Skip to main content

Compliance & Security

Event Grid is built with security, privacy, and regulatory compliance at its core. Learn how we protect your data and help you meet your obligations.

Encrypted

TLS/HTTPS everywhere

SSO Ready

SAML 2.0 integration

Audit Logging

Full activity trail

Cloud-Hosted

Secure AWS infrastructure

Security Framework

Event Grid provides enterprise-grade security controls across authentication, authorization, data protection, and monitoring.

Authentication

Multiple secure login methods with configurable policies.

  • Password with configurable complexity
  • Two-factor authentication (2FA)
  • Passwordless magic link login
  • One-time code authentication
  • SAML 2.0 SSO (Azure AD, Okta, Google)
  • Account lockout after failed attempts

Authorization & Access Control

Granular role-based permissions across the platform.

  • Role-based access control (RBAC)
  • 4+ user roles (Admin, Manager, Instructor, Student)
  • Multi-tenant data isolation
  • Per-tenant admin controls
  • Custom registration policies
  • Admin-excluded account deletion

Data Protection

Industry-standard practices to secure data at rest and in transit.

  • HTTPS/TLS encrypted connections
  • Cryptographic password hashing
  • Secure, HTTP-only session cookies
  • Data protection keys in isolated storage
  • Rate limiting on login endpoints
  • Anti-forgery token validation (CSRF)

Audit & Monitoring

Comprehensive activity tracking for accountability and investigation.

  • Full audit trail of user actions
  • IP address logging
  • Before/after change tracking
  • Filterable by entity, action, user, date
  • Export logs to CSV, Excel, PDF, Word
  • Configurable retention periods

Data Retention & Disposal

Automated data lifecycle management with configurable policies.

  • Configurable retention per data type
  • Automated cleanup scheduler
  • Manual cleanup on demand
  • Inactive account auto-deletion
  • Admin account exclusion option
  • Data export before deletion

Infrastructure Control

Secure cloud infrastructure with full data protection.

  • Hosted in AWS Canada (ca-central-1)
  • No third-party data transmission
  • Encrypted data at rest and in transit
  • Tenant-isolated data storage
  • Automated backups
  • Configurable data retention

Password & Authentication Policies

Event Grid provides administrators with granular control over password requirements and authentication methods. All policies are configurable from the admin dashboard without code changes.

Password Complexity

  • Minimum length: Configurable (6–128 characters, default 8).
  • Character requirements: Toggle requirements for uppercase letters, lowercase letters, digits, and special characters independently.
  • Storage: Passwords are cryptographically hashed using industry-standard algorithms. Plaintext passwords are never stored.

Login Methods

  • Password login: Standard email + password authentication (can be disabled).
  • Magic link: Passwordless login via time-limited email link (configurable expiration: 5–1,440 minutes).
  • One-time code: Email-based one-time code authentication.
  • SAML 2.0 SSO: Enterprise single sign-on with identity providers including Azure AD, Okta, and Google Workspace.
  • Two-factor authentication (2FA): Optional TOTP-based second factor with recovery codes.

Account Lockout

  • Threshold: Configurable failed attempt limit (1–100 attempts, default 5).
  • Duration: Configurable lockout period (1–1,440 minutes, default 15 minutes).
  • Rate limiting: Login endpoints are rate-limited to prevent brute-force attacks.

Data Retention Policies

Event Grid provides configurable data retention policies that allow administrators to define how long different categories of data are retained before automatic cleanup. Retention periods can be set to zero (0) to disable automatic deletion for any category.

