Is OCLM Scheduler secure?

Yes. OCLM Scheduler uses 256-bit SSL/TLS encryption in transit, encryption at rest, federated Microsoft and Google sign-in with optional two-factor authentication, multi-tenant data isolation enforced at the database layer, automatic backups, and continuous monitoring on enterprise-grade cloud infrastructure.

What security measures does OCLM Scheduler use?

Defense in depth: SSL/TLS in transit, encryption at rest, federated authentication via Microsoft and Google, anti-forgery (CSRF) protection on all state-changing requests, rate limiting on sensitive endpoints, multi-tenant data isolation at the database layer, automatic encrypted backups, continuous patching, and GDPR-aligned privacy controls.

Can I store my data locally with OCLM Scheduler?

Yes. You can download a backup of your data at any time and then delete the cloud copy. This gives you full control over where your congregation data lives.

Does OCLM Scheduler support two-factor authentication?

Yes. Sign-in is delegated to Microsoft and Google, so any 2FA / multi-factor authentication you have enabled on those accounts (authenticator app, SMS, hardware key, biometrics) automatically protects your OCLM Scheduler login.

How is one congregation's data kept separate from another's?

Every row of data is tagged with the owning account and filtered by database-level security policies on every query. The filter is applied automatically server-side, so a request can never see another congregation's data even if a query is malformed.

OCLM Scheduler is Secure by Design – Your Data, Protected Every Step of the Way

Q: Is OCLM Scheduler GDPR compliant?

Yes. Our Terms of Service and Privacy Policy reflect GDPR principles: lawful basis for processing, minimal data collection, the right to access and erasure, and clear data-handling practices.

Keeping your congregation's data safe is a responsibility we take seriously. OCLM Scheduler is built with strong encryption, trusted sign-in providers, multi-tenant data isolation, and reliable cloud hosting – all designed to protect your information from the moment you sign in until the moment you back it up.

256-bit SSL/TLS Encrypted at Rest Microsoft & Google Sign-in 2FA Supported GDPR Aligned ISO 27001 / SOC 2 Automatic Backups Local Storage Option

Defense in Depth – How We Protect Your Data

We don't rely on any single safeguard. OCLM Scheduler combines multiple, overlapping layers of protection so that if one layer is ever stressed, others are already standing behind it.

Encryption in Transit

Every connection between your browser and our servers is protected by 256-bit SSL/TLS. You can confirm it yourself — look for the lock icon and the https:// prefix in your browser's address bar.

Encryption at Rest

All databases, backups, and logs are encrypted on disk using industry-standard AES encryption. Even if storage media were physically removed, the data would remain unreadable without the encryption keys.

Trusted Federated Sign-in

Sign-in is delegated to Microsoft and Google. Your password is entered on their site, never ours – we never see it, never store it, and never can.

Two-Factor Authentication

Any 2FA you've enabled on your Microsoft or Google account – authenticator app, hardware key, biometrics, or SMS – automatically protects your OCLM Scheduler login. No extra setup required.

Multi-Tenant Data Isolation

Every row of data is tagged with the owning account and filtered server-side on every query. The filter is enforced at the database layer, so your congregation's data is never visible to another account – even in the unlikely event of a faulty query.

Anti-Forgery (CSRF) Protection

Every form and state-changing request requires a one-time anti-forgery token tied to your session. This blocks cross-site request forgery attacks where a malicious site tries to act on your behalf.

Rate Limiting & Abuse Protection

Sensitive endpoints – sign-in, password reset, account creation, feedback – are rate-limited to slow down brute-force attempts, scraping, and automated abuse.

Automatic Encrypted Backups

Your data is automatically backed up on a regular schedule, with backups encrypted and retained for disaster recovery. You can also download your own backup at any time and keep a copy on your own device.

Continuous Monitoring & Patching

We monitor application errors and security events, and apply security updates promptly when new vulnerabilities are disclosed in the libraries and platforms we depend on.

