Platform security & data privacy

TEAMCAL AI does not save your calendar or event data on our servers. Calendar data is pulled in real time solely to find available time slots and display upcoming meetings. We never store meeting titles, attendees, notes, or any calendar event details.

All communication between your browser and the TEAMCAL AI platform is encrypted in transit using HTTPS and Transport Layer Security (TLS SHA-256). All user account data stored in our database is encrypted at rest using AES-256 on AWS.

TEAMCAL AI supports two authentication mechanisms:

• OAuth 2.0 — industry-standard login via Google or Microsoft accounts. We never see or store your calendar provider password.
• Email & password — passwords are stored as salted hashes and never in plaintext.

Users can disconnect their calendar integration at any time from Settings → Calendar Sync. Organisation admins can enforce SSO and 2FA across their workspace.

• All browser-to-platform connections encrypted in transit using TLS SHA-256 with RSA
• All user account data encrypted at rest in AWS
• User passwords stored as salted hashes — never readable
• Credit card data handled exclusively by Stripe (PCI DSS compliant) — card numbers never touch TEAMCAL AI servers

TEAMCAL AI is hosted on AWS (Amazon Web Services) in US-East and US-West regions. AWS infrastructure is built to meet the security requirements of military, financial, and government organisations, and supports 98 security standards and compliance certifications.

All services run in isolated containers (LXC) that separate processes, memory, and file systems. Host-based firewalls restrict inter-service network access. The AWS platform continuously scans for vulnerabilities and patches underlying systems.

When you connect Google Calendar or Outlook, TEAMCAL AI accesses your calendar only when needed — to display today's meetings or to check availability before scheduling. We do not store appointment subjects, attendees, notes, or any other event content.

Google Workspace APIs are not used to develop, improve, or train any generalized AI or ML models. We do not use Outlook Active Directory data for LLM training purposes.

Identification: Automated monitoring alerts engineers to service interruptions, performance degradation, and security vulnerabilities. Users may also report issues to security@teamcalendar.ai.

Containment: Affected systems are isolated immediately. Container-based architecture makes it straightforward to replace and redeploy affected services without further escalation.

Recovery: Data is restored from clean AWS backups. Systems are monitored for recurrence. Ephemeral services are patched and redeployed, eliminating malware persistence risk.

Retrospective: Every incident is reviewed by the engineering team to improve future response and prevent recurrence. We notify affected customers within 72 hours of a confirmed breach.

PCI compliance: Credit card processing is handled exclusively by Stripe, a PCI DSS-compliant payment processor. Card data never reaches TEAMCAL AI servers.

GDPR: TEAMCAL AI makes a good-faith effort to comply with GDPR. We offer a signed Data Processing Agreement (DPA) for EU customers and treat invitees in GDPR countries as transactional contacts by default.

SOC 2 Type II: We are actively pursuing SOC 2 Type II certification. Current status and controls are available at trust.teamcal.ai.

All TEAMCAL AI employees undergo pre-employment background checks. Team members receive ongoing training on security, GDPR, and data privacy. Customer data access is limited strictly to a need-to-know basis.

All code changes undergo peer review and are tested via CI/CD pipeline before release. Post-release, application exceptions and performance metrics are continuously monitored.