zcal
Cennik
PomocZaloguj sięZarejestruj się

zcal Security

Last updated January 1, 2024

Your data security is paramount to us, and we are dedicated to keeping it safe. This document details the measures we take to protect your data both in transit and at rest.

Organizational Security

Our security posture is built on these foundational best practices:

  • Access to servers, source code, and third-party tools is strictly limited to core team members.
  • We utilize strong, randomly-generated passwords securely stored within a password manager.
  • Employees and contractors are granted the minimum necessary access to perform their duties. This access rarely extends to production systems or data.
  • We employ automatic security vulnerability detection tools to promptly identify issues in our dependencies. We prioritize aggressively applying patches and rapid deployment.
  • Production data is never copied to external devices.

Authentication

When you sign up for zcal, we create a user record in our database containing:

  • First and last name
  • Email address

If you opt to authenticate via an OAuth partner (Google, Microsoft), we securely store encrypted credentials (OAuth access token and refresh token) linked to your user account.

Encryption

All application pages are secured with TLS encryption.

When you connect a third-party application like Google, Microsoft, Apple, Stripe, or Zoom, we encrypt the access tokens before they are stored in our database.

Infrastructure

Our application is hosted on Google Cloud within the us-central1 region.

Third-Party Access

Users typically connect one or more calendar accounts (e.g., Google Calendar) and video conferencing providers (e.g., Zoom). This is solely to enable zcal to create calendar events and conferencing sessions on your behalf, and to check for existing busy times when generating scheduling links. We only retain the minimal data required for these functions and use it strictly for the intended purposes. We never store calendar event data in our persistent data stores.

Logging

Application logs are stored in Google Cloud and maintained for 30 days. All data transmitted to Google Cloud is encrypted in transit.

Software Development Practices

Every piece of code undergoes peer review via GitHub Pull Requests. We enforce a robust, automated test suite and linters through continuous integration before any deployment.

FAQs

Do you store copies of my calendar events on your servers?

No. We check the calendars you've connected for conflicts in (near) real-time when someone uses your scheduling link. Currently, we only cache the results of these calendar event queries in application memory.

Are you SOC 2 or ISO 27001 certified?

We are actively working toward achieving these certifications.

How do I report a potential vulnerability or security concern?

Please contact us by emailing [email protected]. Note that we do not offer compensation for independent security reports at this time.

Produkt

Zarejestruj się za darmo

Zaloguj się

Cennik

Zasoby

Centrum Pomocy

Doodle Alternatywa

When2Meet Alternatywa

Calendly Alternatywa

Picktime Alternatywa

Firma

O nas

Program partnerski

Warunki korzystania z usługi

Polityka prywatności

DPA

Blog

Blog

5 Free Appointment Scheduling Apps

Buffer Time

Meeting Reminder Message Templates

zcal