Security & trust

Send this page toyour security team.

Most vendor security reviews are a six-week questionnaire against a report you take on faith. Calnode's approach is the opposite: the whole product is small, self-hosted, and every security and privacy claim is published so your engineers can verify it directly.

Security & trust

Don't take our word for it.Check it yourself.

A SaaS vendor asks you to trust an annual audit report. Because Calnode is small and self-hosted, you can do better: point your own security engineer — or their LLM — at the repo and verify every security and privacy claim in minutes, not weeks.

Open, falsifiable claims

Every claim we make is published as a claim → verify-it-yourselfmanifest, alongside the audit process itself. Nothing to take on faith — each line points at the code that proves it.

Adversarially reviewed

Two rounds of review: deterministic scanners (govulncheck · gosec · gitleaks · semgrep) plus an LLM red-team across six domains — egress tracing, tenant isolation, the auth model, encryption & secrets, injection/SSRF, and booking-flow authorization.

A self-serve audit kit — open and falsifiable, run it against the repo yourself. It is not a third-party attestation (no SOC 2, no external pen-test); it is something you can check directly instead of trusting a certificate.

Your data stays on your infrastructure

Self-hosted by design — customer data never leaves your environment except through explicit, named, opt-in integrations. There are no hidden calls home. The complete list of third parties, and only when each applies:

Deepgram — only if you enable the notetaker (transcription)
Your BYO-LLM endpoint — the model you configure (can be local)
Calendar providers — Google, Microsoft 365, or any CalDAV server you point it at
Zoom, Stripe — only if you connect them for meeting links / paid bookings
LiveKit Cloud — only if you point Rooms at it instead of self-hosting

Run it yourself.
Or let us run it for you.

Calnode is free and open source. Self-host it in minutes, or talk to us about a managed deployment for your organisation.

Don't want to host it at all? Join the managed-hosting waitlist — we'll email you when it opens.