Security policy

A concise overview of the safeguards used across the AvisTickets platform.

Platform security posture

Role-based access for organizers, scanner staff, and platform-wide administration.
Signed QR and ticket validation workflows for event-day scanning.
OAuth-based mailbox connections for Gmail and Microsoft instead of password storage.

Operational controls

Encrypted token storage for connected mailbox credentials.
Audit logging for mailbox connection and sender-selection changes.
Access checks around organizer dashboards, scanner flows, and event-level operations.

Shared responsibility

Security also depends on organizers and staff keeping accounts protected, limiting scanner access appropriately, and using verified sender identities for transactional email.