Data Management

This page sets out how Cronofy must collect, handle, and store data to meet our data protection standards, fulfill the rights of our customers, end-users and meet the requirements set out by regulators and the law.

Purpose #

This documentation ensures that Cronofy:

  • Complies with data protection law and follows best practices.
  • Protects the rights of staff, customers, end-users, and partners.
  • Is transparent about how it stores and processes individuals’ data.
  • Protects data subjects, data, and itself from the risks of a data breach.

This documentation outlines:

  • What data Cronofy is collecting.
  • How Cronofy might use data.
  • Who will be able to access and amend the information.
  • With whom Cronofy will share data, and
  • How Cronofy will notify customers of a data breach or changes to the document.

Cronofy’s commitment #

Cronofy is obliged to abide by all relevant UK and European Union legislation. Cronofy complies with the following legislation and other legislation as appropriate:

  • The Data Protection Act (2018)
  • General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679)
  • The Data Protection (Processing of Sensitive Personal Data) Order 2000.
  • The Copyright, Designs and Patents Act (1988)
  • The Computer Misuse Act (1990)
  • The Health and Safety at Work Act (1974)
  • Human Rights Act (1998)
  • Regulation of Investigatory Powers Act 2000
  • Freedom of Information Act 2000
  • California Consumer Privacy Act (CCPA)

Security and the security of data are at the forefront of everything Cronofy does. Cronofy elects to participate and agree to the highest standards defined in the following compliance programs.

  • SOC 2
  • HIPAA
  • ISO27001
  • ISO27018
  • ISO27701

Definitions #

Personal data: Personal data is “information that relates to an identified or identifiable individual.” PII could be something as simple as a name or a number or include other identifiers such as an IP address, a cookie identifier, or other factors.

Types of users: Cronofy collects and manages data from various groups of people.

Integrators: Our direct customers who develop services using our API. End-Users: People who authorize Integrator’s applications to access their calendar. Data subjects: The identified or identifiable living individual to whom personal data relates.

Event types: We differentiate between the different types of event data according to the source of that data.

  • Managed Events: Events created by an Integrator’s application in an End-User’s calendar
  • Attachments: Files attached to partner events, added via the Cronofy API, or added to Scheduler events.

Connection methods: For an Integrator to create events on behalf of an end-user, the user must first authorize the Integrator to do so. Cronofy offers two primary connection methods for end-users to connect their calendars to Cronofy.

  • Individual Connect: Provides access to a single user’s calendar.
  • Enterprise Connect: Provides access to an entire domain or group of users.

The data that Cronofy collects #

Data from Integrators #

Integrators are the direct customers and consumers of Cronofy’s API services. We collect data from integrators as part of providing our services to them and their customers, for example, billing information or information about events created via the Cronofy API.

Type of DataData Collected
Operational InformationName, Email address, Company name (optional), Phone number (optional), Application name, Application URL
Billing InformationBilling contact name, Billing contact email address, Billing contact address, Company name, Company national tax identifier
Partner Event Data FieldsSummary, Description/body, Start and end time, Time zone where available, Recurrence rule, Category, Color, Conferencing information/URL, Location description, latitude, and longitude, Attendees:, Email address, Display name, Attendance status, Attachments

Data from end-users #

When an end-user authorizes an application to access their calendar through Cronofy, an onboarding process that builds a cache of the end-users calendar data is triggered.

The Cronofy calendar sync platform can optimize access to the end-users calendar server by maintaining a cache of the data. This is especially relevant in self-hosted Exchange scenarios where typical application access patterns can be detrimental to Exchange server performance. Cronofy optimizes access to only synchronize changes and store data in a manner suited to application access patterns.

Calendar account information and event data are copied and kept synchronized in the Cronofy data store to support the Integrator’s application query window. By default, this is 42 days in the past and 201 days in the future. Reduced or extended synchronization windows are supported for customers on an Emerging plan or higher and are configured per integrator application.

Calendar Account Information #

The information collected by Cronofy about a calendar account.

Type of DataData Collected
Calendar Account FieldsCredentials required to access the calendar account, Name associated with the calendar account, The email address associated with the calendar account, Time zone, Names of all calendars linked to the calendar account

Authorization and Credentials #

Individual Connect Authorization #

Cronofy favors the OAuth2.0 standard for authorization wherever possible and will only store credentials if the provider does not support OAuth2.0.

ProviderCredentials stored
GoogleOAuth token
Office 365OAuth token
Outlook.comOAuth token
Apple iCloudEmail address and an app-specific password
ExchangeEmail address and password. Optionally username if Exchange server requires it.

Enterprise Connect Authorization #

With Enterprise Connect authorization, only the credentials associated with the service account are stored by Cronofy. No end-user credentials are accessible or stored.

ProviderCredentials stored
GoogleOAuth token
Office 365OAuth token
Exchange (EWS Connection)Service account email address and password. Optionally username if Exchange server requires it

Event Data #

In line with providing services, we must collect data in relation to and about calendar events.

Type of DataData Collected
Third-Party Event Data FieldsSummary, Description/body, Start and end time and time zone where available, Recurrence rule, Location description, latitude, and longitude, Attendees: Email address, display name, and attendance status. Category, Color
Smart Invite Data FieldsSummary, Description/body, Start and end time and time zone where available, Recurrence rule, Location description, latitude, and longitude, Attendees: Email address, display name, and attendance status. Category, Color

The Event data fields available varies depending on the calendar provider. This list represents the data fields that the Cronofy sync engine attempts to obtain.

How data is protected #

By synchronizing the data listed in this documentation into the Cronofy database, we can then provide the following features of our service.

High availability and encryption #

Cronofy uses Amazon RDS as the database technology for integrator and end-user data. Data stored at rest in the underlying storage is encrypted, as are its automated backups, read replicas, and snapshots.

