Customer asked questions regarding security aspect in Cronofy
- 8x8 Meeting Sync with Calendar
Cronofy states they hold a SOC2 type 2 attestation - have you seen documents to that effect?
- All of their compliance claims are 100% legit.
Cronofy service could be hosted within the USA or Germany, could you confirm that our data within this service would be held in Germany and hence remain within the EEA?
- Coronofy requires explicitly to send in their API the datacenter we should store the data, if not by default is US.
Do you know how long data would be held by Cronofy? For instance: if Office 365 accounts are no longer in sync or a particular calendar invite is deleted, how long would data be held in the service?
- Cronofy only keeps the account association so that it could use it to query the calendar service. it does not store events, those are always realtime. For the account, as soon as the account is removed (unsynced) they will follow GDPR, to delete the data.
here is their privacy statement: https://docs.