Privacy & Security

Privacy and Security at Cronofy

We can assure the customers of the businesses that use Cronofy services that we take security very seriously. We employ best practices to ensure that privacy is never compromised. The nature of the data Cronofy handles on behalf of its clients requires that security is a core part of the approach to building, scaling, and managing our service. Don't hesitate to contact us for more information.

Global brands already trust Cronofy's security commitments

Our Security and Privacy certifications

Cronofy operates a robust security and compliance program, adhering to the highest level of information security standards. We achieve this by meeting and exceeding the expectations of the following standards.


Cronofy has achieved the ISO/IEC 27001:2013 certification, the international standard for information security management systems (ISMS). The ISO 27001 certification requires the assessment of an organization’s information security management controls.

Learn more about ISO27001


ISO27018 is a set of controls and guidelines, which specify how to protect Personally Identifiable Information (PII) in the cloud. Cronofy complies with ISO27018, which provides a set of objectives for implementing measures to protect PII. This is in accordance with the privacy principles in ISO/IEC 29100 for the public cloud computing environment.

Learn more about ISO27018


Cronofy has achieved ISO 27701:2019, an extension of ISO 27701. Cronofy operates a PIMS (Privacy Information Management System) and data protection processes to an established, world-class standard.

Learn more about ISO27701


SOC 2 defines the criteria for secure handling and management of customer data. Cronofy has been audited and complies with the standards set out by the AICPA as part of the SOC 2 standard. Cronofy has successfully completed audits for both SOC2 Type 1 and 2.

Learn more about SOC 2


Cronofy adheres to the principles of GDPR and will continue to do so, no matter what happens with Brexit. Cronofy has been through the process of reviewing and updating our internal processes, procedures, data systems, and documentation to ensure we comply with GDPR.

Learn more about GDPR


Cronofy has an explicit Privacy Notice in place, that advises users of their rights under CCPA. Cronofy processes personal data in line with the requirements set out by the CCPA, for the purpose of providing services. This includes compliance with policies such as Anti-Discrimination, the Right to Be Forgotten, the Right to Access Data Collected, and control over data shared with third parties.

Learn more about CCPA


Cronofy is HIPAA (Health Insurance Portability and Accountability Act)  compliant, ensuring that PHI (Patient Healthcare Information) is processed and stored, in line with the Titles defined within HIPAA, specifically, Title II. Cronofy can supply a Business Associate Agreement (BAA) on request.

Learn more about HIPAA

Security White Paper

Cronofy has compiled a security white paper. It aims to answer any questions which aren’t answered in any of the other documentation published on our sites.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Want to know more about Cronofy’s Privacy and Security?

We’d love to discuss security more with you! Please reach out to our dedicated support team with any questions you may have.

Get in touch