All transfer of information between the Integrator’s application and the Cronofy API requires at least TLS 1.2 to encrypt data in transit.

Communication between the Cronofy calendar sync platform and the end-user calendar service is protected by TLS encryption, subject to support by the calendar service (for example, whether a hosted Exchange server has TLS configured).

Data Centers #

Cronofy currently provides six Data Center options to customers. They are run as separate instances, and PII is not transferred between them. This allows you to ensure PII is kept within jurisdictional boundaries, e.g., the EEA.

Because of this separation, developer accounts must be created for each instance that suits your requirements.

More information about our data centers can be found in our documentation (https://docs.cronofy.com/developers/data-centers).

Data minimization #

As part of providing a service, Cronofy must collect the data listed in this document. We will only store that data for as long as it is reasonable, in line with providing a service. The exact information that we store is listed in this document. By default, Cronofy makes every effort to ensure PII is not included in logs and has short data retention policies to ensure this is the case.

Consent for processing PII is gained from all users who utilize Cronofy’s services when they sign up for a Cronofy account. The type of processing, and reasons for the processing, are stored in the Privacy Notice (https://docs.cronofy.com/policies/privacy-notice). Consent is gathered from End Users at the point they connect their calendars when they agree to our End-User Terms of Service (https://docs.cronofy.com/policies/end-user-terms-of-service).

Access to data #

Cronofy operates a general rule of least privilege, meaning that employees only receive the access they need to perform their role and nothing more. Cronofy may access customer data in line with their responsibilities. For example, providing technical support or fulfilling obligations under GDPR. Users’ rights concerning their data are documented and shared via Cronofy’s privacy notice (https://docs.cronofy.com/policies/privacy-notice/#your-rights).

Effective Change Tracking #

Changes are synchronized into the Cronofy database using each calendar service’s most effective access pattern. These changes can then be aggregated and delivered to Integrator’s applications in a manner that is most efficient for them. A centralized cache allows us to separate these concerns and deliver optimal performance for both sides of the sync process.

Separation of data #

Development, testing, and operational environments are separated, and PII is not used in development or testing.

Data Backups #

Backups are generated every 24 hours and stored in the same region as the RDS instance. The backups are retained for seven days before they are deleted.

Data Retention #

Cronofy stores data for as long as it’s needed to provide services, or for as long as it is legally necessary.

Data stores information in relation to Integrators for the purpose of troubleshooting and billing.

Data typeRetention period
Application logsUp to 90 days
Billing recordsPermanent
Application configurationPermanent
Credit card detailsNot stored by Cronofy but handled by payment provider Stripe

Event data that falls outside the query window is kept for a period of up to 31 days before being removed permanently.

Data related to end-users is retained whilst an authorization is active between an end-user’s calendar and one or more Integrator’s applications. When no authorizations are active against a user, their data is retained as follows.

Data typeRetention period
Third-party events30 days from termination of last authorization
Partner events90 days from termination of application authorization
Calendar account credentials30 days from termination of last authorization.
Calendar account structure90 days from termination of last authorization.
Smart Invites30 days after the end date of the event.

Data Deletion #

When data falls outside of Cronofy’s data retention periods, or when an end-user requests that their data is removed, that data is removed permanently from our infrastructure. Any associated or temporary files are also deleted. This data is subsequently impossible to recover.

Internal Records #

Internal records and policies are kept for as long as they’re needed. Once that time has passed, they are securely and permanently deleted.

Fulfilling the rights of data subjects #

Cronofy is committed to ensuring that data is kept accurate, up to date and that the rights of data subjects are enforced. Below outlines how Cronofy meets these laws.

The Right to Be Informed #

Cronofy informs data subjects via the privacy notice and end-user terms of service, which users agree to when signing up with Cronofy. If Cronofy has a request from a third party to share PII, we will notify the principal and only share the information where there is a lawful basis.

The Right of Access #

Subject access requests (SARs) are submitted via email to privacy@cronofy.com. We may request further identification to protect against data breaches. The information is provided to the data subject in JSON format. This should be provided to the data subject in a password-protected zip file, with the password shared separately.

The Right to Rectification #

When a data subject identifies an error in the data that Cronofy stores, they are instructed to notify privacy@cronofy.com. Cronofy will then validate and update the incorrect data. As part of this process, we will contact any third party (where required) to update information on behalf of the subject.

The Right to Erasure #

When Cronofy receives a deletion request from a data subject (or an integrator on behalf of a data subject), we run the information through our GDPR right to be forgotten process. This process removes the data from our systems, as well as the systems of any sub-processors. We also provide an API to customers so subjects and controllers can process the deletion of an account and associated data in line with GDPR.

The Right to Restrict Processing #

As an alternative to requesting rectification or erasure of their personal data, a user can request that Cronofy refrains from conducting particular activities with their data. Cronofy deals with such requests on a case-by-case basis. Requests are sent to privacy@cronofy.com.

The Right to Data Portability #

Cronofy would deal with such requests on a case-by-case basis. Requests are sent to privacy@cronofy.com. We would provide a copy of the user’s data in a JSON format as per The Right of Access and then remove their account and data as per The Right to Erasure.

The Right to Object #

Cronofy allows users to opt-out of direct marketing and offers Cookie management on our website. We make clear the rights of users in our Privacy Notice.

Cronofy does not conduct any automated decision-making or profiling using any of the data we store.

Facilitating Users’ Rights #

Cronofy has systems in place that ensures a timely response to user requests. Cronofy also demonstrates its readiness to comply with our Privacy Notice. We are committed to responding to all requests from data subjects within a maximum of one month.

Data breaches #

In the event that there is a data breach, Cronofy will notify regulators and affected data subjects without undue delay and within 72 hours.