enterprise-grade security

Your meetings, your data

Let’s keep it that way. With enterprise-grade security and regular third-party audits, all your information is protected.
SOC 2 Type II (ISAE-3000), SOC 3, GDPR, CCPA–The leading standards,
reports, and requirements are all covered so your data is protected.
Trusted by brands that know their stuff

More security, less stress

GoodTime operates a comprehensive information security program designed to protect user information and maintain data security.
  • Data Encryption

    All customer data is encrypted at rest and in transit with secure protocols. All backups are encrypted as well.

  • Data Privacy

    We only collect and process the information you provide us—and you own all of it.

  • Data Security

    Data is logically separated, with your data hosted in our secure database, tightly controlled and limited only to need-to-know access.

  • Data Ownership

    Your data belongs to you. If your contract expires, you’ll have 30 days to export all data.

  • Physical Security

    GoodTime is hosted on Heroku and AWS. That means robust physical data center security and environmental controls.

  • Security & Privacy Training

    All GoodTime employees are required to complete privacy and security training upon hire and annually thereafter.

  • Reporting Requirements

    Data security incidents must be reported to our security team immediately. If affected, you’ll be notified within 72 hours. A copy of the incident report will be available on request.

  • Disaster Recovery

    We regularly back up your data, have defined RTO and RPO, and test backups on a frequent basis.

  • EU-Based Data Hosting Options

    We offer our customers the option to have their data stored and processed on servers in the European Union, ensuring compliance with the highest standards of European data privacy regulations.

Decoding "Enterprise-Grade Security"

11 questions to help you assess and understand any HR tech provider’s data security

Want documentation? We’ve got you covered.

Get all the nitty-gritty details with these downloadable reports.
Security Overview Document
GDPR, CCPA, Privacy, and GoodTime Document
SOC 3 Report
GoodTime Hire Pen Test Certificate
GoodTime Meet Pen Test Certificate
GoodTime API Pen Test Certificate
SOC 2 Type II (ISAE-3000) Report

NDA Required

HIPAA/HITECH Type 1 Report

NDA Required

CAIQ Full Industry-Standard Questionnaire

NDA Required

CAIQ Lite Industry-Standard Questionnaire

NDA Required

SIG Lite Industry-Standard Questionnaire

NDA Required


Just in case you need them…

Here are a few more resources that might come in handy.

Sub-Processors and Third-Parties

View our sub-processors and subscribe to our RSS feed to get notified of any changes to third-parties, sub-processors, or vendors.

Privacy Policy

View our full privacy policy to get all the details you need.

Uptime Status

Get real-time status updates on uptime, integrations, incidents, and more.

See something? Say something.

We’re here to respond to any security concerns you have.

For Customers

Found a bug? Let your account manager know and we’ll have a prompt response for you.

For Anyone Else

If you see something off within our applications, please contact us at security@goodtime.io. The following details are always helpful: OS, browser, URL, steps to reproduce, expected result, actual result, screenshots, and any additional notes.

Simplify scheduling for all your meetings—for free