All Collections
Security and Trust
Security at Aerotime
Security at Aerotime
Learn how Aerotime protects your data and provides secure access to your calendar
Dhruv Goel avatar
Written by Dhruv Goel
Updated over a week ago

SOC 2 Type II

Aerotime is SOC 2 Type II certified. Our infrastructure and payments partners all meet or exceed these strict requirements. View SOC 2 Trust Report

Security Program Highlights

Data Security
Aerotime encrypts data at rest and in transit for all customers. We use tools like Amazon Web Service’s Key Management System (KMS) to manage encryption keys using hardware security modules for maximum security in line with industry best practices.

Application Security

Aerotime uses high-quality static analysis tooling provided by GitHub Advanced Security such as Dependabot and AWS Codeguru to secure our product at every step of the development process.

Infrastructure Security

Aerotime uses Amazon Web Services to host our application. We fully use the security products embedded within the AWS ecosystem, including KMS, GuardDuty, and Inspector.

In addition, we deploy our application using containers run on AWS-managed services, meaning we typically do not manage servers or EC2 instances in production.

Bug Bounty Program

If you have found a security vulnerability or abuse risk-related issue in Aerotime and want to report it to us, please email our team at security@aerotime.com. We encourage security researchers to participate in our bug bounty program, which is meant for security researchers to responsibly find, disclose, and help us resolve security vulnerabilities.

Our program is straightforward and consists of a simple set of rules that help protect both our company and those who find bugs and security vulnerabilities. To participate, please send a short introduction to security@aerotime.com.

Out-of-Scope Vulnerabilities

When reporting vulnerabilities, please consider

(1) attack scenario/exploitability, and

(2) security impact of the bug. The following issues are generally considered out of scope:

  • Brute force attacks

  • Denial of Service attacks

  • Reports from scanners and automated tools (mainly because they are often not actionable)

Submission Template

## Summary: [add summary of the vulnerability]

## Steps To Reproduce: [add details for how we can reproduce the issue]
1. [add step]
1. [add step]
1. [add step]

## Supporting Material/References: [list any additional material (e.g. screenshots, logs, etc.)]
* [attachment / reference]

## Impact [overview of the impact in terms of what systems were involved in the bug]
Did this answer your question?