Mentorloop's calendar sync is powered by our integration partner, Cronofy. This article explains how the connection works, what access it needs, and how your calendar data is protected. Calendar sync is entirely optional and can be disconnected at any time.
How calendar sync works
Individual Connect vs. Enterprise Connect
Mentorloop supports two ways to connect calendars, depending on your organization's setup:
- Individual Connect — each user authorizes access to their own calendar via a standard OAuth 2.0 flow. This is the default for most users.
- Enterprise Connect — an administrator authorizes access at the domain level on behalf of everyone in the organization, so individual users don't need to connect their calendars themselves. This is available for Google Workspace and Microsoft Office 365.
We recommend Enterprise Connect for organizations, as it simplifies setup and rollout.
Can calendar sync be disconnected?
Yes, at two levels:
- Individual opt-out — any user can disconnect their own calendar from their Mentorloop account settings at any time. This is made clear during sign-up, before the integration is completed.
- Admin-level revoke — for organizations using Enterprise Connect, an admin can revoke authorization for the entire organization at once.
What happens if calendar sync isn't connected?
Calendar sync is optional. Without it, participants can still use Mentorloop, but the following features won't be available:
- Availability sharing — participants won't be able to view each other's free/busy times when scheduling meetings within a Loop
- Automatic meeting creation — meetings created within Mentorloop won't be added to participants' calendars
- Two-way sync — edits or cancellations made in either Mentorloop or a participant's calendar won't be reflected in the other system
What access does Mentorloop request?
To support the full calendar experience — viewing availability, creating meetings, and keeping edits or cancellations in sync — Mentorloop requests read/write access to connected calendars. This breaks down as:
- Viewing availability requires free/busy read access
- Creating meetings requires write access
- Editing or canceling meetings requires read/write access to the events Mentorloop manages
Calendar providers (Google, Microsoft, etc.) don't allow different permission levels to be requested for different features — it's an all-or-nothing set of scopes granted at authorization. That means a free/busy-only option isn't available if you also want meetings created and managed automatically through Mentorloop.
For full technical detail on how Cronofy structures these permissions, see Cronofy's developer documentation on Permissions.
What data is stored, and for how long?
Once a calendar is connected, Cronofy keeps a synchronized cache of relevant calendar data so it can respond quickly and reliably rather than querying your calendar server directly for every request. By default, this cache covers a rolling window of 42 days in the past and 201 days in the future.
For the full breakdown of exactly what event data is stored, see Cronofy's Data Management documentation.
Cronofy synchronizes event details for all events on a connected calendar — not just meetings created through Mentorloop — in order to detect changes and keep availability accurate. Free/busy time is shown to other participants directly through a Cronofy-powered scheduling component; Mentorloop itself doesn't access the contents of events you create outside of Mentorloop.
For meetings created through Mentorloop specifically, Cronofy also tracks changes such as attendees accepting or declining invites, and any edits made directly in a participant's calendar, so these stay in sync with Mentorloop.
Mentorloop doesn't attach files to meetings it creates, so attachment data isn't part of this integration.
Who can access this data?
Cronofy follows a least-privilege access model: employees only have the access needed for their role, and nothing more. For example, support and engineering staff can view event details when needed to troubleshoot an issue, while staff in roles like sales don't have that level of access. All Cronofy employees undergo background checks and are bound by confidentiality obligations.
For more detail, see Cronofy's Access to Data policy and their privacy notice, which covers your rights regarding this data.
How is the data secured?
Cronofy encrypts data at rest using AWS KMS and in transit using TLS 1.2/1.3, on top of AWS's underlying infrastructure security. Full details are available in Cronofy's "How data is protected" documentation.
Have a question that isn't answered here? Reach out to your Customer Success Manager or our support team.