Security Statement #

As a marketplace handling payments between our customers and their customers, data security is incredibly important.

Encryption #

All data in transit is encrypted using HTTPS. This means that when your data is being sent from you to our servers, it is encrypted and not visible to other parties. Within our servers and networks, data may be transmitted unencrypted.

Backups #

We take database backups regularly. Our backups are stored using RSA encryption. Our offsite backup provider, Tarsnap, is not able to read our backups. Our keys to these backups are stored securely by Outer Circle staff.

Billing information #

Billing: event entrants #

All credit card transactions are processed using secure encryption—the same level of encryption used by leading banks. Outer Circle servers are never privvy to your credit card number. These details are transmitted using HTTPS directly from your browser to Stripe, our payment services provider, who then provide us with a Token to use for future billing requests.

This token is tied to our Stripe account and so, if compromised, cannot be used by any other party to steal your money.

Billing: event organisers #

For event organisers, Stripe send us a processing fee for each payment that is processed. We do not need your credit card or bank account details to receive this payment.

Data location #

We use services provided by Heroku, which builds on top of Amazon Web Services. This places your data on servers in North Virginia, USA.

Reporting security problems #

If you believe you've found a security issue with Outer Circle, email us at [email protected] with a subject of Security Issue. Please provide a way to respond. We will respond to you as soon as possible, but if you haven't heard back in 24 hours please follow up politely.

If you submit a report, here’s what will happen:

  1. We’ll acknowledge your report & tell you the best way to track the status of your issue.
  2. We’ll investigate the issue and determine how it impacts our customers. We won’t disclose issues until our investigation is finished, but we’ll work with you to ensure we fully understand the issue.
  3. Once the issue is resolved, we’ll post a security update along with thanks and credit for the discovery.