At RSVPify, we go to great lengths to ensure the safety and security of your account.
We use industry-standard, enterprise-grade encryption technologies across our application -- and offer the ability to leverage a secure connection for your event's RSVP form if you'll be collecting any potentially sensitive data during the RSVP process.
We’ll never sell or distribute your information or that of your guests, and all of your account's data is strictly private -- accessible only to you and to RSVPify Senior Support Staff in the event you need any help from us.
How is User/Guest Data Protected on RSVPify
RSVPify employs a series of technical and procedural tools and processes to protect our systems and data (servers, databases, etc). We regularly monitor and review these measures and related reports to ensure a safe and secure environment for our users and their guests.
What type of encryption and key length will be used? How do you handle sensitive information?
We encrypt all web traffic across RSVPify applications and services using enterprise and military-grade AES-256 encryption. All sensitive information (e.g. passwords) that must be stored is done so in an encrypted ("hashed") state.
Can I ask my guests to provide sensitive information and data through RSVPify?
RSVPify does not recommend requesting that guests provide sensitive proprietary, confidential, or classified information or potentially sensitive personal data (e.g. credit card number, social security number (SSN), passwords, etc.) in custom data fields ("Custom Questions").
While RSVPify fully encrypts and ensures the secure transfer and communication of data in designated fields such as password and credit card fields, and all data transfers and exchanges occur over an SSL connection, custom data fields are not hashed and the contents of these fields may be visible through non-secure means such as confirmation emails or downloadable reports.
While RSVPify does not restrict the use of custom data fields, the decision of what data fields to require during event registration is exclusively up to the account owner and event host(s). RSVPify is not responsible for the external use, safety, or security of any custom data collected by event hosts and stored or otherwise exposed externally to the RSVPify platform (e.g. 3rd-party email clients, exported spreadsheets, 3rd-party databases, physical printouts, etc).
Does RSVPify store my credit card information?
RSVPify does not store credit card information. Credit card transactions are managed by trusted and independently verified 3rd party payment providers who comply with international security and compliance standards.
How will IDs, authentication, and authorization be managed?
Our systems are secured using industry-standard Identity & Access Management (IAM) protocols.
What are the protocols for Data Retention?
RSVPify retains user data, event data, and guest data for a period of at least two (2) years following the date of a given event.
RSVPify retains user and guest data indefinitely, for at least a period of (2) years
User data is instantly deleted from all production database instances upon user delete action
Data may be retained for longer periods in encrypted backup drives under the purview of Amazon Web Services (AWS)
Data may be retained for a period following account closure (account deletion request)
RSVPify will retain all data associated with events using RSVPify's "free" plan tier for a minimum of 30 days from the date and time that event is scheduled to conclude as shown in your event's settings.
Select or comprehensive user data may be deleted upon verifiable, written request
RSVPify reserves the right to limit, delete, or destroy data and data access at any time
For more details, please consult our Terms of Service
For users without an active paid subscription, RSVPify may delete data as server resources and architecture require. RSVPify makes no assurances on the data deletion timeline for any given data set.
RSVPify may retain all or certain pieces of data indefinitely. If you would like to request the deletion of any personal or event-related data that RSVPify may store, please submit a data deletion request to [email protected].
In addition to these protocols, RSVPify is also in compliance with the GDPR for those users in the EEA and UK. We also have specific protocols in place for Protected Health Information (PHI) for healthcare customers in the United States.
What core security protocols, processes, and procedures does RSVPify adhere to in protection of my account and data?
At-rest data encryption
Intrusion detection system & web firewalls
Regular third-party penetration testing and security reviews
Bug detection and realtime alerting
SQL injection monitoring and prevention
Uptime monitoring and realtime alerting
Password complexity requirements
Who is RSVPify's cloud services provider?
All directly provided RSVPify services and applications are hosted by Amazon Web Services (AWS) in U.S. regions. Physical and system-level security protocols, processes and procedures are under the purview of AWS.
Does RSVPify independently furnish SOC, ISO, PCI or other compliance certifications?
RSVPify core systems and services and powered by Amazon Web Services (AWS). Amazon maintains active certifications for all major third-party major systems, security and compliance programs and compliance assessments. All payments are processed by Stripe, which independently maintains active PCI compliance certification. Credit card details are never directly processed or readable by RSVPify systems, servers or databases.
Does RSVPify furnish a Data Protection Agreement (DPA)?
RSVPify's Data Processing Addendum
Is RSVPify certified in the EU - U.S. Privacy Shield Framework?