Give every user a way to schedule: Introducing new Calendar Access Modes

Up until now, Cronofy has required read-write access to your users calendars, even if your application only required Free/Busy access, due to the scopes available from the Calendar providers.

Recent new options from Google and Microsoft allow Cronofy to connect to your users calendars with less permissions; perfect for the privacy conscious and in organizations with strict compliance criteria.

Calendar Access Modes give you the option of offering Free/Busy access or No Calendar Access to control the amount of data shared with Cronofy.

Calendar data carries sensitive personal and business information, and many enterprise buyers and compliance teams remain nervous about granting third-party applications full read-write access to employee calendars. They want to know exactly what data is being transferred, how it’s used, and whether permissions can be limited.

We’ve always taken compliance seriously to show that we view ourselves as responsible custodians of your data, but that isn’t always enough for every organization to gain confidence.

Without more privacy-focused connection options, adoption stalls and users choose not to connect at all. As teams move upmarket, those objections only intensify. Even when your scheduling features deliver obvious value, full access requests trigger red flags in compliance reviews. This often stops deals entirely.

At Cronofy, we've already built our infrastructure to meet the most demanding compliance requirements with certifications across GDPR, HIPAA, SOC 2, and ISO 27001, 27701, and 27018, with local data hosting available across six global data centers.

Now we're taking that foundation further by giving our customers the flexibility to offer different levels of calendar access that match their users organizational policies and comfort levels.

Our new Access Modes are embedded directly into the OAuth flow when users connect their calendar to your application, giving them three options for how much access they grant Cronofy. This is available when your application requests free_busy_write access to users calendars.

Read-write Access:

• The existing default connection option for users.
• Cronofy will put calendar events directly into users’ calendars on behalf of your application.
• Your user’s availability will be kept up to date to be used with the Availability APIs.

Free/Busy Access (new!):

• Cronofy will now only have access to users’ free/busy status, which can be used with the Availability APIs.
• Events and updates will be delivered to users via email invitations, rather than being written directly to their calendars.

No Calendar Access (new!):

• This access mode is beneficial to use by those end users who cannot connect a calendar in any form to Cronofy.
• Events and updates will be delivered to users via email invitations, rather than being written directly to their calendars.
• Without real calendar data, you can use our Availability APIs to help control when you should be considered free. We will also reflect availability coming from events created through Cronofy.

Offering Calendar Access Modes has two simple steps.

First, enable the access modes you’d like in the Features section of your application:

Secondly, extend your Authorization logic to parse the userinfo.profiles list of all profiles, rather than just the linking_profile details. This will let your application spot when a user connects a single read_write calendar, or the pair of a free_busy Google or Microsoft calendar and a writable Cronofy calendar.

To learn more about setting up the new Free/Busy or No Access modes, you can view the detailed documentation here. If you'd prefer a walkthrough of how Access Modes fit your specific use case, feel free to book a call with our team.

Here's to calendar connections that work for everyone.