Product security

Timefold is committed to your data privacy and security. This guide explains the measures we have built into our Timefold Cloud Platform to enhance security.

Audit logging

Timefold Cloud Platform has detailed tracking of user actions and changes within the platform. This includes capturing modifications to permissions, configurations, and other essential settings. These logs facilitate diagnosing issues, investigating security incidents, and ensuring compliance with relevant regulations. By providing a detailed record of activities, Timefold’s audit logging enhances transparency and accountability, helping us to detect anomalies and enforce security policies effectively.

Logs are made available (read-only) via the Platform’s API and Cloud Platform’s UI.

User role management

Timefold enables the management of roles with varying levels of permissions for users, allowing administrators to ensure that each user only has access to the resources necessary for their role.

See Member management and roles for more details.

Authentication

Timefold Cloud Platform has support for logging in via Google or Microsoft, or an email/password combination.

Password policies

Several password policies are in place to enforce safe passwords, reducing the risk of unauthorized access.

  • A password history is maintained for each user to prevent the reuse of passwords included in the history.

  • We disallow passwords that are part of a list of the 10,000 most common passwords.

  • We disallow passwords that contain any part of the user’s personal data (like name or email).

We use Auth0 for authorization and to enforce these password policies.

On request we can enable custom OpenID authentication.

Integrations

Webhooks

The Timefold (Cloud) Platform has support for sending webhooks to external websites when certain events occur in the platform. Make sure to only configure trusted URLs as webhooks. The payload of webhooks contains metadata about model runs, with references to authenticated API endpoints where the run details are fetched.

See Configuring webhooks for details.

Data retention

The Timefold Cloud Platform allows for configuring data retention policies for model runs and event data.

Contact us to configure the right retention policy for your tenant.

Email security

SPF, DKIM, and DMARC are enforced for domains used by Timefold to send emails to prevent email spoofing.