Security

We ensure that our security approaches are in line with specific standards, laws and regulations.

ISO security image

We know that security and privacy are important to you and your clients. That's why we put all our effort into ensuring your information stays safe with us.

Our Information Security Management System has been certified by NQA, against the provisions of the ISO 27001:2022.

Find out more on our dedicated page for our certification.

  • GDPR Compliant

    GDPR Compliance: Data Protection & Privacy

    In all our operations, we ensure that your privacy and personal data is secured. Check our GDPR Compliance Statement which includes detailed information explaining how we are GDPR compliant.

  • SSL Secure

    Secure Data Transmission

    The privacy of all internet communication between users and clients and our system is secured by TLS 1.2 which is one of the strongest protocols available today.

  • HIPAA Compliant

    HIPAA Compliance

    In order to be HIPAA compliant, we have implemented the Accountable HIPAA Compliance Software, adjusted for Business Associates when providing our services to healthcare providers.

    As part of our legal responsibilities under the HIPAA Rules, we identify risk areas, develop policies and procedures, conclude Business Associate Agreement, train our staff and ensure that PHI are always protected. Some of our measures include:

    • Access to PHI restricted;
    • Idle time logouts;
    • Adjusted corresponding emails and SMS booking notification.

Security & Trust

Explore the range of features that make SimplyBook.me scheduling software an excellent match for you. SimplyBook.me offers over 70 custom features to reflect your security needs, style and other requirements.

  • Icon network protection

    Network Protection

    We monitor our network constantly against any potential threats including data breaches, adware, hackers, pop-ups and phishing attempts. Historically our uptime has been around 99.9% which corresponds with our goal, to provide you with a trustworthy business partner.

  • Icon trusted data centers

    Trusted data centers

    SimplyBook.me hosts its servers with three reputable data centers, in Canada, France and Singapore. Those three hosting companies have 24/7 security personnel on site, security badge control system, video surveillance with badge entrance into their buildings and strict access control making it extremely hard to break into. The hosting centers meet the R82 and R81 APSAD standards and work according to ISO 27001 standards.

  • Icon security

    Security by Design

    We develop and maintain our system according to SDL principles, defining key security risks before each project change and implementing relevant security controls to address these risks. We do our best to protect the system against known vulnerabilities (SQL and XSS injections, CSRF attacks, etc.) by implementing SaaS companies best security assurance measures.

  • Icon payments

    Payments

    SimplyBook.me does not store any credit card information, neither when you pay your subscription fee to SimplyBook.me, your recurring subscription fee nor when your clients pay for your services on your booking page. Your payment are all processed by an external and secure PCI DSS compliant parties such as Paypal, CardConnect, Stripe, Borgun and more. This means that your payment is always 100% safe (or at least as safe as it gets with these providers) and your payment data remains confidential.

  • Icon data backup

    Data Backup

    Your data within SimplyBook.me is backed up every single day and stored on a secure server using encrypted data transfer in different locations to avoid any potential data loss or corruption. We verify our backup procedures regularly to make sure we provide you with the most secure performance.

  • Icon security

    Protecting Personal Data

    SimplyBook.me is designed to control closely what level of access is needed for our support personnel and restricts any excess access. Every single person in our staff that may access data is required to sign NDA and is obliged to turn in a criminal record certificate. Relevant data is only visible for relevant people, defined by role based authorization.

Get our Security Package

Simply fill in the form below, and we will send you a copy of our Security Package.

Found a bug or a vulnerability!

Press the Contact us button and send our Security Team more details.

Contact us
Support assistant shiled lock mail