Exchange integration security and privacy

We hold ourselves accountable to the highest security and privacy standards. The Exchange integration adheres to the strictest privacy and security policies.

 
  • Connection technology – The integration is based on EWS (Exchange Web Services) – a well-established and official Microsoft protocol. Our Exchange connection follows best practices and widely accepted guidelines.
  • Exchange server security – Your Exchange mail server must have a valid certificate, signed by a Certificate Authority. Self-signed, invalid, expired or missing certificates are not supported to maintain the strictest security. To verify the certificate validity, log into your mail account in the browser, and look for a green padlock icon next to the URL.
  • Your credentials – Are stored encrypted with AES-256 (Advanced Encryption Standard) – the industry standard in data encryption. AES has been adopted by the U.S. government and is now used worldwide.
  • Data transfer – Authentication and all data are transferred using HTTPS only, and with the highest security supported by your Exchange server. All protocols use what is known as an 'asymmetric' Public Key Infrastructure (PKI) system.
  • Real-time event retrieval – Calendar events are retrieved from your calendar in real time and are not stored on ScheduleOnce servers.
  • Team member privacy – Other Users within your ScheduleOnce account see only your free/busy pattern, with no event details. The integration uses the permissions Users already have when viewing calendars, or lower, so no new information will be accessible to them.
  • Customers only see available slots – Your calendar information is always kept private, and calendar appointments and free/busy patterns are never revealed to customers. Customers choose among slots offered to them, unaware of any business rules you may have in place.
See our Trust Center for more information about our trust pillars: transparency, security, privacy, availability and compliance.

Rate this article