Whova Security & Reliability Guide
We take security and compliance seriously
We are fully committed to keeping your data and your attendees’ data safe. That’s why some of the world’s leading companies trust us.
SOC 2® Type 2 Compliant
Whova maintains active SOC 2® Type 2 compliance under an independent third-party examination process.
- SOC 2® Type 2 compliance is part of the American Institute of Certified Public Accountants’ System and Organization Control reporting platform. It covers security, availability, processing integrity, confidentiality, and privacy of customer data.
- The SOC 2® Type 2 report recognizes Whova’s practice of reliable, safe, secure, and trustworthy management of customer data protection and privacy.
- Whova is committed to delivering a secure Event Management Platform that meets our customers’ regulatory and compliance obligations.
Whova is dedicated to protecting your privacy and complying with the Data Privacy Framework(DPF).
- Whova complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.
- Whova is compliant with the General Data Protection Regulations (GDPR).
- Whova is committed to addressing complaints about how we handle personal data under the DPF.
- Whova does not sell the personal information of our customers to third parties.
- We have a full-time legal and security team focused on privacy and security issues.
- More details about the privacy terms can be found here.
PCI Compliant
Whova online registration complies with the PCI DSS, Payment Card Industry Data Security Standards, and uses the most secure payment processor, Stripe.
- Whova is committed to protecting consumer credit card data in compliance with the Payment Card Industry Data Security Standard (PCI DSS).
- Our alignment with this standard is reflected in the people, technologies, and processes we employ.
- We conduct regular vulnerability scans and penetration tests in accordance with the PCI DSS requirements for our business model.
- Whova’s payment processor Stripe complies with PCI 3D Secure. More details are here.
Data Encryption
Whova uses strong encryption to make sure all data is protected.
- All data in transit is encrypted with the strongest industry-standard cryptographic protocol SSL so all connections between networks and servers are secure.
- Whova’s SSL certification is renewed every year.
- No credit card information is stored in Whova after transaction authorization.
Secured Hosting Environment
Whova’s servers are hosted by Amazon Web Services (AWS)
- Whova’s servers and data centers are physically located in USA and hosted by the world’s leading high-security cloud systems provided by Amazon Web Services (AWS).
- AWS has certification for compliance with ISO/IEC 27001:2013, 27017:2015, 27018:2019, and ISO/IEC 9001:2015 and CSA STAR CCM v3.0.1.
- PCI-DSS Level 1 Service Provider
- SAS-70 Type II and SSAE16
- For more details, please visit the AWS security site and AWS PCI compliance site.
Compliance Document
Applicability of the following compliance document to your environment needs to be assessed/approved by your auditors.
We understand that privacy is essential for your events, and we’re dedicated to offering top-tier privacy protection.
- Whova complies with the EU-US Privacy Shield framework for the collection, use, and storage of personal information transferred from the EU and Switzerland.
- Whova does not sell the personal information of our customers to third parties.
- Our dedicated legal and security team works full-time to ensure the highest standards of privacy and security.
- More details about the privacy terms can be found here.
Data Reliability
Whova’s reliable platform makes your event smooth and worry-free.
- Uptime: our service is on the most reliable cloud platform, Amazon Web Services (AWS), and the uptime will always be at least 99.95% based on AWS SLA.
- We use various internal tools to further monitor availability and performance 24×7.
- We maintain your data with an automatic backup system running all the time and ensure the availability and safety of your data.
- Disaster recovery: we have a step-by-step plan to ensure our services and customer data are protected and recoverable in the event of a disaster.
Web and Mobile App Development and Distribution
Whova is committed to designing, building, and maintaining secure systems.
- Whova distributes the app through the official app distributors, Apple App Store and Google Play Store, and an HTML5 application
- All applications are regularly scanned for common security vulnerabilities
- All Whova engineers are required to attend the training sessions on code security
- All web and mobile applications are primarily developed, tested, deployed, and maintained by a full-time, in-house engineering team.
- Whova works with the world’s top security research group and published a research paper with the most prestigious international security conference, “the 2019 ACM SIGSAC (Special Interest Group on Security, Audit, and Control) Conference”
Incident Response
While we are confident in the security mechanisms of our system, we understand no computer system is perfectly secure. We are always prepared to respond to any incident.
- Whova has a dedicated in-house security team to monitor threats and respond to security alerts.
- Whova monitors security system alerts 24×7 and is ready to respond to incidents at any time.
