Security & Compliance

moCal – Security & Compliance
Effective from: 01st January 2024

moCal's Approach to Security, Privacy, and Compliance:

moCal is a comprehensive cloud-based scheduling platform that integrates seamlessly with various calendar providers to streamline meeting scheduling. Our platform is engineered to access only essential data from customers' calendars, ensuring a secure and efficient scheduling experience. At moCal, we are continuously committed to privacy, minimizing access to customer data and implementing best security practices.

Platform Privacy and Security Overview:
moCal Calendar Integrations
  • Google Calendar and Office365: moCal connects to these calendars to simplify scheduling, accessing only necessary information like event duration and availability. We don't store details of your appointments, ensuring your calendar data remains private.
  • moCal Outlook Plug-in: This integration allows moCal to check your availability without accessing personal details like meeting subjects or attendee information. All data is encrypted for secure communication and storage.
  • iCloud Calendar Integration: moCal uses iCloud credentials for integration, and we recommend users enable two-factor authentication for enhanced security.
moCal Calendar Authentication
  • We use OAuth for secure authentication with Office365 and Google Calendar, allowing users to disconnect anytime. The moCal Outlook Plug-in requires installation on customer devices for calendar reading and event scheduling.
Booking Pages
  • moCal users can customize booking pages, but we advise against collecting sensitive personal information through these pages.
Data Encryption
  • We ensure all browser connections are encrypted, and all data is encrypted at rest. Passwords are stored securely, and iCloud credentials are encrypted for added protection.
Vulnerability Management
  • moCal maintains up-to-date systems, monitors for vulnerabilities, and uses containerized services for security. Our infrastructure on the Google Cloud Platform is subject to regular internal assessments.
Incident Response Plan
  • We actively monitor for security issues, with containment measures to disconnect affected systems quickly. Data recovery is executed from clean backups, with ongoing monitoring post-recovery.
Change Management Plan
  • Our engineering team rigorously tests new releases for reliability and customer experience. Changes undergo peer review, quality assurance testing, and continuous monitoring post-release.
Employee Screening and Policies
  • moCal conducts thorough background checks on all employees. Regular training on security, GDPR, and compliance is provided to ensure staff awareness and adherence to security and privacy standards.

moCal is dedicated to providing a secure, private, and compliant scheduling platform, consistently updating our practices to meet and exceed industry standards.

moCal’s Compliance with Information Technology Act, 2000 of India:

moCal, as a leading provider of scheduling solutions, is deeply committed to ensuring the security and compliance of its services, especially in line with the Information Technology Act, 2000 of India and GDPR. This commitment not only builds trust with users but also aligns with legal standards, safeguarding both user data and operational integrity.

Data Protection and Privacy

moCal’s approach to data protection and privacy is robust and comprehensive, designed to align with the stringent requirements of the Information Technology Act, 2000. The Act emphasizes the protection of sensitive personal information, and moCal has instituted several measures to uphold these standards. These include encryption of data both in transit and at rest, regular security audits, and implementation of secure access controls. moCal's privacy policies ensure that user data is handled with utmost confidentiality and integrity, consistent with legal mandates.

Cybersecurity Measures

Understanding the evolving nature of cyber threats, moCal has implemented an array of cybersecurity measures. These include firewalls, intrusion detection systems, and regular vulnerability assessments, ensuring that the platform remains resilient against unauthorized access and cyber-attacks. moCal’s security protocols are regularly updated to respond to new challenges, ensuring compliance with the IT Act’s provisions regarding cybersecurity.

User Consent and Data Sovereignty

Compliance with the IT Act extends to how moCal obtains user consent for data processing. Users are provided with clear information regarding the nature of data collected and its intended use, ensuring informed consent. moCal also respects data sovereignty principles, ensuring that data storage and processing comply with national regulations on data localization, a key aspect of the IT Act.

Regular Compliance Audits

To maintain alignment with the IT Act, moCal undergoes regular compliance audits. These audits are conducted by independent auditors who assess moCal’s adherence to the legal requirements, ensuring that compliance is not just a one-time effort but an ongoing process. The findings from these audits are used to continually refine and improve moCal’s security and compliance strategies.

