Session board
Our Platform
capabilities
Speaker CRM
Speaker network all in one place
AI Evaluators
AI tools to automate session selection
Content Management
Manage  speaker content
Call for Papers & Grading
Manage speaker submissions
Agenda Management
A way to build your agenda
capabilities
Speaker Management
Manage your speakers easily
Exhibitor & Sponsor Management
Review exhibitor and sponsors
Session & Speaker Embeds
Review sessions
View more
by role
avatar
Conference Organizators
avatar
Marketing Teams
avatar
Event Planner
Demo
See how marketing teams can manage events 4x times faster
Watch the demo
A screen shot of a web page with a speaker on it.
Integrations
Event Management
Integration logo
Accelevents
Integration logo
Bizzabo
Integration logo
Cvent
Integration logo
Swoogo
Integration logo
Convention Data Services
Integration logo
EVA  Event Tech Hub
View more
Website Management
Integration logo
ASP Events
Integration logo
Wordpress
Speaker Marketing
Integration logo
Gleanin
Integration logo
Snöball
The event content playbook.
Event Content Playbook
40+ event professionals explore 25 core challenges and share how to solve them
Avatar
Bryan Funk
Download playbook
Resources
EXPLORE
Blog
Industry interviews & updates
Webinars
On-demand product demos
Training videos
Quick-start video tutorials
capabilities
Release notes
Latest feature changelog
API Documentation
API reference & guides
get HELP
Support
Help articles & FAQs
Contact
Get in touch with our team
Subscribe for product updates
The latest news and product updates sent to your inbox
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Event
Content Pros 2025
Celebration of strategists, creators, and thoughts leaders shaping the future of event content in 2025.
View event
A group of people that are in the shape of the letter d.Circles
Log in
Request a demo
Menu
NAVIGATION
Terms of Service
Privacy Policy
Sessionboard Studio (AI) FAQs
Information Security & Compliance
GDPR & CCPA
Data Subject Rights
Data Processing Addendum
Standard Contractual Clauses
Data Subject Access Request Form
Cookie Policy
List of Sub-processors
Accessibility Statement

Information Security & Compliance

Here at Sessionboard, we strive to have an industry-leading information security & compliance program. In order to achieve that, along with the technical controls, we are also committed to ensuring that our employees have the required knowledge and training.

‍

Compliance

General Data Protection Regulation (GDPR)

European Economic Area-origin personal data is processed and stored on the basis of the Standard Contractual Clauses, as amended by the Commission of the European Union, and we employ appropriate, and industry standard, technical, contractual, and organizational supplementary measures. Please visit our Privacy Policy for more information.

‍

California Consumer Privacy Act (CCPA)

Sessionboard has updated the necessary internal procedures and processes to comply with CCPA. Please visit our Privacy Policy for more information.

‍

Third-Party Sub-Processors
Sessionboard uses a variety of third-party sub-processors to provide various features of our platform. All third parties are subject to a thorough security, compliance, and privacy assessment prior to contracting and approval. If approved, an annual assessment is required to ensure compliance.

‍

Cookies Page
When you visit Sessionboard's website, we and our service providers collect certain data using tracking technologies like cookies and web beacons. Please visit our Cookie Page for more information.

‍

Infrastructure & Development

Data Centers
The Sessionboard product is based on logical architectures, with primary data centers run by Amazon Web Services (AWS) located in the continental United States and Ireland (EU).

‍

Sessionboard does not own the hardware located in these data centers. Instead, both AWS and GCP are responsible for the security of the underlying cloud infrastructure (IaaS / PaaS), while Sessionboard is responsible for controls and configurations beginning at the operating system layer.

‍

Platform
A multi-tenant, cloud-based application, the Sessionboard platform is engineered for high
scalability, reliability, security, and performance. All elements of the platform are tested regularly.

‍

Encryption
Data in transit is encrypted using TLS 1.2, while data at rest is encrypted using AES-256. Access to databases is also encrypted asymmetrically.

‍

Each Sessionboard customer’s data is hosted within a multi-tenant environment and logically segregated using a unique key.

‍

Network Security
Sessionboard divides its platform into separate network groups to better protect data. Network security protections are designed to prevent unauthorized network access to and within the internal product infrastructure.

‍

Within the infrastructure, internal network restrictions allow a many-tiered approach to ensuring only the appropriate types of devices can communicate with each other. Intrusion Detection / Intrusion Prevention (IDS/IPS) solutions are deployed, with near real-time alerts in place that indicate and alert for any suspicious or uncommon activity.

