Trust

Security at Enventro

Last updated: June 21, 2026

Your data's security is fundamental to Enventro

Enventro is built for event organizers and venues who trust us with their attendees', customers', and members' information. Here's how we protect it.

Payments and card data

We never see or store your customers' full card details. All card information is entered directly into a secure field hosted by our payment processors — Stripe and, for some venue bookings, Square — where it is encrypted in the browser and tokenized before it reaches any Enventro or organizer system. Our servers only ever receive a payment token and the last four digits for receipts. Stripe and Square are certified PCI Service Providers and handle the regulated card data on our behalf.

Encryption

  • In transit: all traffic to and from Enventro is encrypted over HTTPS/TLS.
  • At rest: your data is stored with infrastructure providers that encrypt data at rest.

Where your data lives

Your data is stored and processed in Canada. Our database, authentication, and file storage are hosted in Montréal, and our application servers run in Montréal as well. Some of the service providers listed in our Privacy Policy operate from the United States, and we use them only as needed to run the service.

Access and authorization

Access to your data is controlled at the application layer. Requests are authenticated and scoped to your organization, so one organizer cannot see another's events, attendees, or financial data. Internal access to production systems is limited to the people who need it.

Account security

Organizers can enable two-factor authentication (TOTP) with one-time backup codes on their accounts, and we encourage every organizer and team member to turn it on.

Infrastructure and providers

Enventro runs on established providers, each with their own security programs:

  • Vercel — application hosting
  • Supabase — database, authentication, and file storage
  • Stripe / Square — payment processing
  • Resend — email delivery

A complete list of the sub-processors that may handle personal data, and what each receives, is in our Privacy Policy.

Payment integrity

Incoming payment notifications (webhooks) are cryptographically signature-verified before we act on them, so payment and order records can't be spoofed.

Reporting a security issue

If you believe you've found a security vulnerability, we want to hear from you. Please email security@enventro.com with the details, and we'll acknowledge and investigate. We ask that you give us a reasonable opportunity to address the issue before any public disclosure.

Ongoing

Security is not a one-time project. We continually review and improve how we protect your data as the platform grows.