Incident Response and Reporting

In line with the IT Act’s guidelines, moCal has established a robust incident response mechanism. This ensures swift action in the event of a data breach or security incident, minimizing potential harm. In compliance with the Act’s reporting requirements, moCal maintains transparency with users and regulatory bodies about any incidents, reinforcing its commitment to accountability and trust.

Employee Training and Awareness

moCal recognizes that security and compliance are as much about people as they are about technology. Regular training programs are conducted for employees to ensure they are aware of their roles and responsibilities in upholding the IT Act’s standards. This training includes awareness of data protection laws, cybersecurity best practices, and the importance of maintaining user privacy.

End-to-End Encryption

To further bolster security, moCal employs end-to-end encryption for all communications within its platform. This measure ensures that any data transmitted by users is secure from interception or eavesdropping, aligning with the IT Act’s provisions for secure digital communication.

Grievance Redressal Mechanism

In compliance with the IT Act, moCal has in place an effective grievance redressal mechanism. Users can easily report any concerns or violations related to data privacy and security. This mechanism ensures prompt resolution of user concerns, demonstrating moCal’s commitment to user-centric service.

Future-Proof Compliance

As the digital landscape and legal frameworks evolve, so does moCal’s approach to security and compliance. The platform continuously adapts to meet the changing requirements of the IT Act and other relevant legislations, ensuring that it remains at the forefront of legal and security standards.

Conclusion

moCal’s commitment to security and compliance in accordance with the Information Technology Act, 2000, is unwavering. By implementing rigorous data protection measures, regular compliance audits, robust cybersecurity strategies, and effective user consent mechanisms, moCal not only adheres to legal requirements but also demonstrates its dedication to safeguarding user trust and ensuring a secure digital environment.

moCal’s Compliance with GDPR:

At moCal, safeguarding our users' data privacy and protection is paramount. We've consistently surpassed industry standards in this regard, emphasizing that we don't collect or process personal information beyond what's necessary for our products' functionality. This commitment is ingrained in our privacy-conscious culture and is further bolstered by the General Data Protection Regulation (GDPR).

Understanding GDPR

GDPR is a comprehensive EU privacy and data protection law that mandates the protection of EU residents' data and amplifies their control over personal data. It's not just limited to EU-based companies but applies globally to any organization handling EU residents' data. Since our users' data is vital, regardless of location, we have embraced GDPR standards globally, effective from 25th May 2018.

Defining Personal Data

Under GDPR, personal data includes any information related to an identifiable individual. This extends beyond names and email addresses to encompass financial details, political views, genetic and biometric data, IP addresses, and more, recognizing a wide spectrum of identifiable information.

moCal's GDPR Readiness

Our preparation for GDPR compliance has been multifaceted:

  1. Organizational Awareness: We've heightened GDPR awareness across moCal and trained employees in data handling, emphasizing information security.
  2. Product Assessment: Each moCal product has been evaluated against GDPR requirements, leading to new features enhancing user control over data.
  3. Information Asset Register: We've developed an IAR, detailing roles, data categories, access permissions, and process overviews for comprehensive compliance.
  4. Sub-processor Evaluation: We've reassessed third-party service providers and streamlined contracts to align with current security and privacy demands.
  5. Privacy Champions and DPO: Internal privacy champions across teams and a Data Protection Officer have been appointed to ensure ongoing compliance.
  6. Privacy by Design: Our application teams have integrated privacy into product development, offering users enhanced control over their data.
  7. Data Processing Addendum: We've updated our Data Processing Addendum to meet GDPR's data processing requirements. Administrators can request a copy at legal@mocal.ai.
  8. Data Protection Impact Assessments: DPIAs have guided the implementation of appropriate data processing controls.
  9. Internal Audits and Security Enhancements: Regular audits have led to improved data security methods, including data encryption based on sensitivity and risk.
  10. Database Management: We've refined our databases, ensuring accuracy and compliance with our Terms of Service.
  11. Breach Notification Protocol: In the event of a breach, we will notify customers within 72 hours, adhering to our Privacy Incident Response policy.
  12. Privacy Policy Revision: Our Privacy Policy has been updated to reflect the requirements of applicable privacy laws, based on our data management practices

At moCal, we are dedicated to upholding the highest standards of data privacy and security, in line with GDPR and beyond, ensuring our users' data is handled with the utmost care and respect.