At Teamup Calendar, we take the security and privacy of your data very seriously. This article provides information about how Teamup protects your data, and suggests some steps you can take to maintain the security of your calendar.
Calendar security with access links
A basic level of security for a Teamup Calendar is built into the calendar links that are used to access it. These links are ‘secret’ and contain random strings that are virtually impossible to guess. They are also not visible to search engines.
A Teamup Calendar link with the random string is also called a capability URL. For more details about capability URLs and their security aspects please see this article.
The only way to access a Teamup Calendar is via one of these links. No user accounts or logins are required. This access method makes Teamup Calendar unique for individual and group use. It simplifies access and sharing for groups with many members, for allowing public access, and for providing temporary calendar access.
Calendar administrators can create additional links with customized permissions. These links can then be sent to others to access the calendar in a controlled manner. It is essentially up to the calendar administrator to regulate who has access to the calendar links.
Currently it is not possible to customize a calendar link using a name that is easier to remember. However, there are several ways to make calendar links easily accessible, without customizing the name:
- Create a Teamup user account and add all your calendar links to the calendar dashboard. User accounts are free and optional. They provide an easy way to access all your Teamup calendar links. Learn more about user accounts.
- Bookmark your calendar link in your browser.
- Add a calendar link to your browser’s default opening pages.
- Create a shortcut to your calendar link on your desktop.
- Add the calendar links to your mobile apps, which allows you to access your calendar any time, anywhere, even if you have no Internet connection. You can also use the link from within your mobile app to open your calendar on a mobile browser. See instructions for iOS or instructions for Android.
- For an easier-to-remember link for a public calendar, create a web page with a link you want, and embed your public calendar. Then share the link to the web page.
Capability URLs can be seen as a very hard to guess usernames. Together with an SSL encrypted connection and password protection, a very high level of security is achieved.
- All communication between calendar users and Teamup Calendar servers is always encrypted using the HTTP over SSL protocol. You can see this in the address bar of your browser. Old links that don’t use the HTTPS protocol will automatically be redirected to use HTTPS.
- Calendar data stored on disk is encrypted (encryption of data at rest).
- Employees of Teamup responsible for operating the service and supporting users must, by necessity, have access to calendar data that is not encrypted. All employees with access to unencrypted calendar data are committed contractually to treat calendar data with the highest confidentiality.
We have implemented high standards to prevent the loss of data:
- Calendar data is continually replicated from the main database server to two independent, remote servers. In case of an outage of the main database server, one of the remote servers will take over.
- Calendar data is backed up periodically and supports point-in-time recovery.
Teamup’s servers are hosted with premium hosting providers in Oregon (United States), Dublin (Ireland), and Zurich (Switzerland).
Certification and compliance
- Data center is certified SOC 2 Type II.
- Payments are executed by stripe.com, a PCI Level 1 service provider.
- Teamup Data Processing Agreement provides the details of how Teamup is compliant with the General Data Protection Regulation (GDPR).
User steps to better protect calendar data
Here are some steps and practices for calendar administrators and users that will help maintain the security and privacy of your calendar and calendar data.
- Periodically review your calendar links in Settings > Sharing to make sure that the links are shared with users of your choice. Ensure that they are set up with the appropriate permission levels. See how to manage calendar links. You can disable, modify, or delete a calendar link at anytime.
- If an employee leaves your organization and should no longer have access to your calendar, your can simply delete the link for that employee. If that link is shared among a group of users, create a new link for those who still need access. Even administrator links can be deleted and new ones created. The delete option is available in Settings > Sharing. Learn more about managing calendar links.
- Enable password protection for your calendar links.
- If you have enabled calendar users to subscribe to iCalendar feeds from your Teamup Calendar, and want to prevent a departing employee from accessing the feeds, you can either disable or delete the calendar link that was shared with that employee previously, or enable password protection on that calendar link.
- Periodically review who has subscribed to email notifications and daily agenda emails in Settings > Notifications. The calendar administrator can subscribe or unsubscribe users if needed. Pay attention to the links from which the notification subscriptions were created. This is important as the respective links are included in the notification emails.
- For calendar administrators: We recommend using administrator links strictly for administration purposes; create separate links for day-to-day use of the calendar. This practice reduces the risk of accidentally sharing administration access to the calendar.
- Teamup supports the export of calendar data. This can be useful in cases where the Internet is temporarily not available. Learn how to save data to a PDF file or export calendar data.
- Terms of Service
- Teamup Data Processing Agreement
- How to Enable Password Protection for Calendar Links
- Access to Historical Data
- The Calendar Administrator Link Explained
Keywords: Data privacy, security, password protection, access control