Platform Security

Your company's calendar data is valuable

We understand that keeping your data safe is your number one priority, and as your solutions partner, it's ours too. Click on the sections below to find out how we ensure that your data is secure and for your eyes only.

Network Architecture

UMA is a cloud-based solution, maintained by data centres that hold premier certifications such as ISO 27001 and SOC2. For further details on compliance, please explore the AWS Security and AWS Compliance articles.

UMA is a cloud-based solution, maintained by data centres that hold premier certifications such as ISO 27001 and SOC2. For further details on compliance, please explore AWS Security and AWS Compliance.

All our application servers are located in the UK, but they can be accessed from around the world via the internet.

We continually assess our service performance and employ automatic alerts to guarantee prompt responses to service disruptions. All code undergoes auditing and peer review prior to being deployed on production servers. Moreover, we stay informed about updates from the security community and promptly update our systems when security flaws are identified. In case any issues are reported, we maintain an up-to-date system status here

We frequently deploy new features, performance enhancements, and bug fixes several times a month. Although our development cycle is agile, it emphasizes a rigorous system for code quality and security. All code undergoes peer review and must pass multiple approval stages in test/staging environments before being deployed to production. Here are some key points addressing common questions:

  • Modifications are scrutinised for security and errors through comprehensive unit, integration, and static analysis tests.
  • Production data is kept separate from development environments.
  • Our internal security teams have conducted thorough evaluations for numerous public companies.

All client data is housed on AWS services, adhering to a rigorous decommissioning policy detailed at

Upon request, we will manually delete all identifiable calendar data related to your account from our database for customer-specific data. However, anonymised derivative data (e.g., “Total events scheduled on the platform this month”) will not be removed, as it cannot be traced back to the original data. Additionally, user accounts connected to your organisation can be deleted upon request. We keep backups for a period of 30 days, after which the data will become entirely irretrievable.

UMA leverages your Office365 or Google Workspace credentials to enable seamless authentication on the platform via Single Sign-On through SAML 2.0.

By employing this approach, your IT administrators gain increased control, as departing employees immediately lose access to the platform once their accounts are disabled or deleted.

We preserve automated access and security logs in various locations. All staff members must employ two-factor authentication and robust passwords distinct from other services. Access to customer data is restricted and granted solely to a select group of employees necessary for support and maintenance. Access is additionally limited to a narrow whitelist of IP addresses through VPN and necessitates public key authentication.

Employee access adheres to the principle of least privilege, and access permissions are evaluated every three months.

Upon buying a subscription online, we ensure that your credit card information is not kept on our servers. We rely on Stripe, which is PCI-Compliant, for this purpose.

You can access a copy of their security practices here

Client data is secured with encryption both while in transit and at rest. All connections to UMA’s services utilise encryption and are provided through SSL/TLS 1.2+. The service can only be accessed via HTTPS. Certificate verification is performed on both sides using third-party authorities. Data remains encrypted throughout the entire process.

Both application and client data are redundantly stored across multiple availability zones within Amazon’s data centres, ensuring backups are readily available for prompt recovery.

After linking an external calendar account to UMA, our cloud service initiates the synchronisation process with the specified room calendars. As a result, a portion of your calendar events and their respective details are stored within the UMA cloud.

To maintain consistency, UMA will keep this data synchronised with your calendar system. Events scheduled through UMA will also have their data synced back to your calendar service. The event details that are synced include:

  • Organiser
  • Attendees
  • Title
  • Description
  • Start and end times
  • Location (e.g., “Oval Office”)

Please note that we do not store event attachments.

All employees are governed by documented strict security policies covering acceptable use, customer data, and encryption standards. If you would like to request a copy of these policies, please contact your account manager.

If a security breach occurs, our team will quickly inform you about any unauthorized access to your data. In case your security team requires supplementary logs to investigate an incident impacting your organization, our security team will collaborate and responsibly grant access as necessary.

Protecting your private data is of utmost importance to us, and we prioritise it as a significant measure of success. For a detailed account, please refer to our privacy policy.