Data Category Default Retention Configurable
Audit Logs
Login events, data changes, admin actions		 365 days Yes
Course Reminder Logs
Records of reminder emails sent		 90 days Yes
Inactive Waitlist Entries
Removed or promoted waitlist records		 180 days Yes
Dropped Enrollments
Records for students who dropped courses		 Kept forever Yes
Quiz Attempts
Student quiz submissions and responses		 Kept forever Yes
Feedback Responses
Course feedback and survey responses		 Kept forever Yes
Inactive User Accounts
Accounts with no login activity		 Disabled (0) Yes
Application Logs
Diagnostic logs for troubleshooting		 30 days Fixed

Automated cleanup runs daily at a configurable hour (default 2:00 AM UTC). Administrators can also trigger manual cleanup on demand. Admin accounts can be excluded from inactive account deletion.

Audit Logging

Every significant action in Event Grid is recorded in a tamper-evident audit log. This provides organizations with a complete trail of activity for compliance, investigation, and accountability purposes.

What Is Logged

  • The specific action performed (e.g., course created, enrollment dropped, user role changed, settings updated).
  • The user who performed the action (name, email, and role).
  • A precise timestamp of when the action occurred.
  • The IP address of the user at the time of the action.
  • The entity affected (type, name, and ID).
  • Previous and new values for any data that was changed.

Audit Log Capabilities

  • Search & filter: Search by user, entity type, action, or date range.
  • Detail view: Drill into any log entry to see the full before/after change record.
  • Export: Download filtered audit logs in CSV, Excel, PDF, or Word formats.
  • Retention: Configurable retention period (default 365 days).

Data Sovereignty & Residency

Event Grid gives organizations full control over where their data resides.

Cloud-Hosted (SaaS)

  • Our cloud infrastructure is hosted in AWS Canada (ca-central-1).
  • All data at rest and in transit is encrypted.
  • Email delivery uses AWS SES (configurable region).

For organizations subject to GDPR, PIPEDA, FERPA, or other data residency regulations: All data is hosted in AWS Canada (ca-central-1) with encryption at rest and in transit. No student, instructor, or administrative data is shared with third parties.

Regulatory Alignment

Event Grid's security controls and data management features are designed to help organizations meet requirements under the following regulations and frameworks. Compliance ultimately depends on how your organization configures and uses the platform.

GDPR (General Data Protection Regulation)

  • Right to access: Users can view their own data within the platform.
  • Right to rectification: Account details are editable by users and admins.
  • Right to erasure: Administrators can delete user accounts and associated data.
  • Data portability: Export data in CSV, Excel, PDF, and Word formats.
  • Data minimization: Configurable data retention with automated cleanup.
  • Data hosted in AWS Canada with encryption.

PIPEDA (Canada)

  • Consent-based data collection with clear privacy statement.
  • Purpose limitation: Data collected only as needed for platform functionality.
  • Safeguards: Encryption, hashing, access controls, and audit logging.
  • Openness: In-app privacy statement accessible to all users.
  • Cloud hosting in AWS Canada (ca-central-1).

FERPA (US Education)

  • Role-based access controls restrict access to student records.
  • Audit logging tracks who accessed or modified student data.
  • Data export controls allow oversight of information sharing.
  • Tenant isolation keeps student records within institutional control.
  • Anonymous feedback option for surveys and evaluations.

SOC 2 Alignment

  • Security: Multi-factor auth, SSO, encryption, lockout policies.
  • Availability: Cloud SLA with high-availability infrastructure.
  • Processing integrity: Audit trail, change tracking, data validation.
  • Confidentiality: RBAC, tenant isolation, encrypted transport.
  • Privacy: Configurable retention, user rights, privacy statement.

File Upload Security

Event Grid restricts file uploads to protect against malicious content and manage storage.

  • Allowed file types: PDF, DOCX, PPTX, XLSX, TXT, ZIP only.
  • Maximum file size: 10 MB per file.
  • Storage: Files are stored on the server file system (not in the database) in a dedicated upload directory.
  • Access control: File access is governed by course enrollment and role-based permissions.
  • Metadata tracking: File name, size, content type, upload date, and uploader identity are recorded.

Questions About Compliance?

Our team can help you evaluate Event Grid for your organization's security and compliance requirements.

Contact Us Terms of Service