Enterprise-grade
Security

At CalendarHero, your privacy and security are our top priority. We prove it with a comprehensive approach to security and a high level of detail throughout our product. Whether you’re a team of 5 or 5000, your privacy matters.

 

Enterprise Level Encryption

Your data is encrypted at rest with AES-256, and in transit with TLS/SSL SHA-256 with RSA Encryption.

PCI Compliant

Both our hosting provider, Microsoft Azure, and our payment processor, Stripe, are PCI Compliant. Also, as we leverage Stripe for all payments, at no point does CalendarHero have access to credit card or customer payment information.

OAUTH-2

Users must consent to CalendarHero accessing their calendars and contacts using their Office 365 or G-Suite credentials. But CalendarHero only uses OAUTH-2 authentication which prevents us from ever knowing the user’s email and password. Users (and their organizations) can also revoke the OAUTH-2 authorization at any time without contacting CalendarHero.

zoomai_securityGDPR.png

GDPR Compliant

Users can access their data at anytime through our GDPR Portal. Read more about our GDPR compliance.

SOC 1 & 2

Our hosting provider, Microsoft Azure, has issued a SOC 1 Type 2 report according to the latest AICPA SSAE 18 standard, as well as a SOC 2 Type 2 report relevant to the security, availability, confidentiality and processing integrity trust principles. In addition, the SOC 2 Type 2 report includes an additional attestation based on the Cloud Security Alliance (CSA) Cloud Control Matrix (CCM).

Canadian Data Residency

All data and 100+ servers reside in the Microsoft Azure Canada-East data centre.

zoomai_securityshield.png

Penetration & Threat Detection

We perform regular penetration tests with Qualys Guard Express. Reports are available upon request.

ISO 27001 & More

Our hosting provider, Microsoft Azure, is in the lead with the most comprehensive compliance coverage including:

  • CSA STAR Certification

  • ISO 27001:2013

  • ISO 27017:2015

  • ISO 27018:2014

  • ISO 20000-1:2011

  • ISO 22301:2012

  • ISO 9001:2015

 

You asked. We answered.

Why does CalendarHero need user data?

CalendarHero requires data from the user and your organization to power your Meeting Assistant and help you and/or your employees schedule meeting faster. We are committed to privacy, protecting your data, and being transparent about our security measures.

How do I access my user data?

CalendarHero only requires Mail Settings, Calendar and Contact access on a per-user basis. CalendarHero is granted organizational access at the sign-up stage for the individual user, only once authentication is complete.

CalendarHero does not have access to data for employees that have not authenticated their credentials. If you are a corporate account administrator, then you have complete control over user signups with the ability to manage users, data, and more, from the CalendarHero Administrator Panel.

Where is data accessed and stored?

For our meeting scheduling function, CalendarHero requires access to Mailbox settings, Calendar, Contacts, Email headers and User Profile. CalendarHero only processes and stores data from a limited subset of these APIs. Additional access is required for organizational file storage systems for enterprise search and document generation functions.

As per CalendarHero contractual legal agreement to provide services to your organization, we only use the data in scope listed in the data access chart “Processed & Stored” to provide our solution to your users.

What about CCPA?

The California Consumer Protection Act goes went into effect on January 1, 2020 and in a lot of ways is is similar to Europe’s GDPR. The CCPA applies to companies that operate in California and either make at least $25 million in annual revenue, gather data on more than 50,000 users, or makes more than half its money off of user data. At this point, the CCPA does not apply to CalendarHero.

Read our Privacy Policy and Terms of Use to learn more.
Have more questions? Get in touch with our team.