How do we keep your information secure

 

Calendrz has a dedicated team of compliance and security experts to help meet our rigorous privacy and security standards. Our policies, procedures and technologies enable us to comply with and exceed industry standard requirements.

 

 

Amazon Web Services

 

Our infrastructure is hosted and managed within Amazon’s data centres. Calendrz leverages all of the platform’s built-in security, privacy and redundancy features. AWS continually monitors its data centers for risk and undergoes assessments to ensure compliance with industry standards. Amazon’s data center operations have been accredited under: ISO 27001, SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II), PCI Level 1, FISMA Moderate and Sarbanes-Oxley (SOX).

 

 

Encryption

 

Data that passes through Calendrz is encrypted, both in transit and at rest. All connections from the browser to the Calendrz platform are encrypted in transit using TLS SHA-256 with RSA Encryption. Calendrz requires HTTPS for all services. Calendrz uses HSTS to ensure browsers interact with Calendrz only over HTTPS and is on the HSTS preloaded lists for both Google Chrome, Mozilla Firefox, Safari and other browsers.

 

 

Reliability and redundancy

 

We have business continuity and disaster recovery plans in place that replicate our database and back up the data onto multiple cloud providers to ensure high availability.

 

 

Software development lifecycle

 

Routine audits

 

Calendrz continuously scans the product for service interruptions, performance degradation and security vulnerabilities to immediately alert our engineers and take action when an incident has been detected.

 

 

New releases

 

New releases to the Calendrz platform are thoroughly reviewed and tested to ensure high availability and a great customer experience. Changes to our codebase are required to include unit tests, integration tests and end-to-end tests. Changes are run against our continuous integration server, which enables us to automatically detect any issues in development.

 

 

Quality assurance testing

 

Once a changeset is completed, it is manually peer reviewed by one or more members of the engineering team. The changeset is then evaluated and manually tested by our quality assurance team to thoroughly test areas of expected impact, regression test and further evaluate the user experience.

 

 

Continual monitoring

 

After a changeset is released, we continue to monitor application exceptions and log exceptions. These exceptions are regularly reviewed and triaged for resolution. Performance impacts of the changeset are monitored through several monitoring services.

 

 

Other security measures

 

Vulnerability scanning

 

We keep our systems up to date with the latest security patches and continuously monitor for new vulnerabilities through compliance and security mailing lists. This includes automatic scanning of our code repositories for vulnerable dependencies.

 

 

Login credential protection

 

For Google Calendar calendar connections, Calendrz never collects passwords. Using a secure OAuth connection to sync these calendars only grants Calendrz access to your calendar account through a secure token from your email provider. This also enables you to set additional security precautions with that provider including 2-factor authentication (2FA).

 

 

User provisioning and deprovisioning

 

Calendrz offers seamless OAuth through Google and Microsoft Calendar, calendar connection is eliminated automatically when your account is canceled.