Built on the engine 128 enterprises trust since 2020. SOC 2 Type II audit in progress, Q4 2026.
AES-256 at rest, TLS 1.3 in transit. Encryption keys managed via AWS KMS.
SOC 2 Type II in progress, Q4 2026. GDPR-compliant. HIPAA BAA available.
Customer data isolated by tenant. EU data residency available. Zero calendar event content stored.
OAuth-based authentication. No passwords stored. Revocable any time from your admin console.
Where we are with formal certifications, what's available now, and what's available on request.
| Framework | Status | Available |
|---|---|---|
| SOC 2 Type II | Audit in progress, Q4 2026 | Type I report and pre-audit questionnaire available now |
| GDPR | Compliant | DPA available for immediate download (no sign-in required) |
| HIPAA | BAA available for healthcare customers | BAA available on request |
| EU Standard Contractual Clauses | Module 2 (Controller to Processor) implementing EU Decision 2021/914/EU | Automatically included with DPA for EU customers |
| Penetration testing | Annual third-party tests | Summary available under NDA |
Where data lives, how long we keep it, and who else touches it.
Customer data is hosted on AWS, US-East primary region. EU data residency available for European customers on request. Customer data is isolated by tenant; we cannot read across customer boundaries.
Active scheduling data retained for the duration of your subscription. Audit logs retained for 12 months. On termination, all customer data is deleted within 30 days unless a longer retention period is contractually required.
AWS (hosting and storage), Stripe (subscription billing), and Anthropic (Claude API for natural language understanding). Full sub-processor list available on request at security@meetanci.com.
Authentication is OAuth-based. We never see, store, or transmit user passwords. Access is granted by your IT administrator and can be revoked at any time from your standard admin console.
Most legal and compliance documents are available for immediate download. No sign-in, no sales conversation required.
GDPR-compliant DPA defining how we process personal data on your behalf. Required for EU customers. Covers controller/processor roles, sub-processors, and data subject rights.
Download PDF →Pre-filled answers to 44 standard enterprise IT security questions. SIG Lite / CAIQ format. Covers governance, data handling, security controls, infrastructure, compliance, third-party risk, and access management.
Download PDF →Defines exactly what data we store, for how long, and how it is deleted. Confirms calendar event content is never stored. Covers erasure requests and deletion certification.
Download PDF →Technical reference for IT administrators: exact OAuth scopes, what we access and what we don't, step-by-step approval and revocation instructions for Google Workspace and Microsoft 365.
View setup guide →Real-time security posture, certifications, and compliance status. Hosted at trust.teamcal.ai (ANCI is operated by Calndr Inc., the same legal entity that operates TEAMCAL AI).
Visit Trust Center →MSA, 99.9% uptime SLA, HIPAA Business Associate Agreement, and EU Standard Contractual Clauses are available on request. We respond within one business day.
Request document →We respond to enterprise legal, security, and procurement queries within one business day. Our team is happy to get on a call with your IT or InfoSec team.
Questionnaires, Type I reports, penetration test summaries, sub-processor lists.
security@meetanci.com →Signed copies, custom contract terms, MSA negotiation, BAA execution.
legal@meetanci.com →30-minute call with our team for security reviews requiring direct engagement.
Request a call →