Security using Clockwise


Why do we need permission to access your workplace email and calendaring account?

When you connect Clockwise to your calendar, we ask you for permission to connect to your work email and calendaring account and authenticate that connection via SSO. This means that your Clockwise account has the same industry-leading login security as your Google or Microsoft account.

Clockwise requests the minimum permissions needed to be able to deliver a rich calendar experience. Specifically, we request access to the following information:

    • View calendar resources on your domain to see conference room availability
    • View users on your domain to make sure that the meeting times we suggest work for all meeting attendees, not just you
    • See and download your contacts to enrich your Clockwise experience with your teammates’ names and profile images.
    • See, edit, share, and permanently delete on all the calendars you can access using your connected calendars to see your calendar events and to move the events on your behalf.

How is user data protected?

Our user’s data security is foundational to the Clockwise product, from account creation through Google's OAuth service, to encryption of data in transit to Clockwise servers (using browser-based TLS), to a variety of administrative, physical, and technical safeguards designed to create a secure environment for our customers' data.

Our software is SOC 2 Type 2 and Privacy Shield certified, GDPR and CCPA compliant, and is built on a platform with infrastructure providers that maintain industry-standard security certifications.

We work with industry-leading cloud PaaS and IaaS providers. All Clockwise applications run in a virtual private cloud hosted by AWS, including failover and backup instances. These infrastructure providers maintain industry-standard security certifications, including ISO 27001, ISO 27017, ISO 27018, SOC 1, SOC 2, SOC 3 and PCI DSS Level 1.

How does the Clockwise extension interact with my computer?

Clockwise has no access to anything on your computer outside of the browser and connected calendaring apps. This is a security feature of the browser called "sandboxing." You can learn more about it in this video from Google. The Firefox extension works similarly.

If you have any security related questions, or if you think you’ve identified a security vulnerability, please contact us at  security@getclockwise.com.