Eventleaf Security Guide

PCI Compliance

The Payment Card Industry (PCI) Data Security Standards (DSS) is a global information security standard designed to prevent fraud by protecting the way credit card data is processed and stored. Organizations that process credit card payments must follow PCI DSS standards.

Eventleaf is certified PCI DSS 3.2 compliant. The service is audited on a regular basis by SecurityMetrics, a PCI qualified auditor. In order to achieve PCI certification, Eventleaf maintains rigorous data security standards to ensure that its customer's credit card information remains safe and secure. Further information is available upon request.

EU-U.S. Data Privacy Framework and UK Extension Commitment

As part of its commitment to protecting personal privacy, this Jolly complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, as set forth by the U.S. Department of Commerce. Jolly has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF as described in the site Privacy Policy. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

GDPR Compliance

In May 2018, the EU General Data Protection Regulation (GDPR) went into effect. This law requires that Eventleaf and event organizers using the service provide users with details of how their personal data will be processed.

How will Eventleaf use your personal data

Your personal data will be collected and processed by Eventleaf when:

  • We have your consent
  • It is necessary for use of the Eventleaf site and services
  • We are required by law to provide it for legal or regulatory obligations

Transfer of personal data

Eventleaf is a global service provider and your data may be stored outside of the country where it was provided. If your personal data is ever transferred from one of our systems to another, we take steps to ensure that appropriate safeguards are in-place to protect your data. Your data is further protected by our participation in the EU-U.S. DPF, as described above.

Personal data retention

Your personal data is retained as long as necessary to provide you with the ability to use Eventleaf products and services as well as for other important purposes such as resolving transaction disputes and other legal obligations.

Typically your personal data can be deleted immediately, either by managing your account or upon request, barring any pending or recent transactions.

Eventleaf as a data controller

Eventleaf acts as a data controller, per the EU data protection laws, when someone creates an account on Eventleaf.com. For example, if you organizing an event, Eventleaf will be a data controller in regards to your personal data.

Eventleaf as a data processor

Eventleaf acts as a data processor, per the EU data protection laws, in regards to the use and collection of personal data when someone registers for an event and to assist organizers in regards to administering events (e.g. sending invitation emails, reminders, surveys, payment processing, etc). Eventleaf does not control what personal data is collected during the registration process or entered by an organizer, nor does it manage the validity of the collected data.

If you have any questions regarding your personal data related to an event, please contact the event organizer as they are the data controller in this case.

Your rights

It is your right to request information on what personal data Eventleaf maintains about you as well as to correct or delete your personal data. For assistance, please contact us.

Hosting Environment

Eventleaf is hosted on the Microsoft Azure platform. Microsoft Azure is PCI DSS 3.1 certified. For more information, visit the Microsoft Trust Center.

Data Protection

Eventleaf encrypts sensitive information such as passwords and credit card numbers using the strong, industry-standard cryptographic protocol, AES-256. Data is maintained in Microsoft Azure and all data communications are encrypted using 256-bit SSL certificates.

Employee Data Access

Eventleaf is developed and maintained by Jolly Technologies Inc, a California-based corporation. All employees must pass rigorous background checks. Employee access to customer data is strictly limited to a need-to-know basis.


We have a strict policy to respect the privacy of customer information. We will not disclose your information to 3rd parties without your express permission. For more information, please refer to our Privacy Policy.

If you have any questions or would like more information, please contact us.