Secure Development

Code changes are reviewed before release, and we follow secure-coding practices for input validation, output encoding, parameterised queries, and least-privilege access – reducing the risk of injection, XSS, and similar attacks.

Your Privacy, Your Choice

OCLM Scheduler gives you full control over your data. We collect only what's needed to schedule a meeting, and we let you decide whether your information lives in the cloud, on your own device, or both.

Location Control

You decide where your data lives – securely in the cloud, locally on your device, or both. This helps you align with your country's data-protection regulations and any local SFLA direction.

Minimal Data Collection

To schedule effectively, all we need is each participant's name and the parts they can perform. OCLM stores only the limited information necessary to schedule congregation assignments, including a participantâ€™s name, assignment qualifications, unavailable dates, optional short scheduling notes, and optional email or mobile number for notifications. Optional notes are intentionally limited in length and users are clearly instructed not to enter confidential or sensitive information. OCLM does not provide fields for addresses, judicial matters, family relationships, medical information, financial data, shepherding records, or other sensitive congregation information.

In line with your country's regulations and local SFLA direction, you may optionally add an email address or phone number if you'd like to send reminders or slips by email, WhatsApp, or text. Don't want that stored? Skip it – download the slips and send them manually using your preferred method.

Right to Erase

You can remove your data from the cloud at any time. Back up your data locally with one click, then delete the cloud copy with another. Your account, your decision – with no friction.

Storing Data Locally

Prefer to keep your data offline? Import a backup from your device into OCLM Scheduler, do your scheduling, then use the backup button to save your data back to your device or USB drive. A single click then removes it from the cloud.

Privacy Compliance

Our Terms of Service and Privacy Policy reflect European Union GDPR principles: lawful basis for processing, minimal data collection, transparency, the right to access, and the right to erasure.

Whether you choose cloud, local, or a mix, OCLM Scheduler empowers you to manage your data confidently. You decide when, where, and for how long your information is stored.

Enterprise-Grade Cloud Infrastructure

OCLM Scheduler runs on the same class of cloud infrastructure used by banks, governments, healthcare organisations, and large enterprises — trusted by a majority of Fortune 500 companies. We rely on a tier-1 global cloud provider with billions invested annually in cybersecurity, so we can focus on building great scheduling software while world-class engineers protect the underlying platform.

Physical Security

24/7 on-site security and monitoring
Biometric access controls and surveillance
Seismic bracing, redundant power, and fire suppression
Independently audited, ISO 27001-certified facilities

Encryption Everywhere

Data is encrypted with AES while at rest and protected with SSL/TLS in transit between your browser, our application servers, and the database. Encryption keys are managed by the cloud platform's hardened key-management service.

Network Protection

The platform we build on includes DDoS mitigation, network firewalls, and intrusion detection at the edge. Our application code is deployed behind these protections, so attack traffic is filtered out before it ever reaches your data.

Compliance & Certifications

The infrastructure underlying OCLM Scheduler is certified against a wide range of international standards:

ISO 27001 ISO 27018 SOC 1 SOC 2 FedRAMP GDPR HIPAA-ready

These certifications are verified by independent, third-party auditors on a regular cadence — not self-assessed.

What We Don't Do

Just as important as what we do is what we deliberately avoid:

We don't sell your data. Ever. To anyone.
We don't share data between accounts. Each congregation's data is isolated.
We don't store your password. Sign-in is handled entirely by Microsoft or Google.
We don't use third-party advertising trackers. No retargeting, no ad networks.
We don't lock you in. Export your data at any time and delete the cloud copy with one click.
We don't collect sensitive personal data such a — financial data, judicial records, medical information, home addresses, geographic coordinates, family relationship data, family head designations, or records such as removal dates, reinstatement dates, or incarceration dates, or other sensitive personal data, unlike other softwares.

Schedule with Confidence

From sign-in to storage, your data is protected at every step — so you can focus on serving your congregation, not worrying about technology.

Found a security concern? We want to hear about it. Please report it through the Feedback page so we can investigate promptly.