Secure, highly available ticketing and reservation systems engineered for scale

Effimaris delivers privacy-first event platforms running on infrastructure-grade infrastructure sized to handle sustained high load and peak traffic without service interruption.

Our services Get in touch

Nonprofit-focused
Proven performance for organizations of any size
Security and privacy prioritized
Volunteer Donate

Infrastructure overview

For full details see the "Meeting performance expectations" section below which covers specifications, networking, failover, backups, testing, and operational tooling.


  • Highly available infrastructure-grade hardware
  • Redundant networking and monitoring
  • Proactive runbooks and alerting

Our mission

Effimaris helps community organisations deliver events and programs with dignity, fairness, and accessibility. We design systems to meet strict security, privacy, and availability requirements so organisers can depend on the service during high-demand events.

We work with small teams on tight budgets to deliver resilient managed services that minimize operational overhead while maximizing uptime and data protection.

  • Security-first: Encryption in transit and at rest, hardened endpoints, least-privilege operations.
  • Privacy-preserving: Minimal data retention and strict access control.
  • High availability: Production sized for sustained performance with strong failover strategies.

Our Systems

Ticketing

Box office workflows, donor codes, concession management, and throughput guarantees during releases.

Pool Management

Dedicated at-a-glance allocations of tickets managed directly by leaders with access only to their own pools.

Processing

Integrating with PCI-aware providers, using only need-to-know data sets shared between any service

Security & Compliance

Fully segmented networks, isolated production, stage, and general networks, backed by audit logging, and architecture aligned with regulatory controls.

Features that matter

We target measurable reliability, privacy guarantees, and operational visibility for events of any scale.

Security and privacy
  • End-to-end TLS, strict cipher suites, and HSTS.
  • Encryption at rest with key rotation and managed KMS.
  • Least-privilege access, MFA, and periodic access reviews.
Scalability and HA
  • Baseline resources deployed to meet peaks at all times.
  • Active-passive failover, full data replicas for recovery, and capacity testing before major events.
Operational outcomes

Examples of improvements from technical changes and capacity planning.

  • Significant reduction in line wait time through widely-available web-based gate scanners
  • Vastly increased team-lead visibility into booking their team members
On the path for PCI-DSS compliance

Design choices to support PCI controls and audits for payment environments.

  • Every segment is isolated, from payment processing to web technologies.
  • Segmented private networks, strict firewall policies, a policy of "encrypt everything eveywhere"
  • Encrypted storage (AES-256), MFA protected admin

Meeting performance expectations

infrastructure engineered for uptime

Our platform is designed and tuned to deliver consistent low-latency responses at scale. The architecture combines fully dedicated redundant hardware, fast scaling strategies, multi-site redundancy through DNS, and operational tooling so we reliably support large ticket releases and steady event traffic.
We validate performance with load tests and automated regression suites to ensure readiness for production events.

At-a-glance specifications

Item Specification or capability
Baseline node capacity Infrastructure-grade dedicated hardware with reserved capacity and burst-enabled autoscaling; production sizing always specced to a minimum equivalent of c5.12xlarge (currently: 56 vCPU-class enterprise compute).
Peak throughput Validated to handle up to 10,000 concurrent requests across the cluster under typical event workloads with headroom for autoscale.
Network links per node All nodes on 10 Gbps connections to the fabric; upstream aggregation and load balancing provide scale beyond single-node capacity.
Storage & backups Offsite incremental backups, daily snapshots, point-in-time recovery, encrypted at rest and in transit; tested restore procedures and periodic drills.
Failover Multi-AZ active-passive failover, automated health checks, database replicas with automated promotion paths and documented runbooks.
DNS & routing Redundant DNS providers, global load balancing with health routing and multi-provider BGP failover to avoid single points of failure.

Network backbone and upstream providers

Tier1 and Tier2 providers with instantaneous failover and high-capacity peering ensure broad, resilient connectivity:

  • NTT: connected at 1 × 100 Gbps
  • Cogent: connected at 2 × 100 Gbps
  • Hurricane Electric: connected at 4 × 100 Gbps
  • TATA: connected at 1 × 100 Gbps
  • Ninja-IX peering exchange: connected at 1 × 100 Gbps
When AWS goes down, we don't.

Contracts and service locations are selected for maximum reliability with risk to network or infrastructure disruptions minimized and clear failover plans in place.

Operational controls and tooling

  • Proactive monitoring and alerting: metrics, traces, SLOs, synthetic checks
  • Incident management with escalation runbooks and PagerDuty on-call rotations
  • Automated end-to-end tests and regression using Cypress.io with CI gating
  • Strict separation of environments: isolated staging and production branches, identical infra-as-code manifests
  • Performance tuning: caching layers, CDN edge caching, connection pooling, DB query profiling

Testing, validation, and commitments

CI pipelines run unit, integration, and nightly Cypress end-to-end suites. Regular load tests simulate realistic event traffic and feed into capacity planning. Test artifacts and metrics are retained for audit and tuning work.

