Security Best Practices

Protecting your meetergo account and your attendees' data is important. This guide covers security features available in meetergo and best practices for keeping your account secure.

Account Security

Strong Passwords

When using email/password authentication:

Use a unique password not used on other sites
Include a mix of letters, numbers, and symbols
Avoid common words or personal information
Consider using a password manager

Use SSO When Available

For Teams and Enterprise plans:

Configure SAML SSO with your identity provider
Centralize authentication through Okta, Azure AD, or similar
Benefit from your organization's security policies

See Okta SSO Configuration for setup.

When signing in with Google or Microsoft:

Your password is managed by the OAuth provider
Benefit from their security features (2FA, etc.)
Revoke access anytime from your Google/Microsoft account

API Key Security

If you use the meetergo API:

Protect Your Keys

Never share API keys publicly
Don't commit keys to version control
Use environment variables in your code
Rotate keys periodically

Key Best Practices

# Good: Use environment variables
API_KEY=$MEETERGO_API_KEY

# Bad: Hardcoded in code
API_KEY="ak_live:abc123:secret"  # Don't do this!

Set Expiration Dates

When creating API keys:

Set reasonable expiration (30-90 days)
Regenerate before expiration
Revoke unused keys promptly

Revoke Compromised Keys

If a key may be compromised:

Go to Settings → API Keys
Find the key and click Revoke
Generate a new key
Update your integrations

Team Security

Principle of Least Privilege

Give users only the permissions they need
Use team member roles for most users
Reserve admin access for those who need it
Review permissions periodically

See User Roles and Permissions.

Offboarding

When team members leave:

Remove their meetergo access immediately
Transfer ownership of their meeting types if needed
Review any integrations they set up
For SCIM users, deprovisioning is automatic

Require Invitations

Enable invitation requirements:

Go to Settings → Company
Enable Require Invitation
New users must have a valid invite to join

This prevents unauthorized users from joining your organization.

Integration Security

Calendar Permissions

meetergo requests only necessary calendar permissions:

Read events (check availability)
Create events (add bookings)
Modify events (update/cancel)

We never access email content or contacts.

Review Connected Apps

Periodically check your connected integrations:

Go to Settings → Integrations
Review all connected services
Disconnect any you no longer use

Webhook Security

When using webhooks:

Use HTTPS endpoints only
Validate webhook signatures if available
Don't expose sensitive data in webhook URLs

Data Protection

What Data meetergo Stores

Account information (name, email)
Calendar connection tokens (encrypted)
Booking data (attendee info, meeting times)
Integration credentials (encrypted)

Data Location

meetergo data is stored in the EU (Frankfurt) region with:

Encrypted storage at rest
Encrypted transmission (TLS)
Regular backups

Data Retention

Active account data: Retained while account is active
Deleted accounts: Data purged according to our retention policy
Booking history: Available for your records

See Data Privacy Regulations for details.

Enterprise Security Features

SAML SSO (Teams+)

Single Sign-On benefits:

Centralized authentication
Enforce your organization's password policies
Automatic session management
Audit trail in your IdP

SCIM Provisioning (Enterprise)

Automated user management:

Automatic account creation
Instant deprovisioning
Attribute synchronization
No manual user management

See SCIM Provisioning.

Custom Domain (Teams+)

Use your own domain:

Branded booking URLs
SSL certificate included
Full control over DNS

Booking Page Security

Bot Protection

meetergo includes protection against:

Automated spam bookings
Bot form submissions
Abuse prevention

Email Validation

Disposable email detection
Email format validation
Optional domain restrictions

Rate Limiting

API and form submissions are rate-limited:

Prevents abuse
Protects against automated attacks
Fair usage for all users

Monitoring Your Account

Check for Unusual Activity

Regularly review:

Recent bookings for unexpected entries
Team member list for unknown users
Connected integrations
API key usage (if applicable)

Notification Settings

Enable notifications for:

New bookings
Team changes
Subscription updates

Reporting Security Issues

If you discover a security vulnerability:

Email security@meetergo.com
Provide details about the issue
Don't disclose publicly until resolved
We'll respond promptly

Security Checklist

Use this checklist to secure your account:

Strong, unique password or SSO enabled
Reviewed team member permissions
Removed departed team members
API keys stored securely (if used)
Unused integrations disconnected
Invitation requirement enabled (for teams)
Regular activity review

FAQ

Does meetergo support two-factor authentication?

For direct meetergo logins, 2FA is handled by your OAuth provider (Google/Microsoft) or via SAML SSO with your identity provider.

How is my calendar data protected?

Calendar connection tokens are encrypted at rest. We access only the minimum data needed for scheduling.

Can meetergo employees access my data?

Access is limited and logged. We don't access customer data except for support requests or legal requirements.

Yes. See our Data Privacy documentation.