Security update: AddEvent is now SOC 2 compliant   →   Read more

AddEvent
or
Solutions
Go to app

Trust Center

Trust AddEvent with your
security and privacy

AddEvent delivers enterprise-grade security and compliance
to protect your data and your customers’ data.

At AddEvent, we’re committed to the
security and privacy of your data.

Our Trust Center connects you to our privacy, security and compliance programs, so you have all of the information you need to manage your data.

Terms Our Terms are designed to clarify how you can use AddEvent and what you can expect from our service. arrow_forward Privacy Our policies, tools and procedures are built to protect your data and help you meet your privacy obligations. arrow_forward Security Enterprise-grade security is built into every aspect of how users collaborate and get work done in AddEvent. arrow_downward

Compliance

Meet global standards for
privacy and security

AddEvent adheres to GDPR, CCPA and other privacy and security regulations. We also have policies and controls for you to manage security threats, keep your data safe and help you meet your compliance obligations.

GDPR
arrow_forward
California Supplemental Privacy Notice
arrow_forward
Sub-data processors
arrow_forward
Data Processing Addendum (DPA)
arrow_forward
Cookie policy
arrow_forward

Compliance certifications and attestations

SOC 2

(Type II)
Trust Services Principles

SOC 3

Service Organization Controls

Download report

GDPR

Compliant

(Certified by Apr. 2026)

CCPA

Compliant

FAQ

Trust & Compliance FAQ

What is SOC 2?

SOC 2 is an independent audit framework developed by the AICPA that evaluates how an organization protects customer data, based on the Trust Services Criteria: Security, Availability, Processing Integrity, Confidentiality, and Privacy.

What is SOC 2 Type II (Type 2)?

SOC 2 Type II (Type 2) is an audit report that assesses both the design of controls and how effectively those controls operated over a defined review period (not just at a point in time).

Do you have a SOC 2 Type II report?

Yes. We maintain a SOC 2 Type II report that covers key controls related to security and data protection.

How can I request a copy of your SOC 2 Type II report?
  1. Select the documents you want
    • Review the available list of SOC 2 Type II policies and documents.
    • Check the boxes next to the documents you’d like to request.
  2. Proceed to your email
    • Click “Proceed to your email” to submit your request.
  3. We review and respond
    • Once we receive your request, we’ll email you a secure link to sign a Non-Disclosure Agreement (NDA).
  4. Sign the NDA
    • Follow the link in the email and complete the NDA signing process.
  5. Receive your documents
    • After the NDA is signed, we’ll send you the requested SOC 2 Type II policies and documents.
Select documents



How often is your SOC 2 Type II report updated?

We undergo SOC 2 Type II audits on a recurring basis and refresh our report annually. The most current report is available upon request.

What services are included in the SOC 2 Type II scope?

Our SOC 2 scope covers the systems and services used to deliver our core product(s). If you need confirmation that a specific product, deployment option, or environment is in scope, contact us and we’ll clarify.

Where is customer data hosted?

Customer data is hosted on Amazon Web Services (AWS) in the EU (Ireland) region.

Do you store customer content? How long do you retain it?

We follow a data-minimization approach and retain customer data only as needed to provide the service, meet contractual requirements, and comply with legal obligations. Retention periods can vary by product configuration and customer requirements.

How do you secure data in transit and at rest?

We use encryption in transit (e.g., TLS) and encryption at rest (e.g., industry-standard encryption) along with access controls, monitoring, and secure key management practices.

Do you have a Data Processing Agreement (DPA)?

Yes. We offer a DPA for customers who require it, covering our role as a processor/service provider and outlining data protection obligations and subprocessors.

Go to Data Processing Agreement (DPA)

Are you GDPR compliant?

We support GDPR requirements through privacy-by-design practices, security controls, appropriate contractual terms, and documented processes to protect personal data and respect data subject rights.

How do you handle international data transfers?

Where international transfers are required, we use recognized transfer mechanisms (such as Standard Contractual Clauses) and apply appropriate safeguards (including technical and organizational measures) to protect personal data.

Do you sign a HIPAA Business Associate Agreement (BAA)?

No. We do not sign a HIPAA Business Associate Agreement (BAA) because our service is not intended to process, store, or transmit sensitive patient data (PHI).

What security policies and governance do you have in place?

We maintain a formal security program with documented policies and procedures that are reviewed and updated regularly. Our governance includes risk management, access management, incident response, and ongoing security monitoring.

How do you manage third-party vendors and subprocessors?

We assess vendors and subprocessors based on risk and maintain oversight through due diligence, contractual controls, and periodic reviews.

List of sub-data processors.

How do you handle security incidents?

We maintain an incident response process to detect, respond to, and remediate security incidents. Where required, we notify affected customers and regulators in accordance with contractual and legal obligations.

Who can I contact with security or compliance questions?

For any security or compliance questions, please contact us at security@addevent.com. We’re happy to help with security reviews, questionnaires, audit documentation (e.g., SOC 2 reports under NDA if applicable), and coordination on customer due diligence requests.