Where is my data stored?

All data is stored in AWS data centers with multi-AZ redundancy. We use encrypted storage volumes and automated daily backups. Data residency can be configured based on your region.

Can other Fanz clients see my data?

No. Every organization operates in a logically isolated environment with strict access boundaries. Cross-tenant data access is architecturally impossible — not just prevented by policy, but enforced at the infrastructure level.

How do you handle payment security?

Fanz never stores or processes credit card data. All payment processing is handled by PCI DSS Level 1 certified processors (Stripe, Mercado Pago, dLocal). Funds are deposited directly into your connected account.

Do you support Single Sign-On (SSO)?

Yes. We support SSO via Auth0, including SAML 2.0 and OpenID Connect. You can integrate with identity providers like Google Workspace, Microsoft Entra ID, and Okta.

What happens if there's a security incident?

We have a documented incident response plan with defined SLAs. Affected clients are notified promptly, and we conduct post-incident reviews with full transparency. Our monitoring systems detect anomalies in real-time.

Security

Your data, protected. Your business, secure.

Enterprise-grade security infrastructure designed for the demands of live events — from encrypted transactions to multi-tenant data isolation.

Auth0 IdentityAWS InfrastructureTLS 1.3 EncryptionSOC 2 In Progress

Security Pillars

Built on layers of enterprise security

Every layer of the Fanz platform is designed to protect your data, your customers, and your revenue.

🔐

Authentication

Industry-leading identity management with multiple authentication methods and built-in threat protection.

Single Sign-On (SSO)
Multi-factor authentication
Social login providers
Passwordless authentication
Brute-force protection

☁️

Infrastructure

Cloud-native architecture built for scale, reliability, and high availability across multiple regions.

Auto-scaling containers
Multi-AZ deployment
99.99% uptime SLA
Automated daily backups
DDoS protection

🔒

Encryption

End-to-end

All data is encrypted in transit and at rest using industry-standard protocols and regular key rotation.

TLS 1.3 in transit
AES-256 at rest
Encrypted backups
Automatic key rotation
Certificate management

🛡️

Access Control

Role-based

Granular permissions system with full audit logging so you always know who did what and when.

9 predefined roles
Full audit logging
IP allowlisting
Session management
API key scoping

Compliance

Meeting the standards that matter

We're committed to the highest security and privacy standards in the industry.

🏛️Coming Soon

SOC 2 Type II

We are actively pursuing SOC 2 Type II certification. Our security controls are already aligned with SOC 2 requirements, and the formal audit is underway.

🇪🇺Compliant

GDPR

Full compliance with the General Data Protection Regulation. Per-tenant data isolation, right to erasure, data portability, and transparent data processing.

💳Via Processors

PCI DSS

Payment data is handled exclusively by PCI DSS Level 1 certified processors — Stripe, Mercado Pago, and dLocal. Fanz never stores or processes card data.

Reliability

99.99% uptime

Your ticketing platform needs to be online when your audience is buying. Our infrastructure is built for zero-downtime deployments and automatic failover.

99.99%

Oct

100%

Nov

99.98%

Dec

100%

Jan

99.99%

Feb

100%

Mar

View live status →

Data Isolation

Your data stays yours

Every Fanz client operates in a logically isolated environment. No client can ever access another client's data — by design, not by policy.

Tenant-level isolation

Every organization's data is stored in isolated logical partitions with strict access boundaries.

Scoped API access

API keys and tokens are scoped per-organization. Cross-tenant requests are rejected at the infrastructure level.

Isolated environments

Staging and production environments are fully separated. Test data never touches live systems.

Payment Security

Funds go directly to you

Fanz never touches your money or your customers' payment credentials. Payments flow directly from buyer to your account via certified processors.

Direct payouts

Revenue from ticket sales is deposited directly into your connected account — not ours. No intermediary holding funds.

Zero card storage

Fanz never stores, processes, or has access to credit card numbers. All payment data is handled by PCI DSS Level 1 processors.

Processor flexibility

Connect Stripe, Mercado Pago, or dLocal based on your region. All processors are independently audited and certified.

Security Practices

How we keep the platform secure

Regular penetration testing

Third-party security firms perform annual penetration tests on our infrastructure and application layer.

Automated vulnerability scanning

Continuous scanning of dependencies, containers, and infrastructure for known vulnerabilities.

Employee security training

All team members complete security awareness training and follow strict access control policies.

Incident response plan

Documented procedures for detecting, responding to, and recovering from security incidents within defined SLAs.

Responsible disclosure program

Security researchers can report vulnerabilities through our responsible disclosure program.

FAQ

Security questions, answered

1,000+ organizers already on board

Ready to own your ticketing?

Join 1,000+ organizers who ditched generic platforms and built their own with Fanz.

Get started for free