Library / Vendor directory

Calendly

calendly.com · facts updated 1 hour ago

Privacy facts at a glance
Jurisdictions
US · Canada · Netherlands · Israel · UK
Subprocessors
24
Retention
Retention period is not explicitly stated in the excerpts; entities may manage retention and export settings per the Customer Terms.
Breach notification
The DPA defines a 'Security Breach' as a confirmed breach leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data, but no specific notification timeframe is stated in the excerpts.
Transfer mechanism
Standard Contractual Clauses (SCCs), UK Addendum, and Data Privacy Frameworks (EU-US, UK Extension, Swiss-US)
DPA available
Yes
Certifications
SOC 2 Type 2 · SOC 3 · CSA STAR Level One · ISO/IEC 27001 · PCI Compliant
GDPR addressed
Yes
CCPA addressed
Yes
Named subprocessors
Ada Aiven Amazon Web Services Assembled Cloudflare Datadog E-HAWK Elasticsearch Google Hex Hyperdoc (a.k.a. Recall.ai) Intercom

Tracked documents

Privacy policy
https://calendly.com/legal/privacy-notice checked 4 hours ago
Terms of service
https://calendly.com/legal/customer-terms-conditions checked 3 hours ago
Data processing agreement
https://calendly.com/legal/data-processing-addendum checked 3 hours ago
Subprocessor list
https://calendly.com/help/calendly-sub-processors-gdpr-ccpa checked 3 hours ago
Security / trust page
https://calendly.com/security checked 1 hour ago

Recent changes

minor Security / trust page 1 hour ago

Calendly's security/trust page navigation underwent a UI restructuring, removing the language selector (English/Français/Español/Deutsch/Português) and reorganizing header call-to-action buttons.

Public summary; per-account review history visible to subscribers tracking this vendor.

Track Calendly in your workspace.

Get notified when Calendly adds a subprocessor, changes retention, updates their DPA, or quietly amends their privacy posture.

Start tracking — 14-day trial
No card required.