Data Management

This page sets out how Cronofy must collect, handle, and store data to meet our data protection standards, fulfill the rights of our customers, end-users and meet the requirements set out by regulators and the law.

Purpose #

This documentation ensures that Cronofy:

  • Complies with data protection law and follows best practices.
  • Protects the rights of staff, customers, end-users, and partners.
  • Is transparent about how it stores and processes individuals’ data.
  • Protects data subjects, data, and itself from the risks of a data breach.

This documentation outlines:

  • What data Cronofy is collecting.
  • How Cronofy might use data.
  • Who will be able to access and amend the information.
  • With whom Cronofy will share data, and
  • How Cronofy will notify customers of a data breach or changes to the document.

Cronofy’s commitment #

Cronofy is obliged to abide by all relevant UK and European Union legislation. Cronofy complies with the following legislation and other legislation as appropriate:

  • The Data Protection Act (2018)
  • General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679)
  • California Consumer Privacy Act (CCPA)
  • Electronic Communications Act 2000
  • Freedom of Information Act 2000
  • Human Rights Act (1998)
  • Regulation of Investigatory Powers Act 2000
  • The Computer Misuse Act (1990)
  • The Consumer Protection (Distance Selling) Regulations
  • The Consumer Protection Regulations 2000
  • The Copyright, Designs and Patents Act (1988)
  • The Data Protection (Processing of Sensitive Personal Data) Order 2000.
  • The Electronics Signatures Regulations 2002
  • The Health and Safety at Work Act (1974)
  • The Privacy and Electronic Communications Act 2011
  • The Telecommunications (Data Protection& Privacy, Direct Marketing) Regulations 1999
  • The Telecommunications (lawful Business Practice and Interception of Communications) Regulations 2000

Security and the security of data are at the forefront of everything Cronofy does. Cronofy elects to participate and agree to the highest standards defined in the following compliance programs.

  • SOC 2
  • HIPAA
  • ISO27001
  • ISO27018
  • ISO27701

Definitions #

Personal Data #

Personal Data is “information that relates to an identified or identifiable individual.”

Personally Identifiable Information (PII) is a similar, American term which relates to a subset of Personal Data. Because of this, we use the term Personal Data to use the broader of the two terms.

Personal Data covers names, phone numbers, email addresses, and other identifiers such as an IP address, a cookie identifier, or other factors.

Types of users #

Cronofy collects and manages data from various groups of people:

TypeDescription
IntegratorsOur customers who develop services using our API.
End usersPeople who authorize Cronofy’s access to their calendar, and potentially in turn grant access to an Integrator’s applications.
Data subjectsThe identified or identifiable living individual to whom personal data relates.

Event types #

We differentiate between the different types of event data according to the source of that data.

TypeDescription
Managed EventsEvents created through the Cronofy platform in an End User’s calendar.
Third Party EventsEvents originating in an end user’s calendar that are exposed to the Integrator’s application after the end-user has authorized access.
Smart InvitesCalendar invites created through the Cronofy platform.
AttachmentsFiles attached to managed events through the Cronofy platform.

Connection methods #

For a schedule to be managed on behalf of an end user, they must first authorize Cronofy’s access to their calendar. Cronofy offers two primary connection methods for end users to connect their calendars to Cronofy.

TypeDescription
Individual ConnectProvides access to a single user’s calendar.
Enterprise ConnectProvides access to an entire domain or group of users.

The data that Cronofy collects #

Data from Integrators #

Integrators are the direct customers and consumers of Cronofy’s API services. We collect data from integrators as part of providing our services to them and their customers, for example, billing information or information about events created via the Cronofy API.

Type of DataData Collected
Operational InformationName
Email address
Company name (optional)
Phone number (optional)
Application name
Application URL
Billing InformationBilling contact name
Billing contact email address
Billing contact address
Company name
Company national tax identifier

Data from end users #

When an end user authorizes Cronofy access to their calendar, an onboarding process that builds a cache of the end users calendar data is triggered.

The Cronofy calendar sync platform can optimize access to the end-users calendar server by maintaining a cache of the data. This is especially relevant in self-hosted Exchange scenarios where typical application access patterns can be detrimental to Exchange server performance. Cronofy optimizes access to only synchronize changes and store data in a manner suited to application access patterns.

Calendar account information and event data are copied and kept synchronized in the Cronofy data store to support the Integrator’s application query window. By default, this is 42 days in the past and 201 days in the future. Reduced or extended synchronization windows are supported for customers on an Emerging plan or higher and are configured per integrator application.

