The security and privacy of your data are taken very seriously at Teamup. This page provides information about how Teamup protects your data and measures you can take to make calendars secure.
CALENDAR SECURITY WITH ACCESS LINKS
A basic level of security of a Teamup Calendar is built into the calendar links that are used to access it. These links are ‘secret’ and contain random strings that are virtually impossible to guess. They are also not visible to search engines.
A Teamup Calendar link with the random string is also called a capability URL. For more details about capability URLs and their security aspects please see http://www.w3.org/TR/
The only way to access a Teamup Calendar is via one of these links. No user accounts or logins are required. This makes Teamup unique and simplifies access and sharing for many group members. Calendar administrators can create additional links and set them up with customized permissions. These links can then be sent to others to access the calendar in a controlled manner. It is essentially up to the calendar administrator to regulate who has access to the calendar links.
Currently it is not possible to customize your calendar link using a name that is easier to remember. We recommend bookmarking your calendar link in your browser. Or creating a shortcut on your desktop for easy access. Adding the links to your mobile apps allows you to access your calendar any time anywhere, even if you have no Internet connection. If you do need an easier-to-remember link for a public calendar, create a web page with a link you want, and embed your public calendar.
Capability URLs can be seen as a very hard to guess usernames. Together with an SSL encrypted connection and password protection, a very high level of security is achieved.
- All communication between calendar users and Teamup Calendar servers is always encrypted using the HTTP over SSL protocol. You can see this in the address bar of your browser. Old links that don’t use the HTTPS protocol will automatically be redirected to use HTTPS.
- Calendar data stored on disk is encrypted (encryption of data at rest).
- Employees of Teamup responsible for operating the service and supporting users have access to calendar data that is not encrypted. All employees with access to calendar data are committed contractually to treat calendar data with the highest confidentiality.
We have implemented high standards to prevent the loss of data.
- Calendar data is continually replicated from the main database server to two independent, remote servers. In case of an outage of the main database server, one of the remote servers will take over.
- Calendar data is backed up periodically and supports point-in-time recovery.
Teamup’s servers are hosted with premium hosting providers in Oregon (United States), Dublin (Ireland), and Zurich (Switzerland).
CERTIFICATION AND COMPLIANCE
- Data center is certified SOC 2 Type II
- Payments are executed by stripe.com, a PCI Level 1 service provider
- Teamup is preparing to be compliant with the General Data Protection Regulation (GDPR) by May 25, 2018, the date when GDPR becomes a requirement.
WHAT YOU CAN DO TO BETTER PROTECT YOUR CALENDAR DATA
- Periodically review your calendar links in Settings > Sharing to make sure that the links are shared with users of your choice. Ensure that they are set up with the appropriate permission levels. See how to manage calendar links.
- If an employee leaves your organization and should no longer have access to your calendar, your can simply delete the link for that employee. If that link is shared among a group of users, create a new link for those who still need access. Even administrator links can be deleted and new ones created. The delete option is available in Settings -> Sharing. Learn more about managing calendar links.
- Enable password protection for your calendar links.
- If you have enabled your users to subscribe to iCalendar feeds from your Teamup Calendar and want to prevent a departing employee from accessing the feeds, you can either disable or delete the calendar link that was shared with that employee previously, or enable password protection on that calendar link.
- Review who has subscribed to email notifications and daily agenda emails in Settings > Notifications. The calendar administrator can subscribe or unsubscribe users if needed. Pay attention to the links from which the notification subscriptions were created. This is important as the respective links are included in the notification emails.
- For calendar administrators: We recommend to use administration links strictly only for administration purposes and create separate links for the day-to-day use of the calendar. This reduces the risk of accidentally sharing administration access to the calendar.
- Teamup supports the export of calendar data. This can be useful in cases where the Internet is temporarily not available. Learn how to save data to a PDF file or export calendar data.
Keywords: Data privacy, security, password protection, access control