Security

Last Updated: April 17, 2026

This page describes the technical and organizational measures CozyCal uses to protect Customer data, and serves as the information CozyCal makes available to demonstrate compliance with Article 28(3)(h) of the GDPR where applicable.

Infrastructure

CozyCal runs on virtual servers hosted at DigitalOcean, fronted by Cloudflare. Cloudflare provides DDoS protection, TLS termination, and edge routing. Our hosting and network providers maintain independent security certifications (such as SOC 2 and ISO 27001); CozyCal itself does not hold these certifications.

Encryption

  • In transit. Connections to the Service are encrypted using TLS.
  • Passwords. User passwords are salted and hashed; plaintext passwords are never stored.

Authentication

CozyCal supports sign-in via email and password, or via Google or Microsoft OAuth.

Guests access their bookings via a unique, unguessable link delivered to their email. Anyone with the link can view or cancel that booking, so treat these links as sensitive when forwarding.

Calendar access

When you connect Google Calendar or Microsoft 365, CozyCal requests read/write access to your calendar (and, for Microsoft 365, read/write access to contacts). We read event start/end times and details to detect scheduling conflicts, and we create events for bookings made through the Service. Event contents are not displayed to invitees and are not used for advertising.

Access controls

Access to production systems is limited to authorized personnel and trusted service providers acting on our behalf to operate or support the Service.

Backups

CozyCal takes regular backups, encrypted at rest and stored with a third-party backup provider.

Sub-processors

See www.cozycal.com/subprocessors for the current list.

Incident response

If CozyCal confirms a security incident affecting Customer Personal Data, we notify affected Customers as described in the Data Processing Agreement.

Responsible disclosure

Email support@cozycal.com with any suspected vulnerability. We work in good faith with reporters to confirm and remediate issues. CozyCal does not operate a paid bug-bounty program.

Questions

support@cozycal.com

Company
Our StoryPrivacy PolicyTerms of ServiceGDPRSecurityFollow us on X
Features
OverviewTeam SchedulingResource BookingWhite-label BookingRound Robin SchedulingEvent RequestsPackage BookingPaymentsBooking PluginIntegrations
Resources
PricingKnowledge BaseBlogCustomer StoriesFeature RoadmapChangelog
Industries
EducationEventsFitnessHealthcareProfessional ServicesVenueWellnessOther Services
Compare
Acuity Scheduling AlternativeCalendly AlternativeClio Grow AlternativeGoogle Calendar Scheduler AlternativeSetmore AlternativeSimplyBook.me AlternativeYouCanBook.me Alternative
 © CozyCal Scheduling Inc. 2026
Built in Vancouver, Canada. Delivered worldwide.