K
Kwilio Scheduling
All articles
Privacy

Why Your Employee Data Belongs in iCloud, Not on Someone's Server

When you sign up for most scheduling apps, you hand over your employee roster, shift history, clock-in records, and pay rates to a company you've never met. That data lives on their servers, governed by their privacy policy, subject to their security practices — and potentially their data breaches.

Kwilio Scheduling works differently. Your data never leaves your iCloud account.

How Most Apps Store Your Data

The typical SaaS scheduling tool operates on a simple model: you create an account on their platform, your data is stored in their database, and you access it through their interface. This is convenient, but it means:

  • The vendor controls your data. If they change their terms, raise prices, or shut down, your access depends on their goodwill.
  • Your data is their data. Many services retain the right to use aggregate data for analytics or product improvement.
  • A breach at the vendor is a breach for you. If their database is compromised, your employees' personal information is exposed.

How Kwilio Scheduling Handles Data

Kwilio uses Apple CloudKit — the same private cloud infrastructure that powers iMessage, iCloud Drive, and Apple Health. Your data is stored in a private CloudKit container tied to your Apple ID.

What this means in practice:

  • Kwilio's servers hold zero employee data. We have no database with your team's names, hours, or pay rates.
  • Apple's privacy standards apply. iCloud data is encrypted in transit and at rest, governed by Apple's industry-leading privacy commitments.
  • You own the data, not us. If you cancel your Kwilio subscription, your data stays in your iCloud account — accessible until you choose to delete it.
  • Each organization is siloed. CloudKit's private database model means one organization's records are never accessible to another user.

Role-Based Access via CloudKit Sharing

When a manager invites an employee to join an organization, Kwilio uses CloudKit's sharing API to grant that employee scoped read access to their own schedule. They can see their shifts, clock in and out, and message the team — but they cannot access other employees' pay rates, payroll settings, or admin-only data.

Access is managed through Permissions — a flexible role system with Admin, Manager, and Employee tiers. Removing an employee from the organization immediately revokes their CloudKit access.

What About Compliance?

For businesses in regulated industries — healthcare, childcare, hospitality — data residency and access control matter. With Kwilio:

  • Data residency follows your iCloud account's regional settings (governed by Apple's data processing agreements).
  • Compliance rules can be configured in the app to enforce scheduling laws like minimum rest periods and maximum weekly hours.
  • Audit trails for clock-in/out events and schedule changes are stored in your private CloudKit database.

The Trade-Off

There is one real trade-off to this model: Kwilio cannot offer cross-device features that require a shared backend, like web access from a Windows PC or Android support. The app is exclusively for Apple devices — Mac, iPhone, and iPad.

If your team runs entirely on Apple hardware (which many small businesses in the US do), this is a non-issue. You get tighter security and better privacy in exchange for staying in the Apple ecosystem.

For businesses where that trade-off makes sense, Kwilio is the only scheduling tool that treats your employee data as yours — not theirs.

Ready to try Kwilio Scheduling?

Available on Mac, iPhone, and iPad. Your data stays in your iCloud.

See pricing →