Skip to content
Contact us
  • There are no suggestions because the search field is empty.

Security & Compliance FAQs

Answers to the most frequently asked questions about compliance and security in Evalato.

Where is Evalato’s data stored?

Data for Evalato is stored in secured data centers in Amsterdam managed by DigitalOcean, a provider certified to ISO/IEC 27001:2013 standards and PCI DSS compliant. 

The servers have SOC 2 Type II reporting, a global standard for data privacy and security, and are monitored 24/7 to prevent unauthorized access.

How are the Evalato servers protected?

Physical safeguards include 24/7 security guards, restricted facility access with biometric authentication, full CCTV monitoring, and backup power systems to prevent downtime.

Additional safeguards include biometric readers with two-factor authentication, battery and generator backup, generator fuel carrier redundancy, and secure loading zones for the delivery of equipment. 

Last but not least, data at rest is encrypted for additional protection against breaches, unauthorized access, or physical theft.

How does Evalato handle payment information?

Evalato is fully PCI DSS compliant, integrating with 3rd party payment gateways for credit card payment processing. The software does not store any credit card details, raw magnetic stripe, card validation code, or PIN block data — that information is just passed from the person making the payment directly to the payment gateway for processing. The integrated payment gateways are certified Level 1 PCI DSS compliant service providers.

How does Evalato protect data?

Data transmitted between customers and Evalato’s service is protected using TLS (Transport Layer Security) v1.2. Data at rest is encrypted using AES 256-bit encryption within Evalato’s systems. 

To ensure maximum protection of data, the Evalato support staff does not have access to the data, nor direct access to the NAS/SAN storage systems where snapshots and backup images reside.

Monitoring and analytics capabilities are further utilized to identify potentially malicious activity. System behaviors are monitored for suspicious activity, and there are response procedures in place in case of an incident report.

What is Evalato’s email security?

SendGrid maintains the email servers and infrastructure for all communication sent through Evalato, ensuring the highest email deliverability and protection. SendGrid has EU-US and Swiss-US Privacy Shield certifications, as well as SSAE-16 SOC2 Type II reporting for data privacy and security.

Is Evalato compliant with GDPR and data protection laws?

Evalato is fully compliant with the EU General Data Protection Regulation (GDPR). The software lets organizers add consent options during registration, download data for user information requests, and request permanent deletion of data.

Organizers control and own all program data — Evalato does not use it for marketing purposes or share it without permission.

What backup and uptime assurances are there?

Data is backed up several times a day in multiple remote locations. Backups are stored on an internal, non-publicly visible network on NAS/SAN servers. Evalato is dedicated to keeping downtimes to a minimum, and the service successfully maintains an uptime of 99.98%.