Having trouble understanding where your Calendly data is stored or how it’s protected? Use this guide to learn how Calendly manages and secures user data, and what to do if you need help with international data transfers.
Data Hosting Location
Calendly stores user and invitee data in U.S.-based data centers managed by Google Cloud Services (GCS) and Amazon Web Services (AWS).
Infrastructure Compliance
Calendly’s hosting providers meet several industry standards:
- ISO 27001
- SOC 1, SOC 2 / SSAE 16 / ISAE 3402
- PCI Level 1
- FISMA Moderate
- Sarbanes-Oxley (SOX)
Learn more:
Data Encryption
Calendly encrypts your data to protect it both in transit and at rest:
- All web traffic uses TLS SHA-256 with RSA Encryption
- Data at rest is encrypted using industry standards
- Passwords are stored as salted hashes
- iCloud Calendar passwords use salted encryption
Transferring Personal Data from the EEA or UK
If you collect data from individuals in the European Economic Area (EEA) or the UK, Calendly uses legal tools to ensure safe transfer.
Key Safeguards
- Standard Contractual Clauses (SCCs) are included in Calendly’s Data Processing Agreement (DPA)
- UK Addendum is also part of the DPA for UK-specific requirements
- All sub-processors that handle your data have signed DPAs
Frequently asked questions - International transfers
What are SCCs?
SCCs are standard agreements that define how personal data is protected when transferred outside the EEA.
What is the UK Addendum?
This is a UK-specific contract add-on that aligns with the latest UK privacy laws for cross-border data sharing.
Does Calendly’s DPA include both the SCCs and UK Addendum?
Yes, Calendly’s DPA includes both.
Do these apply to me?
If you're collecting data from users in the EEA or UK, yes—they apply.
Need to complete a Transfer Impact Assessment (TIA)?
Contact Calendly to request our TIA FAQ document, which includes info on U.S. surveillance laws and how they apply to Calendly.