Platform Security and Compliance
December 2nd, 2023
TEAMCAL AI is a cloud application that provides meeting scheduling and management. Our platform creates a frictionless experience to schedule meetings across teams by securely integrating with calendar providers namely Google and Outlook.
Our software requests limited access to customer resources to achieve a great meeting scheduling and meeting management experience. We limit access to all customer data on a need-to-know basis internally.
TEAMCAL AI uses state-of-the-art best industry-standard security practices and retains a minimal amount of customer data necessary to provide a great experience to our users. This document explains platform security and compliance.
Is my Calendar Data Secure?
We don't save your Calendar/Event Data in our Server. Calendar Events Data is pulled in real-time to find the available time and to show upcoming meetings. We use Enterprise Grade security for all the communications using HTTPS and Transport Layer Security(TLS).
Is my data encrypted in the Database?
All user login informations are encrypted by highest level of encrytion in AWS servers which can only be accessed by our Web application.
How do we maintain Platform Security and Compliance
TEAMCAL AI uses state-of-the-art industry-standard security practices and retains a minimal amount of customer data necessary to provide a great experience to our users. check our compliance and security policy for details.
Authentication
We have two mechanism for authenticating users, the first one use OAuth 2.0, an Industry standard to login using either Google, outlook or Hotmail accounts. The second one uses Login and password. These are encrypted and saved in a secure database.
What about Data encryption?
We have multiple approaches to secure user data.
- All connections from the browser to the TEAMCAL AI platform are encrypted in transit using TLS SHA-256 with RSA Encryption.
- All other important user information is encrypted as rest.
- TEAMCAL AI user passwords are stored as salted password hashes.
What about Physical Infrastructure Security?
The TEAMCAL AI application is hosted on AWS (Amazon Web Services). AWS is architected to be the most secure cloud computing environment available today. The core infrastructure is built to satisfy the security requirements of the military, global banks, and other high-sensitivity organizations. This is backed by a deep set of cloud security tools, with over 300 security, compliance, and governance services and features. AWS supports 98 security standards and compliance certifications, and all 117 AWS services that store customer data offer the ability to encrypt that data.
For additional information see: AWS Security
Do We Sell User Data?
We're not in the business of selling, renting out or trading your data with 3rd parties. All data collected is used to provide you with the Service only, and all your private data and intellectual property is always yours.
Where can we learn more about Privacy and Terms of Use?
Learn about TEAMCAL AI Privacy policy here and TEAMCAL AI Terms of Use here.
Calendar Integrations
Google Calendar and Office365 Integrations
TEAMCAL AI users may use either the Google Calendar or Office365 integrations to connect their calendars with TEAMCAL AI for meeting management and providing their availability for meeting schedules for a team meeting. TEAMCAL AI is built to access the data on the fly and does not save calendar or meeting data in the database. I utilize the tokens needed from connected calendars to deliver its service. For example, the TEAMCAL AI application only connects with the calendars when showing a list of meetings or when fetching your availability to schedule meetings, so that we do not double book your calendar. TEAMCAL AI is designed not to store the details about the appointments in your calendar including details such as who you are meeting with, their email, the meeting title, or any other details about the appointments in your calendar. This information is shown to you dynamically and directly from your calendar and never stored at TEAMCAL AI.
TEAMCAL AI Zoom App
The TEAMCAL AI Zoom App integration allows the TEAMCAL AI platform to show your current meetings inside Zoop App bar and allow you to schedule follow-up meetings. No other personally identifiable information, including subject, notes, etc. are available or saved at TEAMCAL AI. The TEAMCAL AI uses TLS the highest level of security protocol to communicate from the Zoom app to TEAMCAL AI and vice versa. TEAMCAL AI writes appointment time, duration, subject, and scheduled attendee information from Zoom App directly to the respective Calendar(Google or Outlook). All data is encrypted in transit using TLS. Data stored at rest in the underlying storage is encrypted including automated backups, read replicas, and snapshots.
Authenticating with calendar integrations
We don’t collect third-party passwords by utilizing OAuth authentication with Office365 and Google Calendar. TEAMCAL AI users can disconnect their calendar connection at any time through the Calendar Sync page in Setting within their account.
When using the Zoom App, TEAMCAL AI requires installation on customer computers to read and list calendar events for the day, check the attendees of the event to schedule follow-up meetings, and look for calendar conflicts to schedule meetings. All of our customers use Zoom built-in OAuth integrations.
Meeting Link Pages
The TEAMCAL AI platform allows users to create Meeting scheduling pages for users and teams to collect relevant information from invitees only to schedule meeting purposes. TEAMCAL AI is not intended to be used by users to collect sensitive personally identifiable information.
