Why do we need permission to access your Google account?
When you connect Clockwise to your calendar, we ask you for permission to connect to your work Google account and authenticate that connection via Google OAuth. This means that your Clockwise account has the same industry-leading login security as your Google account.
Clockwise requests the minimum permissions needed to be able to deliver a rich calendar experience. Specifically, we request access to the following Google information:
- View calendar resources on your domain to see conference room availability
- View users on your domain to make sure that the meeting times we suggest work for all meeting attendees, not just you
- See and download your contacts to enrich your Clockwise experience with your teammates’ names and profile images.
- See, edit, share, and permanently delete all the calendars you can access using Google Calendar to see your calendar events and to move the events on your behalf.
How is user data protected?
Our user’s data security is foundational to the Clockwise product, from account creation through Google's OAuth service, to encryption of data in transit to Clockwise servers (using browser-based TLS), to a variety of administrative, physical, and technical safeguards designed to create a secure environment for our customers' data.
We work with industry-leading cloud PaaS and IaaS providers. All Clockwise applications run in a virtual private cloud hosted by AWS, including failover and backup instances. These infrastructure providers maintain industry-standard security certifications, including ISO 27001, ISO 27017, ISO 27018, SOC 1, SOC 2, SOC 3 and PCI DSS Level 1.
How does the Clockwise chrome extension interact with my computer?
Clockwise has no access to anything on your computer outside of the Chrome browser. This is a security feature of the Chrome browser that Google calls "sandboxing". You can learn more about it in this video from Google.
If you have any security related questions, or if you think you’ve identified a security vulnerability, please contact us at firstname.lastname@example.org.