Security and Compliance

Overview

Coconut Calendar’s security is designed to protect both, your enterprise and your customers’ information. We understand the security needs surrounding SaaS applications and have implemented specific measures to monitor and protect your data. We adhere to industry-leading standards to manage our network, secure our web and client applications, and set strict policies across our organization.

Data Security and Privacy

Coconut Calendar enforces strong encryption on all data in-transit using HTTPS/SSL. Additionally, data at-rest is encrypted using industry standard AES-256 encryption.

• Strong SSL security is maintained and validated using third party tools, such as SSL Labs: https://www.ssllabs.com/ssltest/analyze.html?d=coconutcalendar.com (And we continue to maintain our A+ rating)

• Passwords are protected using strong hashes

• Backups are maintained within the secure AWS network

• Routine security updates and patches issued on servers and equipment

• Software is developed using industry standard security best practices and subject to strict quality testing and review guidelines like OWASP

• Only required data is stored to provide best-in-class appointment scheduling functionality; no additional data is requested nor stored. E.g. SMS and email functions are for notification purposes only and do not request any customer information.

 

Data Center Security

Coconut Calendar’s cloud infrastructure is housed in a secure facility monitored around the clock by dedicated staff at Amazon Web Services (AWS). AWS provides a broad set of security capabilities such as network firewalls, data encryption and monitoring tools, that we leverage. Further, our customers have the option to choose to store their data in the United States or Canada. We are notified in the event of downtime and have automated failover to guarantee 99.9% uptime. For more details on AWS Security, please visit: https://aws.amazon.com/security/.

 

Compliance

PCI

Coconut Calendar does not store any payment information nor process payments. We provide an integration with the payment platform Stripe, which is PCI compliant. Stripe is certified to PCI Service Provider Level 1. For more details on Stripe’s security, please visit: https://stripe.com/docs/security/.

 

Data Center Compliance

In addition to data center security and network security, AWS data centers provide exceptional operational security and has several certifications that its customers can leverage. Some of them include SOC 1, SOC 2, SOC 3 and ISO 27001. For more details on AWS Compliance, please visit: https://aws.amazon.com/compliance/.

Privacy Policy

Coconut Calendar mandates that employees act in accordance with security policies designed to keep all data safe.

• Sensitive data is required to be encrypted using industry-standard methods when stored on disk or transmitted over public networks

• Controls in place to access sensitive data, application data and cryptographic keys

• Two-factor authentication and strong password controls are required for administrative access to systems

• Security policies and procedures are carefully documented and reviewed on a regular basis. Documents available upon request

• Detailed incident response plans have been prepared to ensure proper protection of data in an emergency

 

If you have any questions or concerns about our security practices, please feel free to reach out to us. We’d be happy to chat on a more technical level.