At cherryware, data protection and security are a core part of how we build and operate Shared Calendar. We follow a security-by-design approach, ensuring that your calendar data stays under your control at all times — and that neither cherryware nor any unauthorized third party can access it without your consent. This architecture also prevents AI training and analytics on your calendar data by design.
In Microsoft Teams, every calendar is encrypted by an individual key that remains under your control within your tenant.
Data Processing Agreement
As a processor under GDPR Art. 28, cherryware provides a Data Processing Agreement (DPA) as part of the terms that governs how data is handled. The technical and organisational measures (TOMs) implemented to protect your data are documented in Annex 2 – Technical and Organisational Measures.
Microsoft is our only sub-processor where customer data is stored, as described in Annex 3 – List of Sub-processors. All data resides within Microsoft infrastructure.