Why do we need permission to access your Google account?
When you install the Clockwise chrome extension, we ask you for permission to connect to your work Google account and authenticate that connection via Google OAuth. This means that your Clockwise account has the same industry-leading login security as your Google account.
Clockwise requests the minimum permissions needed to be able to deliver a rich calendar experience. Specifically, we request access to the following Google information:
Clockwise also gives users the option to view the Clockwise chrome extension next to their work Gmail, as well as their calendar. To do this, Clockwise does not request API access to the user's Gmail data, but we do request access to mail.google.com in the browser, in order to display the extension. This is an optional chrome extension permission.
How is user data protected?
Our user’s data security is foundational to the Clockwise product, from account creation through Google's OAuth service, to encryption of data in transit to Clockwise servers (using browser-based TLS) and at rest in our database (using AES-256).
We work with industry-leading cloud PaaS and IaaS providers. All Clockwise applications run in a virtual private cloud hosted by AWS, including failover and backup instances. These infrastructure providers maintain industry-standard security certifications, including ISO 27001, ISO 27017, ISO 27018, SOC 1, SOC 2, SOC 3 and PCI DSS Level 1.
How does the Clockwise chrome extension interact with my computer?
Clockwise has no access to anything on your computer outside of the Chrome browser. This is a security feature of the Chrome browser that Google calls "sandboxing". You can learn more about it in this video from Google.
Does Clockwise offer a bug bounty program?
Clockwise takes security very seriously at all levels. To this end, we pay out Bug Bounty awards to individuals that identify security vulnerabilities in our software. If you believe you have identified a vulnerability, please email email@example.com to submit it for review.
Our team will work quickly to assess the validity and severity of the vulnerability. Based on this assessment, we will award you a cash award for legitimate vulnerabilities based on the severity of the vulnerability identified. And, of course, we'll always include some Clockwise swag as well!