Cronofy is hosted on Amazon’s Web Services (AWS) infrastructure, the leading cloud infrastructure provider. You can read about AWS’s thorough security provisions on their site.
Cronofy’s platform is hosted in Amazon’s US East (N. Virginia) region with servers spread across several availability zones within that region in order to maximize our uptime.
All communication with Cronofy’s website, applications, and API is performed via HTTPS, utilising 128-bit encryption.
For sensitive data where the original values are not needed, such as our own passwords, we hash the data using the BCrypt algorithm. Where the original values are needed, such as authentication details for accessing calendars, the values are encrypted using the AES-256-GCM algorithm using a unique, randomly generated salt for each set of sensitive data.
Only authorized employees are granted access to our production infrastructure and the use of password managers to ensure strong passwords and two-factor authorization when available is mandated across the company.
Cronofy is updated frequently through an automated process with zero downtime.
If any downtime is expected as part of a major change (such as a data center migration) we will communicate it at least 48 hours in advance via Cronofy’s status page.
All access to data via Cronofy is explicitly approved through an OAuth authorization mechanism which grants access tokens that can be revoked at any time.
We don’t sell customer data to anyone.