Secure Access and Login
SpeakerTravel is only accessible over a secure HTTPS (TLS) connection. This ensures data in transit is always encrypted. Connections between you and our service, between our team and our service, and connections between our services run over a secure channel.
User accounts are password protected. Passwords are not stored directly in our database - instead we use a one-way salt and hash technique, so they can never be read or used. Accounts can optionally be protected using two-factor authentication that requires a one-time password (OTP) to provide an additional verification when logging in.
Social login methods using your Microsoft Account or Google Account are supported as well.
On every request, the security subsystem in SpeakerTravel checks if the authenticated user has access to the data they are requesting. Access control is specific to every user, and takes into account the event permissions an organizer configures.
In our team, the principle of least-privilege is applied. Direct access to our database is possible for some people on our team, and is only temporarily granted when needed for operational purposes and/or troubleshooting.
Our staff may access customer data via controlled interfaces, to provide effective customer support.
You own your data. We don't share your data with others, except when needed (for example when booking a flight ticket).
Data is stored securely and redundantly in the Microsoft Azure cloud. Data is backed up, and our database, including backups, is encrypted at rest.
As an organizer and as a traveler, you can delete your account at any moment and ask to be forgotten. Doing so results in all your personal data being removed from our service.
As an organizer, you can request event deletion. Doing so results in your event and its related data, including traveler data, being removed from our service.
Encryption at Rest
Our database, including backups, uses encryption at rest to protect against storage-related data breaches.
Backups and Redundancy
All databases are continuously backed up by our cloud services provider (Microsoft Azure).
We create full backups every week, differential backups every 12-24 hours, and transaction log backups every 5 to 10 minutes. Data can be restored to any specific point in time from the last 35 days.
All backups are stored in two different geographical locations to protect against hardware and network failures.
Physical and Environmental Security
The data centers that we use are owned and operated by Microsoft. Our service is hosted on resources that are managed, upgraded, monitored and protected by them
We make use of two data center regions: West Europe (The Netherlands) as the primary location, and North Europe (Ireland) as the secondary location.
Physical and environmental security of these data centers is handled by and delegated to our Microsoft. This includes:
- Data resides in a physically restricted area
- Physical security controls to restrict and monitor access to the IT infrastructure involved in the service delivery
- Process for granting and revoking access to the restricted areas
- Physical access to the IT infrastructure involved in the service delivery, other than authorized IT personnel
- Reviewing of physical access rights on a periodic basis
- Restricting physical access to the service IT infrastructure (data center/server room) by using strong, multi-factor access controls, including biometrics
- Securing physical hardware used for service delivery
For more detailed information, please refer to https://azure.microsoft.com/en-gb/support/trust-center.
SpeakerTravel does not operate any local server infrastructure. We don't permit transfer of data from our cloud services to other infrastructure.
SpeakerTravel uses several monitoring tools that integrate with our cloud services. These tools identify and track operational and security metrics.
Application-level monitoring is in place to track general service health, tracing and errors that may occur. Our monitoring tools also capture performance data, which we use to optimize the application and the resources it uses.
We have implemented alerting on all services, including endpoints of third-party services we require.
All devices used by our team have full disk encryption, are updated regularly, and have malware and endpoint protection enabled. Multi-factor authentication is used to access all systems.
- January 1, 2022 - Initial version