AI security · best practices

Your calendar is sensitive. We treat it that way.

What Caliyo does to keep your calendar data safe, what we won’t do with it, and an eight-question framework you can use to evaluate every AI vendor — including us.

Caliyo’s stanceVendor-eval framework
AES-256 at rest
TLS 1.2+ in transit
KMS-encrypted tokens
Dedicated key for OAuth secrets
Zero training
AI runs on AWS Bedrock
Least-privilege OAuth
Calendar + contacts only
Caliyo’s stance

What we do. What we won’t.

Two columns, plain English. If we ever change either side, it goes in the changelog before it goes in the product.

What Caliyo does
  • Encrypt everything at rest (AES-256) and in transit (TLS 1.2+).
  • Encrypt your OAuth tokens with a dedicated AWS KMS key before they ever touch a database.
  • Scope OAuth to the minimum: calendar read/write and read-only contacts. No Gmail. No Drive.
  • Run AI on AWS Bedrock inside our own cloud environment — prompts and outputs are not used to train models.
  • Verify webhook and internal traffic with HMAC-SHA256 signatures, constant-time comparison, and replay protection.
  • Delete your data within 30 days when you ask — the same commitment as our privacy policy.
What Caliyo won't
  • Train any AI model on your calendar data — we don’t build models, and Bedrock doesn’t train on customer content.
  • Sell or share your calendar data with third parties for marketing. Ever.
  • Read your email or your files — our OAuth scopes can’t reach them.
  • Claim certifications we don’t have. No SOC 2 badge until we’ve actually earned one.
  • Hide what the assistant did — every change lands on your calendar where you can see it and undo it.
  • Keep your data after you leave.
Data lifecycle

Where your data goes — every step.

STEP 01
Connect
OAuth flow grants Caliyo least-privilege calendar scopes. You can revoke at any time from your provider settings.
STEP 02
Read
We sync the fields scheduling actually needs — event titles, times, attendees, and free/busy windows. We can’t see your email or files; the scopes don’t allow it.
STEP 03
Process
Assistant reasoning runs on AWS Bedrock inside Caliyo’s cloud environment. Prompts and outputs are not used to train models and are not shared with the model provider.
STEP 04
Write
Caliyo writes to your calendar only for actions you or your assistant confirm. Every change appears on your calendar immediately — nothing happens out of sight.
STEP 05
Forget
Disconnect a calendar and our access ends immediately — you can also revoke Caliyo from your Google or Microsoft settings. Delete your account and we remove your data within 30 days.
Vendor-eval framework

Eight questions every SaaS team should ask any AI vendor.

Including us. Our answers are in the right column — if another vendor’s answers don’t hold up beside them, that’s the answer.

The question
What Caliyo answers
What to push the vendor on
Q1
Do you train models on customer data?
No. We don’t build models, and our AI runs on AWS Bedrock, which doesn’t train on customer content.
Get a yes-or-no in writing. "Used for training internal evaluations" is a yes.
Q2
Which sub-processors touch our data?
A short list: AWS (hosting + AI inference), Stripe (payments), and the calendar providers you connect. Ask us for details anytime.
Demand a current sub-processor list. Walk away from "trusted partners" answers.
Q3
Where does our data physically live?
AWS data centers in the United States. We don’t offer regional pinning yet — and we won’t claim we do.
Region for storage AND inference. Some vendors store regionally but infer in the US.
Q4
How granular is the access scope?
Least-privilege per provider. Calendar read/write and read-only contacts; no Drive, no Gmail.
Read the OAuth scope strings yourself. "Full account access" is a red flag.
Q5
What happens when we purge?
Request deletion in-app or by email → your data is removed within 30 days, as our privacy policy commits.
Get a written purge SLA. "Best effort" is not an answer.
Q6
Who can a human inside the vendor read?
A small engineering team with authenticated access — used to debug issues you raise, not to browse. No anonymous support pool.
Ask for the access model. "Need-to-know support" with no log is a problem.
Q7
How are AI outputs reviewable and reversible?
The assistant confirms before acting, and every change lands on your calendar where you can see it and revert it.
Test it. If "undo" requires a support ticket, the answer is no.
Q8
What’s the breach SLA?
We commit to notifying affected users without undue delay — GDPR’s 72-hour supervisory standard is the bar we work to.
72-hour notification is the GDPR floor. Anything weaker is below market.
Best practices for SaaS teams

Six habits that prevent the bad headlines.

None of these are specific to Caliyo. They’re what a competent security org does with every AI vendor in 2026.

Pilot with a low-stakes team first
Run AI tools through a non-critical team for 4 weeks. Audit the access log weekly. Promote to the full org only after the log looks boring.
Keep a written AI vendor inventory
Name, scope, region, data classification, expiration of the contract. Review quarterly. Most "shadow AI" lives in tools nobody remembered approving.
Rotate keys and re-consent annually
OAuth grants don’t expire automatically. Make a calendar event to revoke + re-grant once a year. It surfaces drift you didn’t know about.
Treat AI output as untrusted by default
Pipe AI-generated text through the same review you’d give a junior’s draft. Auto-publishing AI output to customers is how brands get embarrassed.
Train the team on prompt hygiene
No PII in prompts to general-purpose tools. No client names. No financials. Build a one-page do/don’t and put it in onboarding.
Get the DPA before procurement signs
A Data Processing Addendum is non-negotiable for any vendor handling customer or employee data — including AI vendors. No DPA, no purchase.
Honest about limits

Three things even Caliyo can’t promise.

  • We don’t build the models
    Assistant reasoning runs on Anthropic Claude models via AWS Bedrock, inside our AWS environment. Bedrock's terms mean prompts and outputs aren't used for training and aren't shared with the model provider — but we don't build the models ourselves. If those terms ever changed, we'd re-evaluate and tell you.
  • Calendar providers
    Caliyo can only be as private as the calendar it connects to. If your Google Workspace admin has audit logging configured, we read what they read. We can't make Google forget your events — only ours.
  • Humans exist
    We're a small team. When you ask us to debug something, an engineer may see the affected data while helping you. Access is limited to the engineering team over authenticated AWS access and used for support — we won't pretend software does all of it.
FAQ

Security, asked plainly.

Not yet — and we won't put the badge on this page before the audit is real. What we do have is on this page and verifiable: AES-256 at rest, TLS in transit, KMS-encrypted OAuth tokens, least-privilege scopes, and AI on AWS Bedrock that doesn't train on your data. When we pursue SOC 2, this page will say so.

Anthropic Claude models running on AWS Bedrock, inside our own AWS environment. Under Bedrock's terms, prompts and outputs aren't used to train models and aren't shared with the model provider.

AWS data centers in the United States. We don't offer EU or other regional data residency yet.

Request deletion in-app or by email and we remove your data within 30 days, as our privacy policy commits. Disconnecting a calendar ends our access immediately, and you can also revoke Caliyo from your Google or Microsoft account settings at any time.

Sign-in supports Google and Microsoft accounts (OAuth) plus email and password, managed by AWS Cognito. SAML SSO and SCIM provisioning aren't available today — if your team needs them, tell us; it directly shapes the roadmap.

No. Our OAuth scopes cover calendar read/write and read-only contacts. Gmail, Outlook mail, Drive, and OneDrive are outside what we're authorized to access.

Have a security question we didn’t answer?

Ask us directly — a founder reads every security email. And if you catch anything on this page that isn’t accurate, we want to know that most of all.