Security and Performance

Calendar API Personal Access Tokens

Hosting

Cronofy is hosted on Amazon’s Web Services (AWS) infrastructure, the leading cloud infrastructure provider. You can read about AWS’s thorough security provisions on their site.

Availability

Cronofy’s platform is hosted in Amazon’s US East (N. Virginia) region with servers spread across several availability zones within that region in order to maximize our uptime.

Secure communication

All communication with Cronofy’s website, applications, and API is performed via HTTPS, utilising 128-bit encryption.

Encryption

For sensitive data where the original values are not needed, such as our own passwords, we hash the data using the BCrypt algorithm. Where the original values are need, such as authentication details for accessing calendars, the values are encrypted using the AES-256-GCM algorithm using a unique, randomly generated salt for each set of sensitive data.

Data access

Only authorized employees are granted access to our production infrastructure and the use of password managers to ensure strong passwords and two-factor authorization when available is mandated across the company.

Scheduled maintenance

Cronofy is updated frequently through an automated process with zero downtime.
If any downtime is expected as part of a major change (such as a data center migration) we will communicate it at least 48 hours in advance via Cronofy’s status page.

Third party data access

All access to data via Cronofy is explicitly approved through an OAuth authorization mechanism which grants access tokens that can be revoked at any time.

We don’t sell customer data to anyone.