Privacy and Security by Design. Built on Strong Principles
Built for trust: Automated processing keeps your events private, temporarily handled, and secured end-to-end.
Permissions & Data Access
We only request permissions to read and write events to enable calendar sync. Data is processed automatically for synchronization purposes only — we never store your calendar history. Sync data is held in memory/queues during active operations and deleted after sync completes.
Minimal Permissions
We access only the minimum calendar permissions required from Microsoft Outlook and Google Calendar to enable synchronization
Temporary processing only
Only essential event data is used temporarily for sync purposes — titles, descriptions, times, attendees, recurrence — we do not read, store, or analyze any personal calendar events or details. Attachments are never requested/processed.
Automated Processing
Calendar data is processed automatically with no human access or review.
No Unrelated Access
We do not request broader scopes like full calendar (which allows deleting entire calendars), contacts, email, Drive/files, or advanced profile data.
Full User Control
Users can revoke calendar access and stop all synchronization at any time directly through their connected account settings.
Certified Secure Access
As registered developers, we adhere to the secure calendar access standards imposed by Microsoft, Google, and other providers.
Data Usage & Storage
Your data is fully encrypted, safely transmitted, and protected with strict access controls.
Encrypted in Transit
All data in transit is secured with industry-standard encryption (TLS 1.3+).
Encrypted at Rest
Account settings are fully encrypted at rest using AES-256 and protected against unauthorized access.
Secure Authentication
Authentication is handled securely via OAuth, so no passwords are ever shared with us.
Strong Access Controls
Logical tenant isolation and strict domain/account administration controls are in place.
Infrastructure & Application Security
Our application runs on secure, multi-cloud infrastructure with built-in protections for high availability and resilience.
Trusted Cloud Hosting
Hosted on AWS, Google Cloud, and Azure utilizing each provider's robust security baselines.
Web Application Firewall (WAF)
Real time active web exploitation defence to protect your account.
DDoS Protection
Robust Distributed Denial of Service (DDoS) mitigation and protection.
Organizational Security
Our providers align with multiple security and compliance requirements, including those for highly regulated organizations such as healthcare companies and merchants. Amazon Cognito is HIPAA eligible and PCI DSS, SOC, and ISO/IEC 27001, ISO/IEC 27017, ISO/IEC 27018, and ISO 9001 compliant.
Continuous Training
Comprehensive security and privacy education and ongoing awareness for all personnel.
24/7 Monitoring & Response
Round-the-clock monitoring with rapid incident response capabilities.
Vendor Risk Management
Rigorous Third-party risk assessment and management processes.
Account Protection
You retain full control. We prioritize robust safeguards for your account.
Bot & Threat Defense
Robust defenses against bots and automated threats help block malicious activity before it affects your service.
Real-Time Security Monitoring
Continuous monitoring and auditing to detect suspicious behavior as it happens.
Permanent Data Erasure
Upon account deletion, revocation, or explicit request, we permanently delete all associated data.
Traceability
We retain only minimal, non-personal metadata (such as last sync timestamp, event IDs/UIDs for conflict detection and deduplication, and sync status flags) strictly for the purpose of ensuring reliable, accurate two-way synchronization.