SOC 2 Ready • GDPR Compliant

Enterprise-Grade Security

We process calendar infrastructure for enterprise-scale organizations. Security isn't a feature; it's the foundation of our architecture.

Pass-Through Proxy Architecture

Our stateless proxy processes calendar events in memory and discards them instantly. No database. No logs. No PII storage.

Source SystemLMS / SIS / HRISTLS 1.3Lokr ProxyIn-Memory ProcessingRFC 5545 ValidationNo DatabaseNo PII StorageTLS 1.3End UsersiPhone / AndroidCalendar AppsOutlook / GoogleEnterprise ToolsTeams / Slack✓ Zero Trust ArchitectureNo data at restNo logs retainedRFC 5545 compliant

Security Principles

Encryption

  • In Transit: All data encrypted via TLS 1.3. HTTPS enforced with HSTS headers.
  • At Rest: Configuration data (feed URLs) encrypted using AES-256 via Upstash KV.
  • Key Management: Secrets managed via Vercel Environment Variables with role-based access.

Data Handling

  • Ephemeral Processing: Events parsed in memory on Vercel Edge Functions. No disk writes.
  • PII Sanitization: We actively strip ATTENDEE lists and personal identifiers before re-serialization.
  • Zero Retention: Calendar bodies are never logged, cached, or stored in any persistent layer.

Infrastructure

  • Hosting: Vercel Edge Network with global CDN. SOC 2 Type II certified infrastructure.
  • Uptime: 99.9% SLA with automatic failover and geographic redundancy.
  • Monitoring: Real-time alerting via PostHog and Vercel Analytics.

Compliance

  • RFC 5545: Full compliance with IETF iCalendar specification.
  • GDPR: Privacy-first design. No personal data retention. Right to erasure built-in.
  • SOC 2: Type I readiness compliant. Type II audit in progress.

Technical Specifications

TLS 1.3
Transport Layer Security
All connections encrypted in transit
AES-256
Advanced Encryption Standard
Configuration data at rest
RFC 5545
IETF iCalendar Standard
Full specification compliance

Data Residency

Our zero-persistence model bypasses traditional data residency requirements. Calendar events are processed in memory and discarded immediately. No database writes. No persistent storage. No data at rest.

Why This Matters

  • No GDPR data retention obligations
  • No cross-border data transfer concerns
  • No breach notification requirements for calendar data

Technical Implementation

  • Atomic request processing on Vercel Edge
  • Stateless architecture with no session persistence
  • Memory-only event parsing and validation

Security Roadmap

Current: Privacy-First Architecture

Zero-storage design, TLS 1.3 encryption, PII sanitization, GDPR compliance.

Q1

In Progress: SOC 2 Type II

Formal audit process with independent third-party assessor. Expected completion Q1 2026.

Q2

Planned: ISO 27001 Certification

International standard for information security management systems.

Secure Trial

Initialize a Zero-Persistence proxy environment with full enterprise security.

Start 14-Day Trial

Explore the Hub

Review technical standards across Higher Ed, Logistics, and Enterprise IT.

View Solutions

Platform Guides

Step-by-step remediation for Canvas, Greenhouse, Ellucian, and PeopleSoft.

View Integrations