TheatreIntelligence

TheatreIntelligence

Features
Pricing
About
Contact
Launching 2026 ยท Early Access Open
Request Demo

No credit card required
Security & Trust

Security at
Theatre Intelligence

Your venue data is sensitive. We treat it that way. Our security programme is built on industry-standard frameworks, independent verification, and a culture of continuous improvement. We are actively pursuing SOC 2 Type II certification. For data protection details, see our GDPR compliance page and privacy policy. Questions? Contact our security team. Full legal terms are available in our terms of service.

Certifications & Compliance

We undergo independent third-party assessments to verify our security controls and demonstrate our commitment to protecting customer data.

SOC 2 Type II

In Progress

We are actively pursuing SOC 2 Type II certification against AICPA Trust Services Criteria covering security, availability, and confidentiality. Certification expected ahead of our 2026 launch.

GDPR

Compliant

Fully compliant with GDPR requirements including DPA availability, SCCs for international transfers, and a designated Data Protection Officer.

ISO 27001

In Progress

Currently pursuing ISO 27001 certification. Our information security management system (ISMS) has been implemented and initial gap assessment is complete.

Penetration Tested

Annual

Annual third-party penetration testing conducted by independent security firms. Application, infrastructure, and API testing performed each year.

Security Practices

Defence in depth: multiple layers of technical and operational controls protect your data at every stage of processing.

Encryption at Rest

All customer data is encrypted at rest using AES-256. Database volumes, object storage, and backup snapshots are encrypted using keys managed through AWS KMS with automatic annual rotation.

Encryption in Transit

All data in transit is encrypted using TLS 1.2 or higher. We enforce HTTPS on all endpoints and use HSTS with a minimum max-age of one year. TLS 1.0 and 1.1 are disabled.

Access Controls

We apply the principle of least privilege across our engineering and operations teams. Production access requires multi-factor authentication and is granted on a just-in-time basis with full audit logging.

Vulnerability Management

We continuously scan our infrastructure and application dependencies for known vulnerabilities using automated tooling. Critical and high severity findings are remediated within defined SLAs.

Incident Response

We maintain a documented incident response plan with defined roles, escalation paths, and communication procedures. Customers are notified of security incidents affecting their data within 72 hours of discovery.

Employee Training

All employees complete security awareness training upon joining and annually thereafter. Engineering staff complete additional secure development training, including OWASP Top 10 and secure coding practices.

Infrastructure Security

Theatre Intelligence runs on enterprise-grade cloud infrastructure designed for resilience, redundancy, and security. We do not manage physical servers; we rely on AWS's world-class data center security and combine it with our own hardened configuration and monitoring practices.

View AWS Compliance Programs
  • Hosted on Amazon Web Services (AWS) across multiple availability zones in the us-east-1 region, with disaster recovery infrastructure in us-west-2.
  • AWS data centers are SOC 1, SOC 2, SOC 3, and ISO 27001 certified and comply with PCI DSS Level 1.
  • Network security controls include VPC isolation, security groups, NACLs, and AWS WAF for application-layer protection.
  • Automated encrypted backups are taken daily with a 30-day retention period. Backup restoration is tested quarterly.
  • DDoS protection provided by AWS Shield Standard, with AWS Shield Advanced available for Enterprise customers.
  • Infrastructure changes are deployed through automated CI/CD pipelines with mandatory code review and security scanning before promotion to production.

Responsible Disclosure

We believe that working with security researchers is one of the most effective ways to identify and remediate vulnerabilities before they can be exploited. If you have discovered a potential security issue in our platform, we encourage you to report it to us responsibly.

What to report: Vulnerabilities in theatreintelligence.com, our API, mobile applications, monitoring agents, or any service operated by Theatre Intelligence.

What we ask: Please do not access, modify, or delete customer data beyond what is necessary to demonstrate the vulnerability. Do not perform denial of service testing. Do not disclose the issue publicly until we have had a reasonable opportunity to investigate and remediate.

Our commitments: We will acknowledge receipt of your report within 2 business days, keep you informed of our progress, and credit researchers who discover and responsibly disclose valid issues (with their consent). We will not take legal action against researchers acting in good faith.

Scope exclusions: Social engineering attacks, physical security attacks, denial of service, spam, and automated scanning without prior written permission are out of scope.

Report a Vulnerability

Questions About Security?

Our security team is happy to answer questions from prospective and current customers, provide our SOC 2 report under NDA, or discuss our controls in detail.

Email Security Team View GDPR Compliance