‍

Secure Development & Change Management
Sessionboard has a formalized development and change management process in place, which requires identification and recording of significant changes, assessment of risk and the potential effect of such modifications, approval of proposed changes, and testing of changes to verify operational functionality. Proposed changes are evaluated to determine if they present a security risk and what mitigating actions, including employee and user entity notifications must be performed.

‍

The Sessionboard secure development methodology includes project planning, design, testing, implementation, maintenance, and disposal or decommissioning. Changes to infrastructure and software are developed and tested in a separate development or test environment before release to production. Additionally, to ensure reviews and approvals are required, controls are in place before code is pushed to the production environment.

‍

Access to the source code management tool is restricted to those with a business need for access. On a quarterly basis, access to the source code management tool is reviewed to ensure accuracy.

‍

As part of the development process, static code analysis is also performed.

‍

Organizational

➔ Data classification and business impact assessment
➔ Selection, documentation, and implementation of security controls
➔ Assessment of security controls
➔ User access authorization and provisioning
➔ Removal of user access
➔ Monitoring of security controls
➔ Security management

‍

Personnel
As part of the onboarding process, where applicable, all new Sessionboard personnel (e.g., employees, contractors, interns, etc.) are required to sign an NDA and pass a background check.

‍

An information security & compliance onboarding presentation is reviewed with all personnel upon hire to explain processes, controls, and expectations. Web-based information security & compliance training is also assigned as part of onboarding, and on an annual basis. Every quarter, phishing campaigns are conducted using a third-party solution to ensure that personnel are aware of social engineering risks and how to identify them.

Additionally, at least annually and upon hire, all personnel are required to review and acknowledge applicable policies and procedures based on job role and function, as well as complete information security and privacy web-based training modules.

‍

Access Management
To minimize the risk of data exposure, Sessionboard adheres to the principle of role-based least privilege access. Privileged access requests must be submitted using our internal ticketing system and include a business justification and manager’s approval.

Every quarter, privileged access is reviewed to ensure accuracy. When personnel are moved between roles or terminate their relationship with Sessionboard, a formal offboarding process is initiated, with physical and logical access removed within 24-hours.

‍

Incident Management
Sessionboard established policies and procedures for responding quickly to all security and privacy events. Our approach is we first determine the exposure of the information and determine the source of the security or privacy issue. We will communicate promptly by using in-product messaging, email, and our status page to affected customers. We will also provide periodic updates as needed to ensure the appropriate resolution of any incident.

Any concerns or incidents can be reported to:
➔ support@sessionboard.com

‍

Monitoring, Logging & Alerting
Sessionboard invests in automated monitoring, alerting, and response systems to address potential issues continuously. Our systems will alert applicable internal stakeholders regarding error rates, unexpected activity, memory issues, etc.

‍

Our system captures and stores logs from the application level, such as logins (success and failed), page visits, actions, modifications, and more. Logs are protected from changes.

‍

Endpoint Protection
Our endpoint workstations are protected using commercial enterprise-grade antivirus/malware protection with centralized logging and monitoring. All assets are subject to full-disk encryption using Filevault, are password-protected, and auto-lock when idle, requiring re-authentication to unlock.

‍

Endpoints are managed using agent-based services, which allow the ability to add/remove applications, deploy/change configurations, web-filtering, removable storage restrictions, as well as to remotely wipe/lock the asset.

‍

Risk Assessment
Sessionboard regularly reviews the risks that may threaten the achievement of its service commitments and system requirements. This is done through regular meetings with appropriate personnel responsible for the processes, procedures, and controls.

Additionally, reviewing and acting upon any security event logs, performing vulnerability assessments, and conducting a formal annual information security risk assessment in conjunction with the company-wide risk assessment.

‍

Independent third parties are engaged annually to conduct application-level (to mobile, web, and APIs) and infrastructure-level penetration tests (black, grey, and white-box). Results of these assessments are shared with the applicable internal staff, and if needed, an actionable plan of remediation is discussed and executed according to requirements outlined in policy.

‍

‍

Last Modified: July 1, 2023

Subscribe to product updates
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
PRODUCT
Speaker CRMSpeaker managementAI evaluatorsExhibitor & sponsor managementContent managementSession & speaker embedsCall for papers & gradingAgenda management
use cases
Conference organizatorsMarketing teamsEvent planner
RESOURCES
BlogWebinarsTraining videosRelease notesSupport
LEGAL
Consent Preferences
GDPR & CCPAStudio AIPrivacy & policyTerms of serviceStatus
Sessionboard © 2025 All rights reserved