TABLE OF CONTENTS


If a company wishes to connect Microsoft Exchange to Calenso, it must provide a server URL, a username, a password and optionally an impersonation address. This raises the question of what happens to this information and how secure it is stored in Calenso.


Encryption


Since Calenso version 4.7.0, Calenso offers the possibility to store Exchange data in encrypted form in the database. This encryption is based on AES-256, which means that it is not visible to the limited number of Calenso database administrators. Encryption is necessary because Microsoft Exchange does not support app-specific passwords (like Apple iCloud) or uses OAuth 2 (like Google Calendar or Microsoft Office 365) where no password is required. In addition to the database encryption, the data is transferred to the backend via an HTTPS connection and is therefore not visible to others. All existing entries in the database are encrypted afterwards. If possible, it is recommended to use a modern calendar (e.g. Microsoft Office 365), which uses the modern authentication standard OAuth 2.


How does Calenso access the Exchange calendars?


Calenso accesses the Exchange calendar directly via its own calendar layer using SOAP. Unlike some of its competitors, Calenso does not use an external layer (e.g. Cronofy) which routes the data via the USA.


What data is stored on the Calenso servers?


Calenso does not store appointment data on its own servers. Every time an appointment is booked, the Exchange API is queried and analysed in real time. The service is only interested in the start and end time of an appointment and its status (busy, free). When synchronisation is activated, Calenso writes the newly booked customer appointment to the relevant Exchange calendar. An entry is also made in the Calenso database, with the reference to the external appointment in the Exchange calendar (in the form of its ID). The title and description are again AES-256 encrypted.


Calenso offers the possibility to view all appointments in a simple online calendar. The appointments are queried in real time and the title and description are displayed. These data are not stored anywhere either.


Where does Calenso store its data?


Calenso stores its data at Nine Internet Solutions AG in Zurich (City of Zurich and Rümlang). 


Requirements for encryption


AES-256 encryption is enabled by default for corporate customers. All data of non-corporate customers are stored as normal strings in the database.