Security & Compliance

Your data is in safe hands

Security is not optional at 22Calendar. End-to-end encryption, European hosting, GDPR compliance — we protect your data like our own.

SSL/TLS Encryption

All communications are encrypted in transit with TLS 1.3. Your data never travels in plain text.

Data Encrypted at Rest

Stored data is encrypted with AES-256. Even with physical access to the servers, your data remains unreadable.

Secure Authentication

Two-factor authentication (2FA) available. Sign in via Google/Microsoft OAuth for enhanced security.

EU Hosting

Your data is hosted in the European Union, in compliance with GDPR requirements.

Logs & Audit

Complete history of actions on your account. Full traceability for your compliance needs.

Daily Backups

Automatic daily backups with 30-day retention. Fast recovery in case of an incident.

GDPR Compliance

22Calendar is built to comply with the General Data Protection Regulation (GDPR).

GDPR

Compliant with the General Data Protection Regulation. DPA available on request.

Data Processor

22Calendar acts as a data processor under Article 28 of the GDPR for your prospects' data.

Right to Erasure

Complete data deletion on request, within 30 days.

Data Portability

Export your data in a structured format (JSON, CSV) at any time.

Trusted Infrastructure

Our infrastructure relies on leading cloud providers, certified for the most demanding environments.

ISO 27001 and SOC 2 Type II certified hosting
24/7 monitoring with automatic alerts
Built-in DDoS protection and WAF
99.9% uptime SLA
Multi-zone redundancy for high availability

# Status check

$ curl https://status.22calendar.com/api

{

"status": "operational",

"uptime": "99.98%",

"region": "eu-west",

"ssl": true

}

Frequently Asked Questions

Where is my data hosted?

Your data is hosted on servers located in the European Union (Germany, France). We use ISO 27001 and SOC 2 certified cloud providers.

Who has access to my data?

Only authorized members of the technical team have access to data, and only for support or maintenance purposes. All access is logged and audited.

How are API tokens secured?

API tokens are hashed with bcrypt before storage. They can be revoked at any time from your dashboard. We recommend regular token rotation.

What happens if I delete my account?

Your data is deleted within 30 days of the request, in compliance with GDPR. Backups are purged within 90 days.

Do you have a DPA (Data Processing Agreement)?

Yes, we provide a GDPR-compliant DPA on request. Contact us at contact@mirai-tech.fr to obtain it.

How do I report a vulnerability?

We take security very seriously. If you discover a vulnerability, contact us at security@22calendar.com. We commit to responding within 24 hours.

Have a security question?

Our security team is available to answer your questions and provide any necessary documentation (DPA, certifications, etc.).

security@22calendar.com Contact us