is available and can be integrated into your contractual framework. All our subprocessors undergo regular security and data protection audits.

All client data is hosted on Amazon Web Services (AWS), in data centers located in France with redundancy in the European Union. No sensitive data is transferred outside the EU. AWS data centers are themselves certified ISO 27001, SOC 2, and PCI DSS.

Multi-node replication ensures availability in case of hardware failure. Automatic load balancing across multiple servers ensures stability, including during peak traffic. Built-in anti-DDoS protection and availability commitment above 99.9% (SLA).

Data is backed up automatically. Backups are encrypted and stored in environments isolated from production. All environments are regularly tested to ensure rapid data restoration when needed.

Digitevent has documented and tested business continuity plans (BCP) and disaster recovery plans (DRP). The redundant multi-node infrastructure enables automatic failover in case of failure.

Penetration tests are conducted regularly by independent auditors to identify and fix potential vulnerabilities before they can be exploited.

As part of our ISO 27001 certification, our security management system is audited annually by an independent certification body.

Automated and manual security tests are integrated into our development process, detecting vulnerabilities from the design and coding phases.

Our infrastructure is continuously monitored to quickly detect and respond to any anomaly or intrusion attempt.

Digitevent has a documented and tested incident response procedure. In case of a security incident affecting your data: detection by our monitoring systems, assessment by the security team, notification as soon as possible (in accordance with GDPR and CNIL requirements), immediate remediation, and post-mortem to prevent recurrence.

All Digitevent employees sign a security charter committing to data protection and information security policies. Regular security and data protection awareness sessions are provided to the entire team: everyday security best practices, personal data protection and GDPR, and secure development for technical teams.