Customers of the businesses that use Cronofy services should be assured that Cronofy takes their security seriously, and employs best practices to ensure that privacy is never compromised. The nature of the data Cronofy handles on behalf of its clients requires that security is a core part of the approach to building, scaling, and managing our service. Don't hesitate to contact us for more information.
Cronofy operates a robust security and compliance program, adhering to the highest level of information security standards. We achieve this by meeting and exceeding the expectations of the following standards...
Cronofy has achieved the ISO/IEC 27001:2013 certification, the international standard for information security management systems (ISMS). The ISO 27001 certification requires the assessment of an organization’s information security
management controls.
SOC 2 defines the criteria for secure handling and management of customer data. Cronofy has been audited and complies with the standards set out by the AICPA as part of the SOC 2 standard. Cronofy has successfully completed audits for both SOC2
Type 1 and 2.
Cronofy adheres to the principles of GDPR and will continue to do so, no matter what happens with Brexit. Cronofy has been through the process of reviewing and updating our internal processes, procedures, data systems, and documentation to ensure we comply with GDPR.
Cronofy has an explicit Privacy Notice in place, that advises users of their rights under CCPA. Cronofy processes personal data in line with the requirements set out by the CCPA, for the purpose of providing services. This includes compliance with policies such as Anti-Discrimination, the Right to Be Forgotten, the Right to Access Data Collected, and control over data shared with third parties.
Cronofy is a member of the EU-U.S. Privacy Shield Framework designed by the U.S. Department of Commerce, and the European Commission. Its aim is to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union to the United States.
Cronofy is HIPAA (Health Insurance Portability and Accountability Act) compliant, ensuring that PHI (Patient Healthcare Information) is processed and stored, in line with the Titles defined within HIPAA, specifically, Title II. Cronofy can supply a Business Associate Agreement (BAA) on request.
Cronofy has compiled a security white paper. It aims to answer any questions which aren’t answered in any of the other documentation published on our sites.
