November 29, 2022
Teamcal Ai is a cloud application that provides meeting scheduling and management. Our platform creates a frictionless experience to schedule meetings across teams by securely integrating with calendar providers namely Google and Outlook.
Our software requests limited access to customer resources to achieve a great meeting scheduling and meeting management experience. We limit access to all customer data on a need-to-know basis internally.
Teamcal Ai uses state-of-the-art best industry-standard security practices and retains a minimal amount of customer data necessary to provide a great experience to our users. This document explains platform security and compliance.
Teamcal Ai users may use either the Google Calendar or Office365 integrations to connect their calendars with Teamcal Ai for meeting management and providing their availability for meeting schedules for a team meeting. Teamcal Ai is built to access the data on the fly and does not save calendar or meeting data in the database. I utilize the tokens needed from connected calendars to deliver its service. For example, the Teamcal Ai application only connects with the calendars when showing a list of meetings or when fetching your availability to schedule meetings, so that we do not double book your calendar. Teamcal Ai is designed not to store the details about the appointments in your calendar including details such as who you are meeting with, their email, the meeting title, or any other details about the appointments in your calendar. This information is shown to you dynamically and directly from your calendar and never stored at Teamcal Ai.
The Teamcal Ai Zoom App integration allows the Teamcal Ai platform to show your current meetings inside Zoop App bar and allow you to schedule follow-up meetings. No other personally identifiable information, including subject, notes, etc. are available or saved at Teamcal Ai. The Teamcal Ai uses TLS the highest level of security protocol to communicate from the Zoom app to Teamcal Ai and vice versa. Teamcal Ai writes appointment time, duration, subject, and scheduled attendee information from Zoom App directly to the respective Calendar(Google or Outlook). All data is encrypted in transit using TLS. Data stored at rest in the underlying storage is encrypted including automated backups, read replicas, and snapshots.
We don’t collect third-party passwords by utilizing OAuth authentication with Office365 and Google Calendar. Teamcal Ai users can disconnect their calendar connection at any time through the Calendar Sync page in Setting within their account.
When using the Zoom App, Teamcal Ai requires installation on customer computers to read and list calendar events for the day, check the attendees of the event to schedule follow-up meetings, and look for calendar conflicts to schedule meetings. All of our customers use Zoom built-in OAuth integrations.
The Teamcal Ai platform allows users to create Meeting scheduling pages for users and teams to collect relevant information from invitees only to schedule meeting purposes. Teamcal Ai is not intended to be used by users to collect sensitive personally identifiable information.
The Teamcal Ai application is hosted on AWS (Amazon Web Services). AWS is architected to be the most secure cloud computing environment available today. The core infrastructure is built to satisfy the security requirements of the military, global banks, and other high-sensitivity organizations. This is backed by a deep set of cloud security tools, with over 300 security, compliance, and governance services and features. AWS supports 98 security standards and compliance certifications, and all 117 AWS services that store customer data offer the ability to encrypt that data.
For additional information see: https://aws.amazon.com/security
We keep our systems up to date with the latest security patches and continuously monitor for new vulnerabilities through compliance and security mailing lists. This includes automatic scanning of our code repositories for vulnerable dependencies. All of our services run in containers that isolate processes, memory, and the file system using LXC while host-based firewalls restrict applications from establishing local network connections. The services are configured with tight network security constraints to further limit any potential risk. The AWS Platform regularly conducts internal vulnerability assessments and patches the underlying systems.
Teamcal Ai routinely monitors our external services for security issues. Teamcal Ai continuously scans Teamcal Ai for service interruptions, performance degradation, and security vulnerabilities with automated tools to immediately alert our engineers when an incident has been detected. Users may also report security issues to email@example.com
Whenever our engineering team is alerted to a security issue, the team determines what systems are affected and quickly contains the problem by disconnecting all affected systems and devices. Because all of our services run in containers that isolate processes, memory, and the file system they are easily replaced and updated in their entirety inhibiting further escalation.
If data was found to be affected, it is restored from clean backup files, ensuring that no vulnerabilities remain. Secondary backups are also stored in AWS. Systems are monitored for any recurrence. Ephemeral services are patched and redeployed eliminating any chance of malware persistence.
The Teamcal Ai engineering team analyzes every operations incident and how it was handled, making recommendations for better future response and for preventing a recurrence.
New releases to the Teamcal Ai Platform are thoroughly reviewed and tested to ensure high availability and a great customer experience. Changes to our codebase are required to include unit tests, integration tests, and end-to-end tests. Changes are also run against our continuous integration server. This enables us to automatically detect any issues in development.
Once a changeset is completed, it is manually peer-reviewed by one or more engineering team members. The changeset is then evaluated and manually tested by our quality assurance team to thoroughly test areas of expected impact, regression test, and further evaluate the user experience.
After a changeset is released, we continue to monitor application exceptions and log exceptions. These exceptions are regularly reviewed and triaged for resolution. Performance impacts of the changeset are monitored through several monitoring services.
As a condition of employment, all Teamcal Ai employees undergo pre-employment background checks and receive training during onboarding and throughout their employment on company policies, security, GDPR, and other related security, privacy, and compliance topics.
Teamcal Ai uses a PCI-compliant pay processor Stripe for encrypting and storing credit card details.
You can count on the fact that Teamcal Ai is committed to GDPR compliance. We understand the importance of incorporating standards put forth by the General Data Protection Regulation (GDPR) into our data practices and making sure our customers, whether citizens of the EU or businesses that use Teamcal Ai with European customers, feel secure and confident to continue using Teamcal Ai. We have developed new features, enhanced existing functionalities, and established additional documentation regarding our efforts.
However, GDPR is a broad regulation. Since it’s new, and since there is no certification process, no company can legitimately claim that they are GDPR compliant. Teamcal Ai makes a good-faith effort to be compliant with GDPR, both now and as future developments come along.
If you integrate Teamcal Ai to share invitee information with another application, we designate invitees in GDPR countries as "transactional contacts" so their information is only used to send information about orders, shipments, test messages, etc., unless they were explicitly opt-in to future, marketing-related emails.