Security
We take security seriously. Here's an overview of how we protect your data and your attendees' information.
Payments
Ticket HQ does not store card numbers or payment details. All payments are processed by Stripe, a PCI DSS Level 1 certified payment processor. Card data never touches our servers.
Data in transit
All connections to Ticket HQ are encrypted using TLS 1.2 or higher. We enforce HTTPS across every page and API endpoint.
Data at rest
Customer and organiser data is stored in encrypted databases hosted on infrastructure that complies with industry-standard security practices. Access is restricted to authorised personnel only.
Authentication
Organiser accounts are protected by hashed passwords and support for secure session management. We recommend using a strong, unique password and storing it in a password manager.
API security (Pro)
API access is authenticated with scoped API keys. Keys can be created and revoked at any time from the Settings → Developer section of the dashboard. Keys are only displayed once at creation; store them securely.
Responsible disclosure
If you believe you've found a security vulnerability in Ticket HQ, please report it responsibly to security@ticket-hq.com. We'll acknowledge your report within 2 business days and keep you informed as we investigate and resolve the issue.
