Security Policy
Last updated: January 24, 2026
Overview
This Security Policy summarizes the technical and organizational controls we apply to protect SchedulingKit services and customer data.
Details may be expanded in customer agreements, security questionnaires, and subprocessors documentation.
Infrastructure Security
We rely on reputable cloud providers with hardened configurations, encryption in transit, and monitored production environments.
- Network segmentation and least-privilege service roles where applicable
- Patching, vulnerability management, and logging for critical components
- Backups and redundancy designed to support business continuity objectives
Access Controls
Administrative access to production systems is limited, logged, and granted on a need-to-know basis with periodic review.
- Multi-factor authentication for privileged accounts
- Role-based access to customer data for support and engineering workflows
- Offboarding procedures to revoke access promptly
Incident Response
We maintain an incident response process covering detection, containment, eradication, recovery, and post-incident review.
Customers are notified of qualifying data incidents according to contractual timelines and applicable law.
Contact
Report security issues responsibly to security@schedulingkit.com; please avoid public disclosure until we can investigate.