Security & Compliance
Built for enterprise events where trust, privacy, and reliability matter.
Security at a Glance
Privacy & GDPR
Compliant with GDPR requirements for data protection and privacy.
SOC 2 Type II
Independently audited across security, availability, and confidentiality.
Access Controls
Role-based access control, multi-factor authentication, SSO options.
Availability
Customisable SLAs (99.9%+) supported by our robust infrastructure.
Trusted by Leading Enterprise Brands
Supporting the world’s most demanding event programmes with precision and care.
Privacy, Control, & Compliance. Built In.
Enterprise-grade data protection, governance, and compliance across every event.
SOC 2 Type II
- Independently audited security controls
- Ongoing monitoring and access management
- Documented change management processes
- Formal incident response procedures
Event Data Management
- Configurable data retention policies
- Data export and deletion capabilities
- Audit logs for all data access
- Granular permission controls
GDPR
- Purpose-driven data collection
- Structured consent management
- Data subject access/erasure workflows
- Enterprise privacy governance
Enterprise-Grade by Design
Security is embedded into our platform and operations, so enterprise teams can deploy Jomablue with confidence.
Encrypted by default, in transit and at rest
Industry-standard encryption protects data during transmission and storage.
Role-based access with multi-factor authentication
Granular permissions and MFA ensure only authorised users access sensitive data.
SOC 2 Type II independently audited
Third-party attestation validates our security controls and operational processes.
Continuous monitoring and centralised logging
Real-time monitoring and audit logging support proactive threat detection.
Enterprise-Grade by Design
Security is embedded into our platform and operations, so enterprise teams can deploy Jomablue with confidence.
Encrypted by default, in transit and at rest
Industry-standard encryption protects data during transmission and storage.
Role-based access with multi-factor authentication
Granular permissions and MFA ensure only authorised users access sensitive data.
SOC 2 Type II independently audited
Third-party attestation validates our security controls and operational processes.
Continuous monitoring and centralised logging
Real-time monitoring and audit logging support proactive threat detection.
Secure Integrations. Real-Time Data. Fewer Exports.
Our open API and structured connectors enable secure system-to-system data exchange with leading CRM, marketing, and BI platforms.
Event data flows where you need it, structured however you need it.
Flexible API Architecture
Built for enterprise ecosystems and real-world data models.
- Real-time data sync via secure API
- Configurable field mapping and schema alignment
- Ingest APIs for bringing external data into Jomablue
- Built for high-volume and bi-directional flows
Reduce Exports & Data Risk
Reduce Exports &
Data Risk
Replace spreadsheets with secure, structured integrations.
- Eliminate repetitive CSV exports
- Reduce duplication and human error
- Maintain clean, consistent records across systems
- Built for high-volume and bi-directional flows
Frequently Asked Questions
What security certifications or audits does Jomablue have?
Jomablue is audited against SOC 2 Type II standards, covering security, availability, and confidentiality. This means independent assessors review how we protect systems and data, and how we monitor and respond to risks. In addition, Jomablue performs regular third party penetration testing.
How does Jomablue protect my event data during transmission and storage?
All data is encrypted by default, both in transit and at rest, using industry-standard encryption protocols. This helps safeguard information from unauthorized access when it’s moving between systems or stored on servers.
Can I enforce our enterprise policies on our users of Jomablue?
Yes. Jomablue supports implementing your required controls such as password policies to maintain your compliance.
How is data retention and deletion handled?
The platform supports configurable data retention policies, so you can decide how long to keep event data. There are also features to export or delete data when appropriate, which helps support privacy obligations and internal governance needs.
Is Jomablue GDPR compliant, and what does that mean for me?
Jomablue approaches data collection and processing in line with GDPR principles. This includes structured consent management, workflows for data subject requests, and governance practices designed around privacy. Compliance means your personal data is treated with respect for individual rights and regulatory requirements.
How does Jomablue integrate with other systems securely?
Jomablue’s API and integration tools are built to support secure, real-time data flows with CRM, marketing, and business intelligence platforms. This lets you connect systems without relying on repeated CSV exports, reducing manual handling risk.
What personal information does Jomablue collect?
Jomablue collects personal information that is necessary to support your attendance and experience at an event. This may include your name, professional address, email address, phone number, and event-related activity such as check-in times, areas accessed, and exhibitors you choose to share your details with.
We do not collect sensitive personal information such as religious beliefs, health information, or criminal records. Any payment or credit card information used for purchases is processed by third-party providers and is not stored by Jomablue.
How does Jomablue use personal information?
Personal information is used primarily to support event delivery before, during, and after an event. This includes access control, attendee identification, and event communications.
We may also use personal information for:
- Regulatory and compliance obligations related to events
- Improving and developing our products and services
- Research, analytics, and understanding event engagement
- Analysing attendance trends
- Legal or safety-related requirements where required by law
Personal information is retained only for as long as necessary to fulfil these purposes.
Is personal information shared with third parties?
Personal information may be shared with third parties only where necessary to deliver our services or where permitted or required by law. This includes:
- Event organisers and authorised event participants (based on your interactions)
- IT and communications service providers (such as email and SMS delivery platforms)
- Analytics providers for aggregated event insights
Outside of these circumstances, personal information is not disclosed without consent unless required to protect safety or comply with legal obligations.
Where is personal information stored?
Personal information is stored on servers located in Australia and may also be processed in other countries, including locations inside and outside the European Union.
Where information is transferred internationally, Jomablue takes appropriate steps to ensure security safeguards are in place to protect your privacy rights.
Built to Meet Enterprise Standards.
Let’s Discuss Yours.
Explore how Jomablue supports your internal security standards.
