Tixr was born from a fan-focused frame of mind, and we’ve never wavered from our commitment to delivering a positive experience — from the initial ticket sale to the moment of arrival and beyond. Underscoring that commitment is a duty to protect our partner and purchaser data and privacy.
Data security is literally our job. Yet day after day, there’s news of another breach affecting companies of all sizes all over the world. These stories highlight the vulnerabilities, lack of preparedness, and absence of strategy on their watch. That’s not the Tixr way.
As cybersecurity threats emerge and evolve in ever-more sophisticated ways, so should our practices. Data security is under a microscope, and we owe it to our community to be transparent about what we’re doing to ensure we don’t become a headline. We also hope to inspire you to make data protection a priority in your business.
1. Establishing hard and fast rules.
Every Tixr staff member is required to follow these common-sense practices on-the-regular:
- Keeping software up-to-date to eliminate known exploits that make devices vulnerable to attacks
- Using a password manager to generate and store unique passwords for every site (both work & personal)
- Requiring 2-factor authentication on all supported services
- Running periodic checks to see if common sites we use have been hacked
- Knowing how to recognize phishing when opening emails, especially if there are links and attachments
2. Educating staff, continuously.
To instill the importance of data security, every new hire reads — and agrees to abide by — our Tixr Data Protection Guide. We wrote it in the simplest of terms so technical and non-technical employees understand three key things: 1) what hackers are, 2) how they get into our devices and accounts, and 3) how to best protect your devices, your information, and yourself.
Not only do we revisit our guide annually, at minimum, but our staff gets reminded to run regular checks to ensure we're obeying our own rules. Everyone at Tixr should know what it really takes to protect company (as well as personal) data today, and everyday. If something’s too hard or complicated, it won’t get adopted.
3. Choosing the right partners.
We’re incredibly selective about who we partner with at Tixr, opting for proven industry-leaders such as Amazon Web Services and Stripe as our backbones for cloud computing and payment processing. We don’tsacrifice on quality under the hood. Any partner that touches our tech stack and provides business services needs to be in scope for SOC 2 compliance so our own certification isn’t jeopardized.
4. Obsessing over details.
We’ve built our business on designing simple solutions to highly complex problems, and we obsess over the little things not out of a sense of duty, but a deep sense of service. To that end, our highly secure interface is completely PCI compliant for credit card processing, Gaming Control Boardcompliant to do business with Nevada, New Jersey, and Massachusetts casinos, and well on the path towards becoming SOC 2 certified.
We’re also GDPR compliant with a variety of safeguards to protect the security of our platform, including encrypting web connections to protect data transmissions, replicating our databases to support reliability of the platform, and controlling access to our facilities and office network. Tixr data is encrypted in transit (advanced TLS protocols and 2,048-bit keys or better) and at rest (using AES 256 encryption with integrity).
5. No compromising.
In addition to conducting third party penetration testing and regular vulnerability scans for PCI compliance, another rule we won’t break is “no unapproved JavaScript.” While we do have a laundry list of pixels we’ve approved for placement on Tixr, no JavaScript is going on our site unless it’s been thoroughly vetted by our team. Doing so would be nothing short of negligence, like giving out keys to the front door of our business at our fans’ and partners’ expense.
Our job doesn’t end here…
To truly transform the ticket-buying experience, we’re innovating, iterating upon, and optimizing the Tixr platform day in and day out. With a robust internal QA team and process, we’re able to build fast and react fast, and you can help keep Tixr secure. If you encounter any bugs or flaws, we want you to notify us. In fact, we encourage it. Contact security@tixr.com.
