Security at ScheduleOnce

ScheduleOnce is a vendor you can trust. Customer trust is earned via the transparency we provide through four guiding principles: Security, Availability, Privacy and Compliance (the ScheduleOnce pillars of trust). By exposing the processes and measures we take to protect your data, we hold ourselves accountable to the highest level. At ScheduleOnce, trust is an ongoing effort to continually evolve, learn and improve in the ever changing security landscape.

We understand that even with the best intentions, security vulnerabilities can exist. We take a multi-tiered approach to reduce the likelihood of a breach, and minimize our exposure to the risks. Through tight controls, good training and secure development we provide the assurance you need to entrust us with your data.

Note: This article describes security processes and features in our application. To learn about all our security processes, visit the ScheduleOnce Trust Center

Application security processes and controls

Application security is a core component of the Security Trust pillar. At ScheduleOnce, we consider the security of your data at every stage of the development lifecycle. From concept and design stages, to implementation and testing, we make sure that our application keeps your data private and protected.  

Privacy and security impact assessments
New features are reviewed by our security manager and executive management. They are assessed for their potential impact on privacy and security. We make sure that settings that potentially expose your data are kept private by default.

Secure development best practices
We work with an experienced development team that is regularly trained on security best practices. We follow OWASP guidelines to ensure we develop secure applications.

Security QA and testing
We take a multi layered approach to testing. Developers perform peer reviews, our QA team performs vulnerability scans and an external team perform periodic penetration testing on the application and infrastructure.

Application security features

As part of our application security we’ve delivered various security features to meet the requirements of our customers.

Account security
ScheduleOnce allows you to enforce organizational information security policies through account level security features. You can enforce password policies, account lockout and session timeout duration.

Third party integrations security
We understand that third-party systems contain sensitive data you need to protect. Where possible, ScheduleOnce integrations use secure authentication methods such as OAuth 2.0 and data is encrypted at rest using AES with 256 bit keys. Learn more about how we secure calendar connections and data at our Trust center

Booking page security
The Booking page is a key junction in the data flow into your ScheduleOnce account. The Booking form automatically operates in a private mode when stored customer data from a database is used to pre-populate the booking. Users are always required to sign-in to download secure attachments. Learn more about Booking page security

Our security roadmap is continually evolving. If your organization requires a specific security feature or you have questions regarding security, please send an email to 

Rate this article