Security at Micepad
We take the security and privacy of your event data seriously. Micepad is built on enterprise-grade infrastructure with industry-standard certifications.
ISO 27001:2022 Certified
Micepad maintains ISO 27001:2022 certification, the international standard for information security management systems (ISMS). Our certification covers the design, development, and operation of our event management platform.
GDPR Compliant
We comply with the EU General Data Protection Regulation. Attendee data is processed lawfully, stored securely, and can be deleted on request. A Data Processing Agreement (DPA) is available on request.
How We Protect Your Data
Enterprise-grade encryption and redundancy at every layer.
Data at Rest
All data is encrypted at rest using AES-256 encryption. Database backups are encrypted and stored in geographically redundant locations.
Data in Transit
All data transmitted between your browser and Micepad is encrypted using TLS 1.2 or higher. API connections enforce HTTPS.
Data Backups
Automated daily backups with 14-day retention. Point-in-time recovery ensures your data can be restored in the event of an incident.
Security Controls
Micepad implements best-practice security controls across infrastructure, organisation, product, and data privacy.
- Cloud hosting on enterprise-grade infrastructure with 99.9% uptime SLA
- Network-level firewalls and web application firewall (WAF)
- DDoS protection and traffic monitoring
- Private endpoints for database and storage services
- Multi-factor authentication (MFA) required for all infrastructure access
- Regular vulnerability scanning and patching
- Information security policies aligned with ISO 27001:2022
- Employee security awareness training conducted annually
- Confidentiality agreements for all staff and contractors
- Role-based access control with least-privilege principle
- Asset management and secure disposal procedures
- Incident response plan tested and reviewed regularly
- Encryption of all sensitive data at rest and in transit
- Annual penetration testing by independent third parties
- Continuous vulnerability monitoring and remediation
- Secure software development lifecycle (SDLC)
- Immutable audit logs for all system access
- Regular code reviews and automated security testing
- Data classification and handling policies
- Customer data is never shared with third parties without consent
- Data retention policies with automatic purging
- Right to deletion — customer data is removed upon account termination
- Data Processing Agreement (DPA) available on request
- Privacy impact assessments for new features and integrations
Frequently asked questions
All data is hosted on enterprise-grade cloud infrastructure. Primary data and backups are stored in geographically redundant data centres.
Yes. Micepad complies with the EU General Data Protection Regulation. We offer a Data Processing Agreement (DPA) and support data subject access requests, portability, and deletion.
Automated backups are retained for 14 days with point-in-time recovery. All backup data is encrypted at rest.
Yes. We conduct annual penetration tests through independent third-party security firms, in addition to continuous automated vulnerability scanning.
Access to production systems is restricted to authorised personnel only, with multi-factor authentication required. Access is reviewed regularly and follows the principle of least privilege.
Yes. You can delete your event data at any time from within the platform. Upon account termination, all data is permanently removed within 30 days, with encrypted backups purged within 14 days.
Have a Security Question?
Our team is happy to answer any security or compliance questions. We can also provide our ISO 27001:2022 certificate and Data Processing Agreement on request.
Contact Us