"Any corporate technology must include network, application, and data security"
We at TimeTackle, Inc understand that how your personal information is used and shared is significant to you, and we respect your privacy. We think it is vital to limit who may view and be clear about how we utilize your personal information.
Our systems and procedures are audited and tested every year by an independent third party.
We employ TLS 1.2 for network security and Google Cloud Platform data centers ISO 27001 and SOC2 compliant. We use Google Cloud monitoring services for our code, infrastructure, and threat detection.
Data encryption in and out of transit: We utilize TLS 1.2 for encrypting in motion data and implement several security procedures to ensure that any data in transit is genuine, integral, and privatized. We also use the Google Cloud Platform for encrypting residual data as we do with Google's manufacturing services.
Annual penetration testing: We do annual penetration tests on our service to ensure that our application and infrastructure are secure. We also ensure that our code is reviewed in detail.
Policy-based on the principle of least privilege: The principle of least privilege applies to the application infrastructure, which is entirely hosted on Google Cloud and protected by a least privilege access policy. We've also set up logs to keep track of any permitted access. Furthermore, for further protection, our application architecture is isolated from our public-facing website.
You give TimeTackle access to read your calendars when you log in to TimeTackle. We can't write or change any information on your calendars because this is a read-only authorization. This permission allows you to do things like export your calendar.
If you wish to use the Google Sheets Sync function, you'll need to give your Google Drive extra limited write permission. TimeTackle now can create new files in your Google Drive with this additional permission. Only TimeTackle can read and change the files that it has produced. Any other files on your Google Drive are inaccessible to the program.
Stripe is the company that handles our payments. Stripe has achieved PCI Service Provider Level 1 certification. Using our software does not imply that you comply with HIPAA (Health Insurance Portability and Accountability Act) regulations. The account holder's responsibility to comply remains, and it is contingent on what data is gathered and how it is shared. We use Google Cloud Platform (GCP) encryption at rest techniques to secure all client data in storage and databases. Customers can define their data retention limitations at the account level.
TimeTackle does not have ISO 27001 or SOC2 certification. We are, however, entirely hosted on Google Cloud Platform (GCP), which is and has been compliant with these requirements for some years.