- Whova maintains and regularly tests our incident response plan in case of any breach of Whova’s data system.
Our Organization
Making your event data secure and reliable is our highest priority. Whova invests heavily to ensure we meet the industry standards.
- We perform regular internal scans and penetration tests for vulnerability detections. Once identified, their fixes are treated as the highest priority.
- Whova delivers a security code training program to every new engineer.
- All employees are required to sign Non-Disclosure and Confidentiality agreements.
- Whova offices are secured by keycard access, and they are monitored with cameras 24×7.
- We continuously train employees on best security practices, including how to identify social engineering, phishing scams, and hackers.
Responsible Disclosure
Please report to us first if you discover a vulnerability with our information systems.
- Do not attempt to harm Whova, its users, or its customers’ data.
- Allow a reasonable time for Whova to investigate and resolve the issue.
- Please don’t share the vulnerability you discovered publicly. Instead, please report details to security@whova.com, including steps to reproduce.
- Please use the PGP key at the bottom of the page to encrypt your message sent to security@whova.com.
Trusted by the World’s Leading Brands and Organizations
-----BEGIN PGP PUBLIC KEY BLOCK----- xsBNBGEBqfUBCACrzCCL620Aeyv+h9T2y6/3oeDxUd/ehmoxRCP3JZG5BkfiZrR2 oIpLW4j+108zNNhUWHanapFXS27thjHi8b3WqbFEP3I66LqEYZH4EojGpyspf0E2 mINpIj+KkCtfd2NHuCyX6xTzKxgmFt37I1cPYfMLr3mRpdwdht8pqjFTeGHSqqoI Yf1ms5btmWxBZ0S5QdaOPTDm555W3PuezQnPhwB5H0CS9d/htKXnQxGt8tgNI7lj 9/tMaybzaniemec+DrA5hUyTrFTBTxe1vYwksn4SJNDwHW5NHUZ0srXoiUgbcuGu 8HUXRNi5nUsTGs2V577v/XyBtvF/c+SD1WTNABEBAAHNI0ppYXFpIFpoYW5nIDxq aWFxaS56aGFuZ0B3aG92YS5jb20+wsB6BBMBCgAkBQJhAan1AhsvAwsJBwMVCggC HgECF4ADFgIBAhkBBQkDwmcAAAoJEJOhD8G3QYoHpXoH/jje8N2zbWNl8jYd0+L8 WHYnGl+N6717QHh5SCPaAAl9m1gwZenlMdy8zBhpjJuWU2VtII641HQTlgIJPuOr XhDqzSnMQ857mF+BrYPkFM0RYjrZR28eHzdO50GmScafEQsEA+VnDcQbJPeHI1IA VWNPgYS46Ok1560oBzM4JpSuwjeesoEPkvn52VUCC7HwPs5ZmfOIlxcvjMx49ncK VCOsupsaEyS5iUAqdNhL2keHJAf8ITaMYz7xXIxTSesXML8KfADuk584mHLXKtpc bq4hglPq+Jtpznhv2vhnh2Z+scPwZ9mESOliJkv5DlNPSfUas0VC4mqyzP7/7+V4 Bh3OwE0EYQGp9QEIAMXa6aj8XKqxR497EddG0aJYxpUD8lrj53BrAePJHz3ie/7f