Security Compliance and Certifications

GDPR Compliance 

Vimcal prioritizes data privacy and is fully compliant with the General Data Protection Regulation (GDPR). We are dedicated to ensuring the protection and privacy of our users' personal information, granting them the right to access, correct, delete, and limit the processing of their data.

SOC 2 Type II

Vimcal is compliant with the stringent requirements of Service Organization Control (SOC) 2, Type II. This certification ensures that Vimcal maintains the highest standard of security and confidentiality in managing client data. Our systems and processes are subject to regular audits to uphold the integrity, confidentiality, and availability of client information.

ISO 27001 Certification

We are currently in the final stages of obtaining the ISO 27001 certification. With this, Vimcal demonstrates its commitment to maintaining a comprehensive information security management system (ISMS). This certification assures a systematic and ongoing approach to managing sensitive company and customer information securely.

Vimcal Security Overview

Vimcal is committed to delivering leading-edge calendar and scheduling solutions for enterprises around the world, with a foundational emphasis on security and privacy. We take the responsibility of helping you manage your customer data seriously. That’s why we’ve taken a security and privacy first approach to everything we do.

Security Compliance and Certifications

SOC 2 Type II
Vimcal is compliant with the stringent requirements of Service Organization Control (SOC) 2,Type II. This certification ensures that Vimcal maintains the highest standard of security andconfidentiality in managing client data. Our systems and processes are subject to regular auditsto uphold the integrity, confidentiality, and availability of client information.
GDPR Compliance
Vimcal prioritizes data privacy and is fully compliant with the General Data Protection Regulation(GDPR). We are dedicated to ensuring the protection and privacy of our users' personal information, granting them the right to access, correct, delete, and limit the processing of theirdata.
ISO 27001 Certification
Vimcal prioritizes data privacy and is fully compliant with the General Data Protection Regulation(GDPR). We are dedicated to ensuring the protection and privacy of our users' personal information, granting them the right to access, correct, delete, and limit the processing of their data.

Security Features

Data Encryption: Vimcal employs AES-256 encryption for data at rest and TLS 1.2+ for data intransit, ensuring all data is encrypted using industry-standard protocols.
Access Control: Strict access control policies and procedures are in place at Vimcal to ensureonly authorized personnel access sensitive data. Two-factor authentication (2FA) is mandated for all users on our platform.
Regular Audits and Penetration Testing: Vimcal's systems are rigorously audited and subjected to penetration testing by reputable third-party security firms, aimed at identifying and mitigating vulnerabilities.
Availability: Our backup and replication program ensures data availability across primary and secondary systems. The Disaster Recovery program ensures that services remain available or are recoverable in case of disaster.
Internal Controls: All employees undergo background checks and are subject to ongoing background checks throughout their employment.
Policies and Training: A comprehensive set of security policies and trainings are made available and shared with all personnel with access to Persona systems.
Secure Development: We implement coding best practices focused on the OWASP Top Ten. Development, testing, and production environments are separated. All code changes are peer reviewed and tested prior to deployment into production.
Data Center Security: Our infrastructure is hosted in secure, compliant data centers with constant surveillance, biometric access controls, and environmental protections, ensuring high availability and service continuity.

Calendar Data

Vimcal practices Data Minimization when it comes to processing calendar data. We treat our providers — Google and Microsoft — as the sources of truth for any calendar or event data.

That means we rely on the providers to store and update aforementioned data rather than storing duplicates in our databases. When using Vimcal, a user’s calendar data is fetched directly from the providers, as opposed to from our servers, and stored on the client’s device. Once the user logs out, all that data will be wiped from the client.

As Vimcal is a UI on top of the Outlook Calendar and Google Calendar APIs, we may store certain data in our databases as it pertains to features specific to Vimcal that are not found in the providers’ APIs. These may require storing some minimal amounts of event metadata purely for identification purposes.

We practice routine deletion of irrelevant data, as well as deletion upon request in accordance with GDPR laws.

Privacy and Compliance

Data Processing Agreements (DPAs): Vimcal signs DPAs with all clients, affirming our commitment to GDPR compliance and detailing our personal data protection measures.

Privacy Policy: Our privacy policy (www.vimcal.com/privacy) transparently explains the collection, use, and protection of user data, adhering to GDPR requirements and valuing user privacy.

Conclusion

Vimcal recognizes the critical importance of security and privacy for our enterprise clients. Our adherence to SOC 2, GDPR, and ISO 27001 standards reflects our deep commitment to data protection and security. Vimcal is devoted to offering a secure, dependable, and compliant calendar and scheduling platform, allowing our clients to concentrate on their core business activities with confidence.

For more information or to discuss how Vimcal can meet your enterprise security needs, please contact us at [email protected]