CalendarBridge Security

Simple & Secure Calendar Management

Security and Simplicity are the foundation that CalendarBridge is built on.

Foremost is security. CalendarBridge adheres to the highest security standards to give users and systems administrators piece of mind that their calendar information is secure and not being used for any purpose other than syncing their calendars and scheduling their meetings.

Second only to security is simplicity — CalendarBridge makes it simple for users to manage their calendars, and simple for admins to manage user accounts and enforce privacy & security policies.

Users love CalendarBridge for making it simple to manage their calendars and set meetings. I love it because I have full control over what calendar data is syncing and where — unlike workarounds users were using before

Marc P. Menzies, CISSP

Secure Access to User Calendars

CalendarBridge connects to Microsoft and Google using secure OAuth connections such that we never see or store users’ Microsoft or Google passwords. The OAuth tokens can be revoked at any time from within the Microsoft and Google admin centers.

Minimum Permissions Required

CalendarBridge requests read and write access to user calendars to enable syncing calendars, checking availability, and scheduling meetings.

We do not request access to user email, storage, or other ancillary Google Workspace or Microsoft services.

Organization Admin Portal

The admin portal supports two usage models: (1) user managed and (2) fully admin managed. For both usage models, the systems administrator can set sync privacy settings that will be enforced for all users on your domain(s).

More information about our organization admin portal can be found here.

How we use your data

The only thing we do with your calendar data is sync it between your calendars and use it to determine your availability.

  • We don’t store any calendar event data
  • We don’t analyze any calendar event data
  • We don’t sell or monetize any data in any way

More information can be found in our privacy policy

Technical Details

Below are just some highlights. Our completed SIG Lite questionnaire and other security information are available on request.

AWS

CalendarBridge is hosted and managed within Amazon’s secure data centers and we take advantage of all of AWS’s security, privacy, and redundancy features. AWS continually monitors its data centers for risk and undergoes assessments to ensure compliance with industry standards. Amazon’s data center operations have been accredited under: ISO 27001, SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II), PCI Level 1, FISMA Moderate and Sarbanes-Oxley (SOX).

Encryption

CalendarBridge encrypts all data in transit and at rest.

People

All employees undergo background checks. All employees sign confidentiality agreements. Access to data is on a strict need-to-know basis. All employees are trained on, and required to adhere to, our information security, physical security, incident response, disaster recovery, and change control policies.