Security

At Session Services, we prioritize the security of our systems and the protection of our users' data. We understand that strong security measures are crucial in today's digital environment, and we are committed to implementing robust protections for our users.

Our Security Measures

Data Protection

  • All customer data is encrypted at rest and in transit
  • Passwords are hashed using industry-standard algorithms
  • Regular automated backups ensure data recovery capabilities

Access Control

  • Role-based permissions ensure customers only access their own data
  • Support for OAuth authentication alongside traditional passwords
  • Strict tenant isolation prevents cross-customer data access
  • Production system access limited to authorized personnel only

Infrastructure Security

  • Hosted on AWS with CloudFront for DDoS protection
  • All payment processing handled by PCI-compliant third parties
  • Regular security updates applied to all systems

Incident Response

Session Services has a thorough protocol in place for responding to security incidents. Our dedicated team is prepared to swiftly manage and mitigate any issues that arise, ensuring minimal impact on our services and users.

Responsible Disclosure

We welcome security reports for our ticketing platform only. Please email security@session.services with valid vulnerabilities that include:

  • Clear description and reproduction steps
  • Real security impact on our ticketing platform
  • Proof of concept (if applicable)

Out of scope (no response will be sent):

  • This marketing website (session.services)
  • Email/DNS configuration (SPF, DKIM, DMARC)
  • Missing headers, SSL issues, or clickjacking
  • Theoretical vulnerabilities with no real impact

Safe Harbor:

We will not pursue legal action against researchers who act in good faith and:

  • Do not disrupt our services or customers
  • Stop testing once a vulnerability is found
  • Do not test on customer accounts or live events
  • Report findings promptly and keep them confidential

Response timeline:

  • Initial acknowledgment: Within 24 hours
  • Severity assessment: Within 3 business days
  • Resolution: Critical issues within 7 days, others within 30 days