Your data. Your control. Our commitment.
Military-grade encryption, zero-knowledge AI training, and transparent data practices. Building trust through security, not promises.
Compliance & Certifications
Audited security controls and processes
ETA: Q2 2025
Full EU data protection compliance
California privacy rights protected
Information security management
ETA: 2025
Healthcare compliance (BAA available)
US-EU data transfer framework
Security Infrastructure
All data encrypted at rest and in transit using military-grade encryption
Hosted on AWS with multi-region redundancy and automatic failover
Your calendar data never trains models for other users
Complete audit trail of all data access and modifications
Role-based access control with principle of least privilege
24-hour breach notification with dedicated security team
Data Protection & Privacy
Sub-Processors & Vendors
| Vendor | Purpose | Location | Compliance |
|---|---|---|---|
| Amazon Web Services | Infrastructure hosting | US/EU | SOC 2, ISO 27001, HIPAA |
| Stripe | Payment processing | US | PCI DSS Level 1, SOC 2 |
| SendGrid | Transactional email | US | SOC 2, GDPR |
| Cloudflare | CDN and DDoS protection | Global | SOC 2, GDPR |
| Datadog | Monitoring (no PII) | US | SOC 2, GDPR |
Security Best Practices
How we protect your data every day
Development Security
- • Code review on every change
- • Automated security scanning
- • Dependency vulnerability monitoring
- • Secure development lifecycle (SDLC)
Operational Security
- • 24/7 monitoring and alerting
- • Automated threat detection
- • Regular penetration testing
- • Disaster recovery drills
Employee Security
- • Background checks
- • Security training
- • Limited access principles
- • Hardware encryption required
Bug Bounty
security@vardacal.com
DPA Requests
legal@vardacal.com
Compliance Docs
compliance@vardacal.com