enterprise-grade security
All customer data is encrypted at rest and in transit with secure protocols. All backups are encrypted as well.
We only collect and process the information you provide us—and you own all of it.
Data is logically separated, with your data hosted in our secure database, tightly controlled and limited only to need-to-know access.
Your data belongs to you. If your contract expires, you’ll have 30 days to export all data.
GoodTime is hosted on Heroku and AWS. That means robust physical data center security and environmental controls.
All GoodTime employees are required to complete privacy and security training upon hire and annually thereafter.
Data security incidents must be reported to our security team immediately. If affected, you’ll be notified within 72 hours. A copy of the incident report will be available on request.
We regularly back up your data, have defined RTO and RPO, and test backups on a frequent basis.
We offer our customers the option to have their data stored and processed on servers in the European Union, ensuring compliance with the highest standards of European data privacy regulations.
Found a bug? Let your account manager know and we’ll have a prompt response for you.
If you see something off within our applications, please contact us at security@goodtime.io. The following details are always helpful: OS, browser, URL, steps to reproduce, expected result, actual result, screenshots, and any additional notes.