Calendar Account Information #

The information collected by Cronofy about a calendar account.

Type of DataData Collected
Calendar Account FieldsCredentials required to access the calendar account
Name associated with the calendar account
The email address associated with the calendar account
Time zone
Names of all calendars linked to the calendar account

Calendar data permissions #

Cronofy uses the permissions schemes provided by the calendar service providers in order to access end user calendars.

This normally provides Cronofy’s sync engine with full access to all calendar data accessible by the end user. In some cases, notably Exchange Web Services, the permission schemes used also provide access to email and contacts data. This is not accessed by the Cronofy sync engine.

Cronofy provides a permission scheme to integrators that allows them to only request the level of access required to deliver the functionality they need. For example, an integrator’s application can request only free-busy access to existing events but can write additional events to the end user’s calendar. This means that only the minimum data required transits between Cronofy and the integrator’s application.

Authorization and Credentials #

Individual Connect Authorization #

Cronofy favors the OAuth 2.0 standard for authorization wherever possible and will only store credentials if the provider does not support OAuth 2.0.

ProviderCredentials stored
GoogleOAuth token
Office 365OAuth token
Outlook.comOAuth token
Apple iCloudEmail address and an app-specific password
ExchangeEmail address and password. Optionally username if Exchange server requires it.
ZoomOAuth token
GoTo MeetingOAuth token
Indeed InterviewOAuth token

Enterprise Connect Authorization #

With Enterprise Connect authorization, only the credentials associated with the service account are stored by Cronofy. No end-user credentials are accessible or stored.

ProviderCredentials stored
GoogleOAuth token
Office 365OAuth token
Exchange (EWS Connection)Service account email address and password. Optionally username if Exchange server requires it
WebexOAuth token
ZoomOAuth token

Integrations Authorization #

The credentials stored will be as supported/required by the providers API authorization model.

ProviderCredentials stored
CammioAPI key
CustifyAPI key
EvernoteOAuth token
GreenhouseAPI key
HubspotOAuth token
LeverOAuth token
SlackOAuth token
SmartRecruitersOAuth token
SuccessFactorsAPI key
TrelloOAuth token
ZapierOAuth token
ZendeskOAuth token

Event Data #

In line with providing services, we must collect data in relation to and about calendar events.

Data sourceData collected
Managed EventsSummary
Description/body
Start and end time
Time zone where available
Recurrence rule
Category
Color
Conferencing information/URL
Location description, latitude, and longitude
Attachments (only those managed through Cronofy)

Attendees
Email address
Display name
Attendance status
Third Party EventsSummary
Description/body
Start and end time and time zone where available
Recurrence rule
Category
Color
Conferencing information/URL
Location description, latitude, and longitude

Attendees
Email address
display name
Attendance status
Smart InvitesSummary
Description/body
Start and end time and time zone where available
Recurrence rule
Category
Color
Location description, latitude, and longitude

Attendees
Email address
Display name
Attendance status

The Event data fields available varies depending on the calendar provider. This list represents the data fields that the Cronofy sync engine attempts to obtain.

How data is protected #

High availability and encryption #

Cronofy uses technologies such as Amazon Aurora for storing integrator and end user data. Data stored at rest is encrypted, as are artefacts such as automated backups, read replicas, and snapshots. All such encryption is managed through AWS Key Management Service (KMS).

All transfer of information between the Integrator’s application and the Cronofy API requires at least TLS 1.2 to encrypt data in transit.

Communication between the Cronofy calendar sync platform and the end user calendar service is protected by TLS encryption.

Data Centers #

Cronofy currently provides six Data Center options to customers. They are run as separate instances, and Personal Data is not transferred between them. This allows you to ensure Personal Data is kept within jurisdictional boundaries, e.g., the EEA.

Because of this separation, integrator accounts must be created for each instance that suits your requirements.

More information about our data centers can be found in our documentation.

Data minimization #

As part of providing a service, Cronofy must collect the data listed in this document. We will only store that data for as long as it is reasonable, in line with providing a service. The exact information that we store is listed in this document. By default, Cronofy makes every effort to ensure Personal Data is not included in logs and has short data retention policies to ensure this is the case.

Storage of data on removable media and physical media transfer #

Cronofy does not permit the storage of data on removable media and USBs are blocked using proprietary software. Cronofy does not transfer data physically due to all infrastructure being in AWS.

