Security Policy

This page is maintained by Get Scheduled Central and is not an independent certification.

Account access

• Email + password authentication with a self-service password reset flow.
• Optional Google sign-in.
• Sessions are managed with secure tokens issued by our auth provider.

Data protection

• Data is encrypted in transit using HTTPS/TLS.
• Data at rest is encrypted by our managed database provider.
• Row-level security policies isolate each business's data so one account cannot read another's.

Payments

Card details are handled directly by our PCI-compliant payment processor. We never see or store full card numbers — only a token used to charge your saved card on a per-appointment basis.

Reporting a vulnerability

If you believe you've found a security issue, please contact us using the form on the home page. We appreciate responsible disclosure and will respond promptly.

Shared responsibility

Keep your password strong and unique, don't share login credentials, and remove staff access when they leave. We secure the platform; you secure your account.