Security and Compliance

At Seven Technologies we design Calenda with security, privacy, and reliability as core principles. This page summarizes how we protect your data and comply with applicable regulations such as LGPD.

Our program focuses on: (1) protecting confidentiality, integrity, and availability; (2) minimizing risk with layered technical and organizational controls; (3) aligning to industry standards and good practices (OWASP, ISO 27001 guidelines). Security is shared: we secure the platform, and you configure and use it securely.

Current availability: Calenda supports Google and Microsoft accounts today. The same security controls will apply as new providers come online.

Calenda runs on modern cloud infrastructure provided by AWS.

• Physically secure data centers managed by our hosting provider.
• Redundant network, power, and cooling at the infrastructure level.
• Segregation of production and non-production environments.
• Restricted production access limited to authorized personnel.

We rely on the certifications and controls of our provider for physical and low-level security.

• Encryption in transit. All connections use HTTPS/TLS.
• Encryption at rest. Databases and storage volumes that hold customer data are encrypted using strong mechanisms provided by our cloud infrastructure.
• Data segregation. Logical separation at application and database layers with least-privilege access between services.

Access to customer data is limited to what is necessary to operate and support the Service.

• Least privilege for employees and services.
• Strong authentication for administrative access to production systems.
• Role-based access to internal tools and data.
• Periodic access reviews and revocation when no longer needed.

We recommend customers adopt similar practices (strong passwords, MFA, role-based permissions).

• Secure development lifecycle covering design, implementation, review, and deployment.
• Dependency monitoring and updates for known vulnerabilities.
• Code reviews and automated checks before production.
• Configuration managed via version control and controlled deployments.

We monitor public security advisories and adjust practices as needed.

• Centralized logging of relevant application and infrastructure events.
• Automated monitoring with alerts for unusual conditions and key signals.
• Documented procedures to identify, triage, and respond to security incidents.

If a data incident affects your personal data, we will notify you as required by applicable law and contractual obligations.

• Regular backups of critical databases stored securely.
• Maintained and periodically validated restore procedures.
• High-availability architecture leveraging cloud features to reduce single points of failure.

Service level commitments, if applicable, are defined in your agreement or SLA.

We use carefully selected providers (e.g., hosting, email delivery, analytics, payments).

• Security and privacy due diligence before engagement.
• Data processing agreements and safeguards when processing personal data on our behalf.
• Providers receive only the minimum data necessary for their function.

A list of main sub-processors can be provided on request or in a dedicated page.

We design practices to comply with applicable data protection laws, including LGPD where it applies.

• Legal bases, transparency, and data subject rights are detailed in our Privacy and Cookies Policy.
• We support data subject requests (access, correction, deletion) as described in our privacy documentation.
• Processing roles: for most uses, Seven Technologies acts as processor on behalf of customers (controllers); we may act as controller for our own account, billing, or marketing needs.
• Data Processing Agreement (DPA) available for business customers upon request.

We review practices as laws and best practices evolve.

Customers play a key role in security and compliance. You are responsible for:

• Choosing strong passwords and protecting credentials.
• Managing user access and permissions in your organization.
• Configuring integrations and data flows securely.
• Ensuring your use of Calenda complies with laws and internal policies.
• Providing accurate information in your own privacy notices and contracts.

If you suspect unauthorized access or a security issue, contact us immediately.

For security or compliance questions, DPA requests, or assessments, contact us:

• Seven Technologies
• Email: social@seventechnologies.com or social@seventechnologies.com
• Website: https://seventechnologies.cloud

We support reasonable due diligence from customers, especially in B2B and enterprise contexts.