Security Compliance

Cronofy is committed to mitigating risk and ensuring that Cronofy services meet regulatory and security compliance requirements.
Regulatory Environment

Cronofy complies with relevant legal, industry, and regulatory requirements as well as industry best practices. Geographically discrete production instances allow our customers to use our services and stay compliant with regional regulations.

Top Tier Infrastructure Provider

Cronofy’s service is hosted at Amazon Web Services (AWS) data centres, which are highly scalable, secure, and reliable. AWS complies with leading security policies and frameworks, including SSAE 16, SOC framework, ISO 27001 and PCI DSS.

Data Retention

Cronofy retains the minimum amount of information required to deliver services to our customers and end-users. More information on data retention and data retention periods can be found in our Data Management policy:

ISO 27001, 27701 & 27018 certified

Cronofy’s ISMS (Information security management system) has been independently audited and meets the standards set out by the International Standards Organization for the ISO 27001, 27701 & 27018 standards. A copy of all of Cronofy’s ISO certificates are available publicly and reports are available on request after signing a mutual NDA.

SOC2 Type 2 Attested

The security, availability, processing integrity, confidentiality and/or privacy controls of Cronofy were audited, based on their compliance with the AICPA’s SOC2 Standard. Cronofy’s controls were found to be designed effectively and are suitably operated. A copy of the Cronofy SOC2 Type 2 report is available on request.

EU General Data Protection Regulation

Cronofy is compliant with the EU General Data Protection Regulation (GDPR) and can provide a Data Processing Agreement (DPA) on request.

HIPAA Compliance

Cronofy is HIPAA-ready and can supply a Business Associate Agreement (BAA) on request.

California Consumer Privacy Act (CCPA)

Cronofy complies with the California Consumer Privacy Act (CCPA).