Schedly Trust & Security
At Schedly, the security and privacy of customer data is our #1 priority!
Transparency is ESSENTIAL
Schedly’s first priority is to make your experience safe and secure and to ensure you have the information you need to feel comfortable with your appointment booking system. That’s why we created the Trust Center: to give you access to the latest Schedly security, compliance, legal, privacy, and system performance information, when and where you need it.
Schedly Trust & Security Protocols
PRIVACY
At Schedly we believe that you own your data, and we’re committed to keeping it private. Our privacy policy clearly describes how we handle and protect your information. On an annual basis our independent third-party auditors test our privacy related controls and provide their reports and opinions which we can then provide to you. To report an issue with privacy please submit a ticket on our Contact Us page.
Here are a few ways we protect your data:
Data Deletion/Destruction
Upon request Schedly will work to expunge all customer data and solely owned artifacts from our systems. Artifacts under legal hold or owned by multiple parties will be deleted upon completion of the legal hold process or upon deletion by the other parties at their discretion.
To initiate a data deletion / data destruction event please contact support@schedly.io
Payment Info
We process all payments through our payment provider, Stripe, and do NOT store cardholder data on our servers. Schedly is PCI compliant for payment processing.
SUB-SERVICE PROVIDERS
At least once a year, Schedly performs a review of our sub-service providers. In the event these reviews have material findings which we determine present risks to Schedly or our customers, we’ll work with the service provider to understand any potential impact to customer data and track their remediation efforts until the issue is resolved.
SECURITY INCIDENTS & REPORTING
Reporting an issue with privacy
At Schedly we believe that you own your data, and we’re committed to keeping it private. Our privacy policy clearly describes how we handle and protect your information. On an annual basis our independent third-party auditors test our privacy related controls and provide their reports and opinions which we can then provide to you.
If you need to submit a request with respect to privacy related concern please submit it to privacy@schedly.io
Reporting a potential security incident
If you need to submit a potential security incident to Schedly please provide a summary report to the Schedly Security Team as an attachment to abuse@schedly.io. The security team will evaluate the report and arrange to discuss specifics.
Reporting SPA
If you think that you’ve received a fraudulent email pretending to come from Schedly, send the email as an attachment to abuse@schedly.io and delete it.
APPLICATION SECURITY
Beyond traditional encryption
Schedly protects data in transit between our apps and our servers, and at rest. Emails are stored behind a firewall and authenticated against the sender’s session every time a request for that email is made. We enforce the use of industry best practice for the transmission of data to our platform (Transport Layer Security TLS) and data is stored in a SOC 1 Type II, SOC 2 Type I, and ISO 27001 certified data centers. Your emails are stored and encrypted at rest using AES 256-bit encryption.
Rigorous security testing
We regularly test our infrastructure and apps to identify and patch vulnerabilities. We also work with third-party specialists, industry security teams, and the security research community to keep our users and their files safe. Potential security bugs and vulnerabilities can be reported to us on the third-party service HackerOne.
DEDICATED & EXPERIENCED
At Schedly we have a dedicated Security Team with a Head of Information Security who is directly responsible for the security of Schedly products and services.
Additionally we have a formal information security program in place that leads an information and Risk Management Committee. This committee periodically meets to review security-related initiatives at the product, infrastructure, and company level.
To ensure all employees are able to champion the security of customer data we work to ensure security is embedded in our company culture from day one. Employees undergo comprehensive background checks, sign and follow a code of conduct and acceptable use policies, as well as undergo periodic security awareness training.
To ensure teams are prepared for the unexpected, Schedly performs red team testing against our employee base to ensure they are prepared to act appropriately when faced with a potential security event. In general we want to ensure we can detect physical, network, and system vulnerabilities by taking an attacker-like approach.
Get Started, It's Free - FOREVER
Get started today and give your customers the flexibility to book online 24x7 with our free appointment scheduling software. No credit card required.