hn+zYurEErUzYE+IBxO7ClJQKuJNew8vYKPi4CahaYkHfqg2xDL6rDmalFMfhlQI 1DGuWV53tY6xcds89p/1IIJrcOSd0Vrp3Tm+MK70dcz1nGQiZIPoiHCFq/R7PTUd d6DeruLQ+nRr5LC2kJroz6mbuvdu+N4Z1FyHNbUKNGCxlMk6ToRgTf14jBPpRQGi 042HvRKaQn9m3yC/mjiHVYLFAxnzuYZu/eIr3mEtIBezkVlRe2YTZ1EiqjkivVh1 XXSs/mSl8EXcbejWVaSyj/CUBKEqYPHMioiCV5MAEQEAAcLBhAQYAQoADwUCYQGp 9QUJA8JnAAIbLgEpCRCToQ/Bt0GKB8BdIAQZAQoABgUCYQGp9QAKCRAg4hHU/d2d /QXjB/9JdXEiUDlzDHzhev8TdClmX9Jigq7fWhzV3wSnHZlsAU8NoQqTLZUXzTLz TnNT/jrN/Ziium+Hdp9NGm1nttAYVSEfbNak7lISdRrNJQXv6UJrVGYQjec08MaR bTvYZ420TkyMd5xT0QN5m2HbfGPLfZMd9p7UilWY2KbLx45WIIQhziQj6EEhXeCn hEUK/PuQvdpsyJuQjzTNVrAJaNMXOpHs35Jp63dBMfRH7t+dm/ZV95V1vwVzu6NY moX+a6Z9HoMmKjWZ/ayBMqNB+Jd1Z/E6YNrI7ySH/awypVvn2v/2TvmBM/Av2IF+ bQaU8YArPJQCpsg8UYe9PgZSyKGEveAH/0xopzZnL+EJLTGIyqR/SM8wyAWppJjy Woa4ipakqC7l++oTlT8/A9v0gHvDo652jaonPJA5jiF/Ea2N4G7WKMvs0dIsksVq ms4XcblTbSCBb3U5dTC9Yx5QzklR3GjjPauVYpxeUk1fK9cvPBAvLsbUffk+xn1F K056yut6LETj+tmnBmw46ldFFTaAUYt6KSRzO5P4bbVrfzzHduQrbJa0yTfyOdpr GwMGD5TbzC5aknrLIKplvREc6ylZBr41epp5bWU4S9AUlMCNxOrN26WlidO1a4Hh 5jv9C+pt64ySjGKF94ND27UMGzaDEF0NkpQZ55eLSm5F0Oo71RmviSTOwE0EYQGp 9QEIAK90hjcM0rsFzhbNSlG9PnUpQwTtHcjDU81UTVrO0sUtmzNNBT8tPp0JQJSj AcOMRmDWLN4C+04jMI5jiqvbC2KJ5AsOrTuItXcyXLHS7yEN0xT86fcHfpAxE8VM iJvEc3IqPBxCGXlV9id8lPiT+GcTJQtbUbgCBQWg3yTli4XSy+XGuy2Yt94YxTwH Ls/3sVVQqIwOcsSxK8+R207yS9P4o6bBaOuJzbzi5B6l9bHHfHwKd5hDHwDZ516l wUVJYFEv9fhz0re/jDHjmJxbMK4QwGq6/+BhxwySl/VdQa8XlZI5w3r7BgJLKdH4 eKp8AwkfKPZg3oSZRiiTD59p2SEAEQEAAcLBhAQYAQoADwUCYQGp9QUJA8JnAAIb LgEpCRCToQ/Bt0GKB8BdIAQZAQoABgUCYQGp9QAKCRBiJAyxaXE0/j41B/96eEJ3 Of9hnkY8cDajdj3Wounx/RJO9J/HIIby69XwVwW3fHx2pSCVLQE7QEOGO8N82EFx NxJnUJiqlnZ6GgG8pZbYGhC0Q2UgQkGY3qdOJq7LHPwz2uzPQcbzc4S1fmm82zez Fy1wQT/FLosEwm1hl2O5PmL0hYcY8mm18Cc9q5euYmo2nlmz4pAj12VXTL668BDB KeepyAvl1xFfCfpgWe6Hy8kReeh7DX2uO+g8fNzI08wdkjq4c+6HzrnFyRRthkk1 wNFt2vmy57qCuaJ5+bPrvNFasUaP8gV2ymLcICuejSeWzCPyazkRdNVNlsPPI8Wi 6PuK6T5CgzZArO0nvGwH/2E4oK/AgICi6MS1ZOY3RJf2jru+xJfwh8aBrfYchZYZ MKi3PIGOD7aaiUzz+RJHfcdtP/PDTLvCR0/I7oLp9LnBERlhmsCwc6MKvqMvxAt9 RY37ogvrGRtD6JMCbLrx6DLoE4LBV3bpLL5wdC3rCgg+IRssYTzmakVmWgMUsanu 4NK5reyBpq4Tu4Q9VhViok6/lS9DanLBkcjx0xbZftD+/fyXNb+WR/Lnur9I3+jx wiIujL8cKlGIXwHm+Zw2uQq9EajYDxQnj0yeE86NFQt45DdHIpPlWN9fpHs7u8xT mNIOuicdVQcFn9WfrfyeiFrhhVCTeC3UtnafFjdXybY= =aghM -----END PGP PUBLIC KEY BLOCK-----