At Teamup Calendar, we take the security and privacy of your data very seriously. This article provides information about how Teamup protects your data, and suggests some steps you can take to maintain the security of your calendar.
Working with users, groups, and links
You can grant calendar access to Teamup registered users and groups. This is generally the more secure choice for ongoing calendar access for your team, employees, volunteers, or other organizational scenario. Account-based access provides an additional level of security and administrator control. Learn more about sharing your calendar with users and groups here.
Calendar security with shareable links
Access to a Teamup Calendar can be granted via shareable link. For a more secure and organized method of calendar access, we recommend new account-based access. See here for details about working with account-based access for individual users and groups.
When calendar access via shareable link is preferred, calendar administrators can create shareable links with customized access permissions. Password protection can be enabled for shareable links. More on this below. See more about managing calendar links.
A basic level of security is built into shareable calendar links. These links are ‘secret’ and contain random strings that are virtually impossible to guess. They are also not visible to search engines.
A Teamup Calendar link with the random string is also called a capability URL. For more details about capability URLs and their security aspects please see this article.
Sharing and saving links
It is not possible to customize a calendar URL: to keep it secure, it must be random. However, there are several ways to make shareable links easily accessible, without compromising security:
- Create a Teamup user account and add all your calendar links to the calendar dashboard. User accounts are free and optional. They provide an easy way to access all your Teamup calendar links. Learn more about user accounts.
- Bookmark your calendar link in your browser.
- Add a calendar link to your browser’s default opening pages.
- Create a shortcut to your calendar link on your desktop.
- Add the calendar links to your mobile apps, which allows you to access your calendar any time, anywhere, even if you have no Internet connection. You can also use the link from within your mobile app to open your calendar on a mobile browser. See instructions for iOS or instructions for Android.
- For an easier-to-remember link for a public calendar, create a web page with a link you want, and embed your public calendar. Then share the link to the web page. Creating a QR code for the public link is another way to make access easier with a smart phone. If sharing your calendar publicly or embedding it on a webpage, use a shareable link with read-only access to prevent unauthorized changes to your calendar.
Capability URLs can be seen as a very hard to guess usernames. Together with an SSL encrypted connection and password protection, a very high level of security is achieved.
- All communication between calendar users and Teamup Calendar servers is always encrypted using the HTTP over SSL protocol. You can see this in the address bar of your browser. Old links that don’t use the HTTPS protocol will automatically be redirected to use HTTPS.
- Calendar data stored on disk is encrypted (encryption of data at rest).
- Employees of Teamup responsible for operating the service and supporting users must, by necessity, have access to calendar data that is not encrypted. All employees with access to unencrypted calendar data are committed contractually to treat calendar data with the highest confidentiality.
We have implemented high standards to prevent the loss of data:
- Calendar data is continually replicated from the main database server to two independent, remote servers. In case of an outage of the main database server, one of the remote servers will take over.
- Calendar data is backed up periodically and supports point-in-time recovery.
Teamup’s servers are hosted with premium hosting providers in Oregon (United States) and Dublin (Ireland).
Certification and compliance
- Data center is certified SOC 2 Type II.
- Payments are executed by stripe.com, a PCI Level 1 service provider.
- Teamup Data Processing Agreement provides the details of how Teamup is compliant with the General Data Protection Regulation (GDPR).
User steps to better protect calendar data
Here are some practices for calendar administrators and users that will help maintain the security and privacy of your calendar and calendar data.
- Enable user account-based access instead of shareable links if possible.
- Periodically review calendar access in Settings > Sharing. Ensure that all users and groups are still entitled to access the calendar with the assigned permissions, and all shareable links are set up with the appropriate permission levels.
- You can deactivate, modify, or delete a user or group or calendar link at anytime. See how to manage calendar links.
- If a shareable link is given to a group, and one individual should no longer have calendar access, delete the link and create a new shareable link for those who still need access. The delete option is available in Settings > Sharing. Learn more about managing calendar links.
- Work with account-based access for members of your organization. This ensures a greater level of security and control, and is easier to manage calendar administrators. If an employee leaves your organization, you can simply remove that employee from your users or groups.
- Enable password protection for shareable links.
- If you have enabled calendar users to subscribe to iCalendar feeds from your Teamup Calendar, and want to prevent a departing employee from accessing the feeds, you can either disable or delete the calendar link used to create the feeds, or enable password protection on that calendar link.
- Periodically review who has subscribed to email notifications and daily agenda emails in Settings > Notifications. The calendar administrator can subscribe or unsubscribe users if needed.
- For calendar administrators: if you created your Teamup calendar prior to September 2020, you may be accessing your calendar with an administrator link. We recommend switching to user account-based access for yourself as the administrator. Then delete the administrator link. This practice reduces the risk of accidentally sharing administration access to the calendar.
- Teamup supports the export of calendar data. This can be useful in cases where the Internet is temporarily not available. Learn how to save data to a PDF file or export calendar data.
Keywords: Data privacy, security, password protection, access control