Security

Our Security Commitment

At Scheduler Systems, security is built into how we operate, not bolted on afterward. We regularly audit our infrastructure, review access permissions, and run automated checks to catch misconfigurations before they become risks. Every change to production goes through review, and we maintain detailed logs for all administrative actions.

Data Protection

We implement industry best practices for data protection across our entire stack. Customer schedule data, employee records, and operational information are encrypted at rest using AES-256 and in transit using TLS 1.2+. Regular automated backups are stored in separate, isolated storage to ensure recovery capability in the event of any incident.

Access Controls

Our platform enforces role-based access control so managers see only what their role requires, and administrators can audit who has access to what at any time. Service accounts follow least-privilege principles, and all human access to production infrastructure requires multi-factor authentication. Former employee access is revoked immediately upon offboarding.

Compliance

We align our security practices with established frameworks and review them regularly as the threat landscape evolves. Our infrastructure runs on Google Cloud Platform, which maintains ISO 27001, SOC 2 Type II, and GDPR compliance at the platform level. We layer our own controls on top to address the specific requirements of workforce scheduling data.