Access to data #

Cronofy operates a general rule of least privilege, meaning that employees only receive the access they need to perform their role and nothing more. Cronofy may access customer data in line with their responsibilities. For example, providing technical support or fulfilling obligations under GDPR. Users’ rights concerning their data are documented and shared via Cronofy’s privacy notice.

Effective Change Tracking #

Changes are synchronized into the Cronofy database using each calendar service’s most effective access pattern. These changes can then be aggregated and delivered to Integrator’s applications in a manner that is most efficient for them. A centralized cache allows us to separate these concerns and deliver optimal performance for both sides of the sync process.

Separation of data #

Development, testing, and operational environments are separated, and Personal Data is not used in development or testing.

Data Backups #

Where necessary backups are generated every 24 hours and stored in the same region as the source data. The backups are retained for seven days before they are deleted.

Data Retention #

Cronofy stores data for as long as it’s needed to provide services, or for as long as it is legally necessary.

Data stores information in relation to Integrators for the purpose of troubleshooting and billing.

Data typeRetention period
Application logsUp to 90 days
Billing recordsPermanent
Application configurationPermanent
Credit card detailsNot stored by Cronofy but handled by payment provider Stripe

Event data that falls outside the query window is kept for a period of up to 31 days before being removed permanently.

Data related to end-users is retained whilst an authorization is active between an end-user’s calendar and one or more Integrator’s applications. When no authorizations are active against a user, their data is retained as follows.

Data typeRetention period
Third-party events30 days from termination of last authorization
Managed Events90 days from termination of application authorization
Calendar account credentials30 days from termination of last authorization.
Calendar account structure90 days from termination of last authorization.
Smart Invites30 days after the end date of the event.

Data Deletion #

When data falls outside of Cronofy’s data retention periods, or when an end-user requests that their data is removed, that data is removed permanently from our infrastructure. Any associated or temporary files are also deleted. This data is subsequently impossible to recover.

Internal Records #

Internal records and policies are kept for as long as they’re needed. Once that time has passed, they are securely and permanently deleted.

Consent for processing Personal Data is gained from all users who utilize Cronofy’s services when they sign up for a Cronofy account. The type of processing, and reasons for the processing, are stored in the Privacy Notice. Consent is gathered from End Users at the point they connect their calendars when they agree to our End-User Terms of Service.

Fulfilling the rights of data subjects #

Cronofy is committed to ensuring that data is kept accurate, up to date and that the rights of data subjects are enforced. Below outlines how Cronofy meets these laws.

The Right to Be Informed #

Cronofy informs data subjects via the privacy notice and end-user terms of service, which users agree to when signing up with Cronofy. If Cronofy has a request from a third party to share Personal Data, we will notify the principal and only share the information where there is a lawful basis.

The Right of Access #

Subject access requests (SARs) are submitted via email to privacy@cronofy.com. We may request further identification to protect against data breaches. The information is provided to the data subject in JSON format. This should be provided to the data subject in a password-protected zip file, with the password shared separately.

The Right to Rectification #

When a data subject identifies an error in the data that Cronofy stores, they are instructed to notify privacy@cronofy.com. Cronofy will then validate and update the incorrect data. As part of this process, we will contact any third party (where required) to update information on behalf of the subject.

The Right to Erasure #

When Cronofy receives a deletion request from a data subject (or an integrator on behalf of a data subject), we run the information through our GDPR right to be forgotten process. This process removes the data from our systems, as well as the systems of any sub-processors. We also provide an API to customers so subjects and controllers can process the deletion of an account and associated data in line with GDPR.

The Right to Restrict Processing #

As an alternative to requesting rectification or erasure of their personal data, a user can request that Cronofy refrains from conducting particular activities with their data. Cronofy deals with such requests on a case-by-case basis. Requests are sent to privacy@cronofy.com.

The Right to Data Portability #

Cronofy would deal with such requests on a case-by-case basis. Requests are sent to privacy@cronofy.com. We would provide a copy of the user’s data in a JSON format as per The Right of Access and then remove their account and data as per The Right to Erasure.

The Right to Object #

Cronofy allows users to opt-out of direct marketing and offers Cookie management on our website. We make clear the rights of users in our Privacy Notice.

Cronofy does not conduct any automated decision-making or profiling using any of the data we store.

Facilitating Users’ Rights #

Cronofy has systems in place that ensures a timely response to user requests. Cronofy also demonstrates its readiness to comply with our Privacy Notice. We are committed to responding to all requests from data subjects within a maximum of one month.

Data breaches #

In the event that there is a data breach, Cronofy will notify regulators and affected data subjects without undue delay and within 72 hours.