Security Overview

Operational security overview for Everlage customers and prospects

1. Purpose

This Security Overview summarizes Everlage’s current security approach. It is an informational trust document, not a warranty, certification, or replacement for a signed security addendum or Enterprise agreement.

2. Infrastructure

Everlage is hosted on Amazon Web Services (AWS), with primary infrastructure intended to operate in the Tel Aviv, Israel region. Everlage uses cloud infrastructure capabilities for compute, storage, networking, monitoring, and operational resilience.

3. Tenant separation

Everlage is a multi-tenant SaaS platform. Customer environments are logically separated by tenant. Each Customer receives a default subdomain and may connect a custom domain. Access to tenant data is controlled through authentication, roles, and tenant-scoped application logic.

4. Access controls

Everlage supports staff/user access controls and may use role-based permissions, account authentication, OTP/SMS or two-factor mechanisms, session management, and audit logging. Customers are responsible for assigning appropriate roles, removing former staff users, and protecting credentials and devices.

5. Encryption and data protection

Everlage is designed to use encrypted connections in transit for web and API traffic. Sensitive operational access is limited to authorized personnel. Payment-card processing is designed to occur through Customer-selected payment providers rather than through Everlage storage of full card data.

6. Monitoring and incident response

Everlage monitors service operation, application behavior, and security-relevant events to detect errors, abuse, or unauthorized activity. If Everlage becomes aware of a confirmed security incident affecting Customer data, it will notify affected Customers according to applicable law and contractual commitments.

7. Backups and continuity

Everlage maintains operational backup and continuity processes designed to reduce risk of data loss and support service recovery. Backup retention, restore objectives, and Enterprise continuity commitments may be defined in separate technical documentation or Enterprise agreements.

8. Customer responsibilities

Customers play an important role in security. Customers must protect administrator accounts, configure staff roles carefully, use secure domains and DNS, avoid collecting unnecessary sensitive data, train check-in staff, secure scanner devices, review integrations, and promptly report suspected unauthorized access.

9. Payment security

Event-ticket payments are processed by Customer-selected payment gateways or merchant accounts. Everlage does not act as merchant of record and is designed not to store full card numbers or CVV data. Customers are responsible for payment-provider compliance and payment-risk management.

10. Vulnerability reporting

Security concerns or suspected vulnerabilities should be reported to Legal@everlage.com or Support@everlage.com. Please include enough detail to reproduce the issue and do not access, modify, or disclose data that does not belong to you.

11. Certifications

Unless specifically published or agreed in writing, Everlage does not claim SOC 2, ISO 27001, PCI DSS certification, HIPAA compliance, COPPA compliance, or other formal certification. Any future certifications will be listed only after completion.