SECURITY Is FOUNDATIONAL
INFRASTRUCTURE SECURITY
Handbid’s platform runs on hardened, monitored infrastructure designed for the unpredictable traffic patterns of live events.
SOC 2-Certified Data Centers
Handbid is hosted by Nicman Labs, a SOC 2 Type II certified infrastructure provider, ensuring audited controls for security, availability, and confidentiality.
Dual Data-Center Architecture
Active high-availability configuration across two geographically separated data centers to minimize single points of failure.
DDoS Protection & Mitigation
Network-level protections guard against distributed denial-of-service attacks targeting live event environments.
24x7 Monitoring
Dedicated hosting clients receive continuous infrastructure monitoring with alerting and incident response.
99.5% Uptime SLA
Contractual uptime guarantee backed by Handbid’s infrastructure architecture and operational practices.
Dedicated Hosting for High-Traffic Events
Isolated infrastructure environments available for events expecting 5,000+ sustained visitors per minute.
Peak Load Scaling
Event-night scaling packages ensure your auction or event can handle traffic surges without degradation.
Payment Security
Every transaction on Handbid is processed through industry-leading payment infrastructure. Sensitive payment data never touches Handbid servers.
PCI DSS Compliant Processing
All payment processing is handled by Stripe, a PCI Level 1 Service Provider — the highest level of payment industry certification.
Encrypted Transmission
All payment data is transmitted over TLS-encrypted connections between the client, Handbid, and Stripe.
Card Tokenization
Payment card numbers are tokenized by Stripe at the point of entry. Card data is never transmitted to, processed by, or stored on Handbid servers.
Multiple Secure Payment Methods
Stripe, Apple Pay, Google Pay, card terminals, and Tap to Pay — all processed through PCI-compliant channels.
Application Security
Handbid’s application layer is engineered with security controls at every level — from mobile app distribution to API integrations.
App Store Security Reviews
Native iOS and Android apps are reviewed and published through Apple App Store and Google Play Store security processes, meeting platform-specific security requirements.
HTTPS/TLS Encryption
All data in transit is protected by TLS encryption. No unencrypted connections are accepted.
WebSocket Security
Handbid’s real-time bidding engine uses secure WebSocket connections with authentication and message integrity checks.
Role-Based Access Controls
Event management interfaces enforce role-based permissions, ensuring staff access only the data and functions appropriate to their role.
Secure API Architecture
Enterprise integrations connect through authenticated, versioned APIs designed for secure data exchange.
Data Protection
Your data is protected throughout its lifecycle — at rest, in transit, and during processing.
Regular Automated Backups
All stored data is encrypted at rest. All data transmitted between clients and servers is encrypted via TLS.
Encryption at Rest and in Transit
Automated backup processes ensure data recoverability in the event of an incident.
Data Isolation for White-Label Deployments
Organizations using Handbid’s white-label platform operate in logically isolated environments.
GDPR-Aware Data Handling
Handbid follows GDPR-aware data handling practices, including support for data subject access and deletion requests.
Data Retention & Deletion Policies
Detailed data retention and deletion policies are available upon request for vendor security review.
Authentication & Access
Handbid supports enterprise identity and access management standards to integrate securely with your existing infrastructure.
SSO Support
SAML 2.0 and OAuth 2.0 single sign-on integration for enterprise identity providers.
Enterprise Directory Integration
Connect Handbid to your organization’s directory service for centralized user management.
Multi-Factor Authentication
MFA support adds an additional verification layer beyond passwords.
Session Management
Configurable session timeout controls to enforce security policies.
Granular Role-Based Permissions
Fine-grained permission sets for event staff, administrators, and organization-level roles.
Compliance & Certifications
Transparency is a core value. The table below summarizes Handbid’s current compliance posture and planned certifications.
Enterprise Options
For organizations with elevated security, performance, or compliance requirements, Handbid offers dedicated enterprise configurations.
Dedicated Hosting Environments
Fully isolated infrastructure for your organization, separate from shared multi-tenant environments.
Peak Load Planning
Pre-event capacity planning and event-night scaling to handle sustained traffic of 5,000+ visitors per minute.
Security Questionnaire Support
Our team will complete your vendor security questionnaire and provide supporting documentation for your internal review process.
Custom SLAs
Tailored service level agreements aligned with your organization’s uptime and response time requirements.
24x7 Monitoring & Incident Response
Continuous monitoring with defined escalation paths and incident response procedures for dedicated clients.
Security Contact & Resources
Have security questions? We’re here to help. Our team is available to:
