- Customer data is managed and stored using industry-standard database technologies. All data and backups are encrypted at rest using strong cyphers (AES 256) and securely managed encryption keys. Our applications are ‘HTTPS only’ and all data in transit is encrypted using TLS 1.2 and higher.
- Our calendar integrations use secure server to server authentication protocols. Official APIs are always used to read data in real time and we only access the calendar data necessary to provide real-time availability during scheduling.
- We follow a Secure Software Development Lifecycle (SDLC) model, which incorporates security and privacy by design, throughout all phases of product development, testing, release, and post release support.
- We perform numerous automated and manual vulnerability tests both prior to, and post-release, in order to maintain a high level of product security.
- Our project managers, developers, and quality assurance testers are regularly trained on security issues, trends, defensive programming concepts, and attack surface reduction techniques including the OWASP Application Security Verification Standards.
- Our products provide advanced security tools, including two-factor authentication, account lockout, password policies, and session timeout settings, which enable you to further enhance your account security.
- We have a comprehensive information security and privacy program that defines our approach to managing security and privacy. It includes policies that address risk management, internal audit, incident management, vendor management, business continuity, and disaster recovery.
- Access to customer data is restricted to OnceHub employees who require it to fulfill their job responsibilities.
- We have dedicated security and privacy teams that manage our security and privacy programs and constantly monitor our networks to detect suspicious activity.
Infrastructure security and monitoring
- Our applications are hosted on Microsoft Azure and Amazon AWS, state-of-the-art data centers hosted in the USA. They provide the highest level of continual around the clock physical security, including biometrics, intrusion detection systems, and interior and exterior surveillance.
- We regularly update our infrastructure in accordance with recommendations provided by Microsoft and Amazon. Independent third-party security experts perform periodic penetration testing to ensure our systems are suitably hardened against potential threats.
- We use Microsoft Azure’s artificial intelligence and machine learning algorithms to protect our systems. Our log data is continuously analyzed for threats and vulnerabilities using advanced analytics. We are notified immediately if an issue is detected. This allows us to remediate vulnerabilities before they can be exploited, limit our exposure to threats, and swiftly respond to any attacks.