  • Readiness: ability to handle 10k concurrent requests across the cluster for ticketing events
  • SLOs: response-time targets per API tier with defined error budgets
  • Event playbooks: reserved capacity and operational runbooks activated ahead of major ticket drops

Fee schedule

Platform fees shown below are platform margins applied on top of card or interchange costs. Card fees shown separately by provider vary with merchant agreements and card mix.

Our fee schedule

Fees that go down, not up, each year.
Year Platform fee Card fees Interchange
Original 2.5% + $0.70 per ticket ~2.9% (typical card fees)
2026 Target 1.9% + $0.50 ~2.0%–2.9% (varies by card)
Final Target 1.0% card fees 1.5%–1.9%

Competitive comparison

Provider Typical platform fee Card fees / Per-ticket fixed Notes
Eventbrite Canada 3.5% + $1.29 per ticket 2.9% of total order; Plus subscription fees; varies by plan, year, and promotions
Ticketmaster ~3.5%–5.5% ~2.9% (typical card fees); $1.00–$2.50 Higher-end pricing on major events and service fees apply

Destination: the lowest price - anywhere

Our target destination is 1% + interchange pricing, which aims to remove third-party processor markups so that final costs are lower than the current combined platform + card fees charged by any major providers.

This means that in the target pricing, our final all-in price to run a Non-profit Event through this platform will be lower than the card fees (2.9% +) on any platform, anywhere in Canada.

Achieving direct interchange pricing is a complicated activity requiring significant investment, domestication, compliance attestation, and qualifying for direct interchange pricing.

Learn more about how we plan to do this in our open budget project items below.

Card fees shown above (card fees and interchange) are remitted to a credit-card processor or the financial institution directly (for example, Stripe or another merchant acquirer) and are not retained by the platform margin.

Upcoming projects

Planned investments and compliance initiatives to strengthen reliability, reduce per-ticket costs, and increase local presence.

PCI-DSS / General Compliance program
Baseline estimate: CDN$8,000–15,000 (first year, external firm)
Compliance

Formalize controls for security, availability, and confidentiality, automate evidence collection, and undergo independent attestation to demonstrate control effectiveness.

Why we need this

Achieving benchmark compliance attestation helps us access materially cheaper card-processing rates through improved interchange pricing and better merchant terms.

PCI-DSS CDE compliance requires retaining a third party attestation firm and extensive internal work, making it impractical for most organizations, but once achieved helps us unlock the lowest price point.

How you can help

Connect us with a third-party firm experienced in SOC readiness and attestation, or introduce evidence-automation tooling vendors to scope readiness, perform gap assessments, and run the audit.

Introduce a SOC firm
Canadian Server Migration project
Capital estimate: CDN$2,800–3,600 (procurement, shipping, & setup)
Data residency

Procure and colocate a small cluster of high-performance servers in a Canadian datacenter to support regional failover, reduce latency, and meet privacy expectations for alternate-culture events.

Why we need this

An upfront local capacity investment reduces the long-term cost of sustained operations, strengthens privacy and security guarantees for culturally sensitive events, and reduces cross-border transfer concerns for partners and attendees.

How you can help

We welcome donations or referrals of decommissioned enterprise-grade servers (v4-era or newer preferred) with specs above 128 GB RAM, 56 vCPU, and 1U/2U datacenter chassis for refurbishment and colocation.

We can also benefit from being referred to accredited Canadian datacenters you have personal experience working with that offer PCI-DSS compliant private racks and flexible colo terms.

Connect hardware or datacenter partners

Budget estimates shown above are intentionally conservative from early planning to reflect scoped phases focused on readiness and initial attestation or procurement. Details, timelines, and project items will be available in our roadmap and budget projections.

Volunteer your skills

We welcome developers, security engineers, compliance specialists, and community organisers. Contribute to docs, security reviews, or help run local workshops.

  • Short-term tasks for designers and testers.
  • Mentored projects for new contributors.
  • Translation sprints for non-English documentation.
Get involved

Email volunteer@effimaris.org or join our community calls; onboarding sessions and issue triage available.

Email to volunteer

Contact us

Questions about deployments, partnerships, compliance, or data residency? We try to respond within 3 business days.

Newsletter

We respect your privacy and will never sell your email. You can unsubscribe at any time.

Deployments

Managed stacks, systemd/service examples, and configuration checklists for SELinux and network controls as part of onboarding.

Support

Paid support and pro-bono options. Contact support@effimaris.org for SLAs.

Security

Responsible disclosure: security@effimaris.org