HappeningOut Security & Safety Guide

PCI Compliant

Eventbrite complies with PCI-DSS 3.1 Level 1 as both a Merchant and a Service Provider.

  • Registered as a PCI-compliant Service Provider.

  • Passes internal and external application and network penetration testing performed by independent security firms.

  • PCI Attestation of Compliance (AOC)

  • OutClique employs a cross-functional team responsible for oversight of PCI Compliance.



HappeningOut maintains a comprehensive privacy program. To us, this means that although we are required by law or regulation to do certain things, we are continually evaluating whether we can and should do more.

  • We do not sell the personal information of our customers to third parties.

  • We have a full time legal and security team focused on privacy and security issues.

  • You can find our privacy policy at: http://www.happeningout.com/PrivacyPolicy


Hosting Environment

Rackspace hosts HappeningOut's production systems.

  • PCI-DSS Level 1 Service Provider

  • Independently verified and audited

  • SOC1, SOC2, and SSAE16 Type II


Web and Mobile Application Development

HappeningOut is committed to designing, building, and maintaining secure systems.


  • All applications are regularly scanned for common security vulnerabilities including the OWASP Top Ten.

  • Regular training on Secure Coding Practices is provided. All engineers must attend training sessions.

  • No credit card information is permitted to be stored on any mobile device.

  • Use of encryption for both storage and transmission of sensitive information is regularly audited by the HappeningOut Security Team.

  • All web and mobile applications are primarily developed, tested, deployed, and maintained by a full-time, in-house engineering team.



HappeningOut uses strong encryption methods and key management procedures to ensure your sensitive information is protected.

  • All credit card information is encrypted with strong industry-standard cryptographic protocols such as AES and TLS while in transit through our systems.

  • HappeningOut's website and APIs are accessible via a 256-bit SSL certificate issued by Digicert.

  • Credit card information is never stored after transaction authorization.

  • Access to encryption keys is held by the smallest number of HappeningOut employees possible.


Our Organization

HappeningOut has taken appropriate measures to vet our employees.

  • All employees are subject to reference, education, and other personnel checks. Certain employees are also subject to detailed background checks.

  • HappeningOut maintains an information security training program that meets PCI-DSS standards.

  • Knowledgeable full-time security personnel are on staff.

  • Require written acknowledgement by employees of their roles and responsibilities with respect to protecting user data and privacy.


Incident Response

While we don't anticipate there ever being a breach of our systems, we know that no computer system is perfectly secure.

  • In the event of a breach of a HappeningOut information system, we have a detailed Incident Response plan in place.

  • Periodic testing of the response plan.

  • HappeningOut has 24x7 monitoring of its security systems and alerts.


Research and Disclosure

If you discover a vulnerability with HappeningOut's information systems, report it to us first!

  • Do not attempt to harm HappeningOut, its users, or customer's data.

  • Allow reasonable time for HappeningOut to resolve the issue before publishing findings publicly.

  • Report details to admin@happeningout.com.

  • Include full details and steps to reproduce.