Teamtailor uses Cronofy’s services in order to connect user’s calendars and in doing so, deliver our smart scheduling features.

Read more about the smart scheduling features here:

In this case, the customer adds the integration by letting their individual users connect their email/calendar account with their Teamtailor account. An individual user can do this by authorizing access to their own calendar via an OAuth2 flow that Cronofy manages. The credentials are not given to us at Teamtailor, instead only Cronofy tokens are passed on (read more here).

The data flow between Teamtailor, Cronofy, and the customer are as follows:

Teamtailor to Cronofy:

Cronofy to Teamtailor:

Customer to Cronofy:

Cronofy takes the security of your calendar data seriously and has worked hard to ensure security standards are ISO 27001, 27701 & 27018 certified, as well as SOC 2 Type 2 attested.
​
TLS is enforced for all communication with Cronofy APIs. TLS to calendar services is used where available.

All credentials and calendar data within our systems are encrypted at rest with the AES-256-GCM algorithm using a unique, randomly generated salt for each set of sensitive data. All stored data is encrypted at rest.

Cronofy has strict processes for its internal security and commissions regular 3rd party penetration testing.

The Cronofy service is continuously monitored for availability and utilization by internal and external tools. Current and historic status reports are available at https://status.cronofy.com.

Get more details in their compliance center: https://www.cronofy.com/compliance-center

Email data (Exchange): Email data isn't synchronized if accessible. That would require a significant code change that wouldn't pass Cronofy's change review process.

Calendar data (including events not created by Teamtailor): Access to the calendar information is role-based, the majority have no access, Cronofy’s support agents can see obfuscated levels of detail (start time, end time, free or busy) to be able to check availability-related queries, support engineers have a higher level in order to investigate synchronization issues.

Calendar events not created by Teamtailor are also synchronized to accurately track availability.

Access reviews are performed quarterly to ensure these people have an appropriate level of access for their role.

Get more details about what data does Cronofy collect here.

Teamtailor takes security seriously and employs best practices to ensure that privacy and security are not compromised. All data transferred in or out of the application and between system components/servers are encrypted during transmission with TLS 1.2 or above.

Teamtailor’s main data stores are operated and maintained by AWS, and Crunchybridge. All customer data is encrypted at rest with AES-256 block-level encryption. Current storage technologies include Postgresql, OpenSearch, and Amazon S3. Databases and S3 storage buckets are automatically backed up using features provided by our hosting providers. Restore tests are done every 6 months.

Teamtailor audits its security controls annually according to the SOC2 Type 2 standard and conducts annual external penetration tests to identify vulnerabilities in its systems and network security.

The Teamtailor platform, services, and third parties involved in the delivery of our services are monitored 24/7/365 by our Product team. Current and historic status reports are available at: https://status.teamtailor.com

Get more details about the Teamtailors security measures at: Teamtailor Security overview