Trust Center
Security and privacy you can verify
Conferences.Center handles submissions, reviews, attendee records, and payments for your events. This is where we document exactly how we protect that data — the controls we run, the partners we rely on, and the commitments we hold ourselves to. We aim to be precise and honest, including about the certifications we have not yet earned.
Trust resources
Everything you need to evaluate Conferences.Center from a security, privacy, and compliance standpoint — in one place.
Security
TLS everywhere, encrypted secrets, hardened authentication, and a defense-in-depth application design.
View security controlsPrivacy
GDPR-minded data practices: minimization, self-service export and deletion, and no third-party ad trackers.
Read privacy policyTerms of Service
The agreement that governs your use of the platform, written in plain, predictable language.
Read termsCookies
What we store in your browser and why. First-party analytics only, with consent surfaces for optional cookies.
Cookie policyData Retention
How long we keep each category of data, how deletion works, and which financial records we retain for legal compliance.
Retention scheduleSubprocessors
The third-party services we rely on to run the platform, what each one processes, and how to get change notifications.
View subprocessorsVulnerability Disclosure
Our responsible-disclosure policy, good-faith safe harbor, and how to report a security issue to our team.
Report a vulnerabilityAccessibility
Our WCAG 2.1 AA commitment, automated accessibility testing, and how to report a barrier you encounter.
Accessibility statementSystem Status
Live availability for the API, web app, and background services, plus a history of past incidents.
Check statusOur standing commitments
These hold true across every plan, including the free tier.
- Encryption in transit everywhere (TLS + HSTS with preload)
- Card data handled by Stripe (PCI-DSS Level 1) — we never store card numbers
- Self-service data export and account deletion for every user
- First-party analytics only — no third-party advertising trackers
- Human-in-the-loop AI: assistance is advisory, never automatic decisions
- Honest compliance posture — we describe alignment, not certifications we do not hold
Frequently asked questions
Is Conferences.Center SOC 2 or ISO 27001 certified?
Not yet. Our security program is aligned with SOC 2 and ISO 27001 principles, and formal certification is on our roadmap. We describe our posture honestly and never claim certifications we do not hold.
Where is my data hosted?
The application and PostgreSQL database run on Railway, the frontend is served from Vercel's global CDN, and uploaded files are stored in an S3-compatible object storage bucket. See our Subprocessors page for the full list.
Can I export or delete my data?
Yes. Every user can export their personal data (GET /users/me/export) and delete their account, which scrubs personal data. Some financial records are retained where required for legal and accounting obligations — see the Data Retention page.
How do I report a security vulnerability?
Email security@conferences.center with details and reproduction steps. We offer a good-faith safe harbor for responsible research. See our Vulnerability Disclosure page for scope and guidelines.
Have a specific compliance question?
Tell us your requirements and we will walk you through our current posture honestly.