Security, Privacy, & Compliance

The security and privacy of your information are taken seriously at Acuity, and we’ll never market to your customers or share your information with others. That’s the abridged version; but, you can read more about it in our privacy policy.

In addition to the steps we take by securing our servers and training our staff about privacy, we also comply with: 

  • EU businesses can sign and return an International Data Transfer Agreement containing the EU Model Clauses. If you prefer to sign digitally, please contact support.
  • Compliance with HIPAA Security Rule and guidance laid out in NIST SP 800-66. Read more about HIPAA.

  • PCI (SAQ C 3.1)

  • Data center is certified SOC 2 Type II

  • Accessibility compliance for section 508, download VPAT

For those of you in the EU who must comply with the General Data Protection Regulation (GDPR), effective May 2018, we're looking into it; if we decide to pursue compliance with GDPR, it will be at no additional cost to you. However, because the implications of GDPR on the operation of Acuity are still being explored, we cannot say at this point whether or not Acuity Scheduling will comply with GDPR in the future.

If you have any questions about security or privacy, please contact support.


Have more questions? Submit a request