Start free →Sign in

Your attendee data stays yours.

krowd holds the relationships you've spent years building. We treat that data the way you'd want us to: locked down, traceable, exportable, and never for sale. Here's exactly how — and an honest note on what's still in progress.

Your data, your control

You own your attendee data

Live

Every contact, order, and interaction belongs to you — not to a marketplace. Export the whole thing to CSV any time. Cancel and take it with you.

GDPR export & deletion

Live

Attendees can request a full copy of their data or its deletion through a verified, email-confirmed flow. Requests are logged end to end.

Email suppression list

Live

Bounces, complaints, and unsubscribes are honored automatically and permanently, so you never message someone who opted out.

Access & accountability

Role-based access

Live

Give each teammate exactly the access they need. Delegations let you hand off specific events or duties without sharing the keys to everything.

Audit logs

Live

A tamper-evident record of who changed what and when across your organization, so day-of staff and long-term changes are always traceable.

Per-organization isolation

Live

Your data is scoped to your organization. Check-in scans are verified server-side against your events only — a ticket from another org can't be used against yours.

Payments & infrastructure

krowd never touches payment data

Live

Your ticketing partner handles checkout and payments, so card data never reaches krowd's servers at all. There's simply no cardholder data here to breach.

Authenticated email sending

Live

Sending domains are set up with DKIM, SPF, and DMARC so your campaigns are verified, land in the inbox, and can't be spoofed.

Encryption in transit

Live

All traffic to krowd is served over TLS. The platform runs on managed AWS infrastructure.

We'd rather be straight with you.

krowd is a young product, and security theater helps no one. So, plainly:

  • SOC 2 is on the roadmap, not done. We follow the practices above today, but we are not yet SOC 2 certified and won't put a badge up until we are.
  • SSO / SAML and SCIM are planned for organizations that need them — not shipped yet.
  • A signed DPA and security questionnaire are available on request for teams doing vendor review.

If a formal control is a dealbreaker for you, tell us — it helps us prioritize, and we'll tell you honestly where it sits.

Who we trust with what.

krowd is built on infrastructure used by some of the most security-conscious companies in the world. We keep this list current — see our privacy policy for the full detail.

Amazon Web Services
Application hosting & data storage
Amazon SES
Transactional & marketing email delivery
Twilio
SMS delivery
Stripe
Ticketing order sync, only if you connect Stripe

Doing a security review?

We're happy to walk through our practices, share our DPA, and answer your questionnaire. Real answers from the people who built it.