Doodle - Security

Doodle is a globally available meeting scheduling service, integrating with calendar and contact providers. Our service facilitates meeting scheduling across different personal or work calendars while preserving user privacy and limiting access to sensitive data.

Basic Calendar Integration

Doodle only stores your email and tokens - and nothing else. Your personal data - calendar, events and availability - are never stored in our database.

Encryption and Access Control

  • All connections to Doodle are encrypted in transit using TLS SHA-256 with RSA encryption
  • All data is encrypted at rest
  • Doodle user passwords are stored as salted password hashes
  • User data such as calendar data or email provided by third party services are secured through the OAuth2 protocol and can be revoked at any time by the user
  • Access to Doodle’s API requires proprietary authentication tokens issued only by Doodle
  • We never share your calendar or contact data with third parties
  • We don’t store calendar event or contacts data provided by third-party systems

Physical Infrastructure

Doodle’s physical infrastructure is hosted and managed within Amazon Web Services (AWS). We utilize secure data centers in multiple availability zones in the EU Ireland region and leverage Amazon Elastic Compute Cloud technology. Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards.

For additional information see: https://aws.amazon.com/security.

Vulnerability Management

Doodle’s services are continuously monitored for new vulnerabilities and updated with the latest security patches. We undergo regular penetration testing from trusted external service providers.

Network Security

Our cloud infrastructure is protected by Cloudflare to ensure uninterrupted availability and ongoing defense against sophisticated internet borne threats. These features include:

  • Network firewall: access is restricted to ports, protocols and origins required for operation
  • Web Application Firewall: DDoS protection, Bot Mitigation, blocking of suspicious requests, rate limiting
  • TLS protocol >= 1.2 is enforced for communication over external networks

Security Incident Response

Any security related events or notifications we receive are promptly actioned in accordance with our Security Incident Response Plan.



Keywords:
doodle security incident response encryption physical infrastructure network 
Doc ID:
99762
Owned by:
UW-Madison Doodle in UW-Madison Doodle
Created:
2020-03-30
Updated:
2022-11-14
Sites:
DoIT Help Desk, UW-Madison Doodle