Security

How we protect your account, data, and communications

Security Commitment

Protecting user data and maintaining platform security is fundamental to Eventik. We implement security measures to safeguard your account and personal information.

1. HTTPS Encryption

All connections to Eventik (eventik.web.id) are served over HTTPS with Transport Layer Security (TLS). All data transmitted between your browser and our servers — including login credentials, personal information, and payment data — is encrypted in transit. We enforce HTTPS for all pages and API endpoints.

2. Account Protection

  • Password Hashing: User passwords are hashed using bcrypt or similar industry-standard algorithms. Passwords are never stored in plain text.
  • Login Monitoring: We monitor login activity and may send security alerts when a sign-in occurs from a new device or unrecognized location.
  • Session Management: User sessions are managed securely with appropriate timeout policies.
  • Brute Force Protection: Rate limiting is applied to login attempts to prevent automated attacks.

3. Data Security Practices

  • Access Controls: Access to user data is restricted to authorized personnel on a need-to-know basis.
  • Data Minimization: We collect only the information necessary to provide our service.
  • Infrastructure Security: Our platform infrastructure is hosted on reputable cloud providers with their own physical and network security measures.
  • Regular Review: We periodically review our security practices and update them as needed.
  • Dependency Management: We keep our software dependencies updated to address known security vulnerabilities.

4. Email Security

  • All emails sent by Eventik use our verified domain (eventik.web.id) with proper SPF, DKIM, and DMARC authentication configured through Amazon SES.
  • Email authentication helps prevent email spoofing and ensures receiving mail servers can verify that emails genuinely originate from Eventik.
  • We monitor email delivery metrics including bounce rates and complaint rates to maintain high deliverability and sender reputation.

5. Payment Security

Payment processing is handled by established third-party payment providers. Eventik does not directly store or process credit card numbers, CVV codes, or full payment card data. Payment information is transmitted directly between the user and the payment processor over encrypted connections.

6. Responsible Disclosure

If you discover a security vulnerability in the Eventik platform, we encourage responsible disclosure. Please report security issues to security@eventik.web.id. We will acknowledge receipt and work to address confirmed vulnerabilities in a timely manner.

7. User Responsibilities

  • Use a strong, unique password for your Eventik account.
  • Do not share your account credentials with others.
  • Keep your email account secure, as it is used for password recovery.
  • Log out of shared or public devices after use.
  • Report any suspicious activity on your account immediately.

8. Related Policies

9. Contact

For security inquiries: security@eventik.web.id or via our Contact page.