Security at

Your schedule is safe with us. takes customer trust and data security seriously, and we’re proud to share the processes we have in place to protect your organization.

We protect your data

An independent auditor has evaluated our product, infrastructure, and policies, and certifies that exceeds the stringent requirements expected of a cloud service. In addition, undergoes regular penetration testing. To request further information about our security protocols and audits, contact us.

About security at Icon

About security at

GDPR compliance is committed to helping our users understand their rights and our obligations under the General Data Protection Regulation (GDPR). We have introduced tools and processes to ensure our compliance with requirements imposed by the GDPR and to help our customers comply as well.
To learn more about our compliance with GDPR’s Privacy Shield Framework, please see our privacy policy.

Penetration tested to identify and patch vulnerabilities regularly undergoes penetration tests to identify potential vulnerabilities and ensure that our system employs the latest threat protection technologies.

Data encryption in transit and at rest

We employ bank-level security to encrypt your data with AES-256 SSL encryption both while in transit and upon storage in our secure cloud.

User authentication protocols

We rely on the security protocols supported by your email providers to keep you safe by validating all incoming emails using DKIM and SPF verification. This enables us to know if a message is coming from an authenticated server. Users logging into our application are protected by HTTPS secure communication sessions using SSL.

Infrastructure hosted on AWS, residing in a virtual private cloud (VPC)

The entire infrastructure is hosted on our infrastructure partner, Amazon Web Services (AWS). AWS utilizes state of the art electronic surveillance and multi-factor access control systems. The data centers are staffed 24×7 by trained security guards. The infrastructure resides in a VPC, thus limiting access.

Single sign-on (SSO via OAuth)

OAuth is used to provide an additional and separate layer of access control.

Audit logging on all database interactions provides admins with a detailed trail of account activity. System and user access to the infrastructure are logged and stored.

Employee authentication and access restrictions

All employees, contractors, and agents with access to your information are required to authenticate themselves using username, password, and multi-factor authentication (MFA). Our data collection, storage, and processing operations are guarded both physically and virtually from the outside world. Employees are rigorously vetted and access to the infrastructure and data stores are authorized based on the principle of least privilege. Individual users’ access controls are managed through a role-based, security group management system.