Securely syncing millions of events
We are proud that over the years, we have securely and reliably synchronized millions of calendar events, helping professionals and companies reflect their availability across all their calendars.
Sync Success Rate
99.9%
Syncs Executed
40Million
Events Synced
500+Million
Saved Time
925Months
You are in good company. OneCal is trusted by thousands of users from organizations like
What measures do we take to ensure your privacy?
OneCal follows the highest security standards to give users peace of mind that their calendar information is secure and not being used for any purpose other than syncing their calendars.
No data stored, analyzed or sold
We don't store any calendar event data. We don't analyze any event data. We don't sell or monetize any data.
Secure Access to your Calendars
OneCal connects to your calendars using secure OAuth2 connections such that we never see or store passwords. You can revoke the access at any time.
Minimum Permissions Required
OneCal only requests read and write access to your calendars for the purpose of synchronising your calendars. We don't have access to your files, event attachments, email, or any non-calendar features.
Data encrypted in transit and at rest
The data that we store to perform the app's functionality is encrypted in transit and at rest. Everything runs on AWS inside a private VPC, so it isn't open to the public internet.
Secure and Scalable Infrastructure
OneCal is hosted on AWS, the leading cloud infrastructure provider, and leverages all of AWS's security, privacy, and redundancy features. Our infrastructure is extremely scalable, leaving no room for downtime.
Protected from Attacks
Our application has a web application firewall, we've setup several Distributed Denial of Service (DDoS) Protections, strict rate limiting and we do regular vulnerability scanning to make sure the platform stays secure.
Strict Data Access Controls
We enforce strict access controls using role-based permissions and AWS IAM to ensure only authorized users and services can access sensitive data.
Monitoring and Auditing
We regularly perform automated security audits and monitor logs to detect unusual activity.
Vendor Risk Assessment and Management
Before we choose any third-party provider, we carefully check their reputation, track record, data-protection practices, security documents, and other key factors to make sure they meet our security standards.
What permissions do we need?
OneCal will only request the minimal permissions required for us to perform necessary actions for the services we provide. We will not ask for permission to access things like contacts in your organization or other users' calendars.
We use OAuth2 to authenticate with user's account and to access calendar resources. This means that the user and the organization can revoke access to our app at any time.
Outlook Calendar
The following permissions are required for specific actions:
openid, email, profile
: These permissions are needed for OAuth2 authorization and to retrieve basic information about the account.offline_access
: This permission is needed for our Sync service to continue working in the background even if the user isn't actively using the app. This ensures that the calendars are up to date at all times.Calendars.ReadWrite
: Read permission is required to read events from the calendar, either to sync them to another calendar, to read availability for a booking link, or to display events in the calendar view. The Write permission is needed to create events from other calendars during a sync, create events when someone books a meeting, or perform actions from the calendar view.User.Read
: Some types of Microsoft accounts do not have a primary profile or email address associated with them. In these cases, we need to read this information from the User object to get the email address associated with the account.
Google Calendar
The following permissions are required for specific actions:
openid, email, profile
: These permissions are needed for OAuth2 authorization and to retrieve basic information about the account./auth/calendar.calendarlist
: This permission enables us to retrieve the list of calendars in your Google Account, allowing you to select which ones to connect to OneCal./auth/calendar.events
: Read permission is required to read events from the calendar, either to sync them to another calendar, to read availability for a booking link, or to display events in the calendar view. The Write permission is needed to create events from other calendars during a sync, create events when someone books a meeting, or perform actions from the calendar view./auth/calendar.readonly
: This permission allows us to get a calendar by ID.
Technical Details
Data Centers
OneCal is hosted and managed within Amazon's secure data centers and we take advantage of all of AWS's security, privacy, and redundancy features. AWS continually monitors its data centers for risk and undergoes assessments to ensure compliance with industry standards. Amazon's data center operations have been accredited under:
- ISO 27001
- SOC 1
- SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II)
- PCI Level 1
- FISMA Moderate
- Sarbanes-Oxley (SOX)
Physical Security
OneCal utilizes ISO 27001 and FISMA certified data centers managed by Amazon. Amazon has many years of experience in designing, constructing, and operating large-scale data centers. This experience has been applied to the AWS platform and infrastructure. AWS data centers are housed in nondescript facilities, and critical facilities have extensive setback and military grade perimeter control berms as well as other natural boundary protection. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, state of the art intrusion detection systems, and other electronic means. Authorized staff must pass two-factor authentication no fewer than three times to access data center floors. All visitors and contractors are required to present identification and are signed in and continually escorted by authorized staff.
Amazon only provides data center access and information to employees who have a legitimate business need for such privileges. When an employee no longer has a business need for these privileges, his or her access is immediately revoked, even if they continue to be an employee of Amazon or Amazon Web Services. All physical and electronic access to data centers by Amazon employees is logged and audited routinely.
System Security
Security within Amazon EC2 is provided on multiple levels: The operating system (OS) of the host system, the virtual instance operating system or guest OS, a stateful firewall and signed API calls. Each of these items builds on the capabilities of the others. The goal is to ensure that data contained within Amazon EC2 cannot be intercepted by non-authorized systems or users and that Amazon EC2 instances themselves are as secure as possible without sacrificing the flexibility in configuration that customers demand.
OneCal maintains current security patches for all of its systems within AWS and actively monitors systems for breaches, network and performance issues.
Server Access
OneCal employs Amazon EC2's firewall technology to block all traffic directly to servers storing customer sites. Only front-end proxy servers are exposed directly to the Internet. All server access is managed through an intermediary, and strong cryptographic keys are used to gain access at all levels.
Data Encryption
All data that passes through OneCal is encrypted at rest and in transit.
Data Security FAQ
Ready to sync your Calendars?
Reflecting your availability across multiple calendars is tedious and time-consuming. OneCal was created with a mission to give peace of mind to calendar users.