Legal
EventPilot AI is built for high-trust event operations. This page summarizes our security practices for organizers, hospitality partners, and enterprise customers evaluating the platform.
Last updated: May 21, 2026
Guest lists, RSVP responses, hotel allocations, transport assignments, and check-in records are stored in encrypted form at rest. Data in transit uses TLS 1.2 or higher between clients, APIs, and integrated services.
Production environments are logically separated from development and staging. Access to production data is limited to authorized personnel on a need-to-know basis.
The platform supports role-based access for organizers, check-in staff, drivers, and hotel teams. Permissions are scoped per event so field users only see the guests and tasks assigned to their role.
Administrative actions such as exports, campaign launches, and manual RSVP overrides are logged for audit review.
AI voice and IVR RSVP flows process guest phone numbers and call outcomes through approved telephony providers. Call metadata (status, duration, response selection) is retained for operational reporting—not sold to third parties.
Organizers are responsible for obtaining appropriate consent before outbound voice campaigns, including compliance with applicable telecom and privacy regulations in their region.
We apply regular patching, vulnerability scanning, and uptime monitoring across core services. Incident response procedures include containment, customer notification for material breaches, and post-incident review.
Enterprise customers may request additional documentation, security questionnaires, or custom data processing terms. Contact us through the demo page to begin a security review.