Data Encryption
- All connections from the browser to the TEAMCAL AI platform are encrypted in transit using TLS SHA-256 with RSA Encryption.
- All other important user information is encrypted as rest.
- TEAMCAL AI user passwords are stored as salted password hashes
Physical Infrastructure
The TEAMCAL AI application is hosted on AWS (Amazon Web Services). AWS is architected to be the most secure cloud computing environment available today. The core infrastructure is built to satisfy the security requirements of the military, global banks, and other high-sensitivity organizations. This is backed by a deep set of cloud security tools, with over 300 security, compliance, and governance services and features. AWS supports 98 security standards and compliance certifications, and all 117 AWS services that store customer data offer the ability to encrypt that data.
For additional information see: https://aws.amazon.com/security
Vulnerability Management
We keep our systems up to date with the latest security patches and continuously monitor for new vulnerabilities through compliance and security mailing lists. This includes automatic scanning of our code repositories for vulnerable dependencies. All of our services run in containers that isolate processes, memory, and the file system using LXC while host-based firewalls restrict applications from establishing local network connections. The services are configured with tight network security constraints to further limit any potential risk. The AWS Platform regularly conducts internal vulnerability assessments and patches the underlying systems.
Incident Response Plan
Identification
TEAMCAL AI routinely monitors our external services for security issues. TEAMCAL AI continuously scans TEAMCAL AI for service interruptions, performance degradation, and security vulnerabilities with automated tools to immediately alert our engineers when an incident has been detected. Users may also report security issues to security@teamcalendar.ai
Containment
Whenever our engineering team is alerted to a security issue, the team determines what systems are affected and quickly contains the problem by disconnecting all affected systems and devices. Because all of our services run in containers that isolate processes, memory, and the file system they are easily replaced and updated in their entirety inhibiting further escalation.
Recovery
If data was found to be affected, it is restored from clean backup files, ensuring that no vulnerabilities remain. Secondary backups are also stored in AWS. Systems are monitored for any recurrence. Ephemeral services are patched and redeployed eliminating any chance of malware persistence.
Retrospective
The TEAMCAL AI engineering team analyzes every operations incident and how it was handled, making recommendations for better future response and for preventing a recurrence.
Change Management Plan
New releases to the TEAMCAL AI Platform are thoroughly reviewed and tested to ensure high availability and a great customer experience. Changes to our codebase are required to include unit tests, integration tests, and end-to-end tests. Changes are also run against our continuous integration server. This enables us to automatically detect any issues in development.
Once a changeset is completed, it is manually peer-reviewed by one or more engineering team members. The changeset is then evaluated and manually tested by our quality assurance team to thoroughly test areas of expected impact, regression test, and further evaluate the user experience.
After a changeset is released, we continue to monitor application exceptions and log exceptions. These exceptions are regularly reviewed and triaged for resolution. Performance impacts of the changeset are monitored through several monitoring services.
Employee Screening and Policies
As a condition of employment, all TEAMCAL AI employees undergo pre-employment background checks and receive training during onboarding and throughout their employment on company policies, security, GDPR, and other related security, privacy, and compliance topics.
Compliance
PCI Compliance
TEAMCAL AI uses a PCI-compliant pay processor Stripe for encrypting and storing credit card details.
More information on Stripe’s commitment to security and compliance can be found here. We utilize the direct Stripe javascript integration so your credit card information never reaches TEAMCAL AI’s servers. https://stripe.com/docs/security/stripe
GDPR Compliancee
You can count on the fact that TEAMCAL AI is committed to GDPR compliance. We understand the importance of incorporating standards put forth by the General Data Protection Regulation (GDPR) into our data practices and making sure our customers, whether citizens of the EU or businesses that use TEAMCAL AI with European customers, feel secure and confident to continue using TEAMCAL AI. We have developed new features, enhanced existing functionalities, and established additional documentation regarding our efforts.
However, GDPR is a broad regulation. Since it’s new, and since there is no certification process, no company can legitimately claim that they are GDPR compliant. TEAMCAL AI makes a good-faith effort to be compliant with GDPR, both now and as future developments come along.
If you integrate TEAMCAL AI to share invitee information with another application, we designate invitees in GDPR countries as "transactional contacts" so their information is only used to send information about orders, shipments, test messages, etc., unless they were explicitly opt-in to future, marketing-related emails.
Other Legal Documents
TEAMCAL AI Privacy Policy
Our current privacy policy can be found here: https://teamcal.ai/privacy
TEAMCAL AI Terms of Use
Our current terms of use can be found here: https://teamcal.ai/terms