Your company's calendar data is valuable
Platform security
We understand that keeping your data safe is your number one priority, and as your solutions partner, it's ours too. Click on the sections below to find out how we ensure that your data is secure and for your eyes only.
ask UMA cloud
Network architecture
ask UMA is a cloud-based solution, maintained by data centres that hold premier certifications such as ISO 27001 and SOC2. For further details on compliance, please explore the AWS Security and AWS Compliance articles.
- ISO 27001 and SOC2
- AWS Compliance
Network architecture FAQs
We understand that keeping your data safe is your number one priority, and as your solutions partner, it's ours too.
Click on the FAQ sections below to find out how we ensure that your data is secure and for your eyes only.
ask UMA is a cloud-based solution, maintained by data centres that hold premier certifications such as ISO 27001 and SOC2. For further details on compliance, please explore AWS Security and AWS Compliance.
All our application servers are located in the UK, but they can be accessed from around the world via the internet.
We continually assess our service performance and employ automatic alerts to guarantee prompt responses to service disruptions. All code undergoes auditing and peer review prior to being deployed on production servers. Moreover, we stay informed about updates from the security community and promptly update our systems when security flaws are identified. In case any issues are reported, we maintain an up-to-date system status here
We frequently deploy new features, performance enhancements, and bug fixes several times a month. Although our development cycle is agile, it emphasizes a rigorous system for code quality and security. All code undergoes peer review and must pass multiple approval stages in test/staging environments before being deployed to production. Here are some key points addressing common questions:
Modifications are scrutinised for security and errors through comprehensive unit, integration, and static analysis tests.
Production data is kept separate from development environments.
Our internal security teams have conducted thorough evaluations for numerous public companies.
All client data is housed on AWS services, adhering to a rigorous decommissioning policy detailed at https://aws.amazon.com/compliance/data-center/data-layer/
Upon request, we will manually delete all identifiable calendar data related to your account from our database for customer-specific data. However, anonymised derivative data (e.g., “Total events scheduled on the platform this month”) will not be removed, as it cannot be traced back to the original data. We keep backups for a period of 30 days, after which the data will become entirely irretrievable.
ask UMA leverages your Office365 or Google Workspace credentials to enable seamless authentication on the platform via Single Sign-On through SAML 2.0.
By employing this approach, your IT administrators gain increased control, as departing employees immediately lose access to the platform once their accounts are disabled or deleted.
We preserve automated access and security logs in various locations. All staff members must employ two-factor authentication and robust passwords distinct from other services. Access to customer data is restricted and granted solely to a select group of employees necessary for support and maintenance. Access is additionally limited to a narrow whitelist of IP addresses through VPN and necessitates public key authentication.
Employee access adheres to the principle of least privilege, and access permissions are evaluated every three months.
Client data is secured with encryption both while in transit and at rest. All connections to ask UMA’s services utilise encryption and are provided through SSL/TLS 1.2+. The service can only be accessed via HTTPS. Certificate verification is performed on both sides using third-party authorities. Data remains encrypted throughout the entire process.
Both application and client data are redundantly stored across multiple availability zones within Amazon’s data centres, ensuring backups are readily available for prompt recovery.
After linking an external calendar account to ask UMA, our cloud service initiates the synchronisation process with the specified room calendars. As a result, a portion of your calendar events and their respective details are stored within the ask UMA cloud.
To maintain consistency, UMA will keep this data synchronised with your calendar system. Events scheduled through UMA will also have their data synced back to your calendar service. The event details that are synced include:
Organiser
- Attendees
- Title
- Description
- Start and end times
- Location (e.g., “Oval Office”)
Please note that we do not store event attachments.
Data
In accordance with our commitment to protect your privacy and manage your data responsibly, we will retain the personal and operational data collected through our services only for as long as necessary to fulfil the purposes outlined in this agreement, or as required by applicable law. All data will be securely deleted from our systems every three years, unless a shorter retention period is applicable. Additionally, upon the termination of your contract with us, we will delete all your data in full, ensuring that no residual copies remain in our backups or storage systems beyond a period necessary for the deletion process. This policy is designed to ensure compliance with data protection regulations and to safeguard your information against unauthorised access or use.
All employees are governed by documented strict security policies covering acceptable use, customer data, and encryption standards. If you would like to request a copy of these policies, please contact your account manager.
If a security breach occurs, our team will quickly inform you about any unauthorised access to your data. In case your security team requires supplementary logs to investigate an incident impacting your organisation, our security team will collaborate and responsibly grant access as necessary.
Protecting your private data is of utmost importance to us, and we prioritise it as a significant measure of success. For a detailed account, please refer to our privacy policy.