IN THIS ARTICLE:
Where is your data stored?
Calendly user and invitee data is hosted in United States data centers provided by Amazon Web Services (“AWS”) and Google (select back-ups). We also have signed Data Processing Addendums (DPAs) with subprocessors of our data.
Infrastructure Compliance
The Calendly application is hosted on Amazon Web Services via the Heroku platform. Heroku’s physical infrastructure is hosted and managed within Amazon’s secure data centers and utilize the Amazon Web Service (AWS) technology. Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards. Amazon’s data center operations have been accredited under:
- ISO 27001
- SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II)
- PCI Level 1
- FISMA Moderate
- Sarbanes-Oxley (SOX)
Data Encryption
- All connections from the browser to the Calendly platform are encrypted in transit using TLS SHA-256 with RSA Encryption.
- All data is encrypted at rest.
- Calendly user passwords are stored as salted password hashes.
- User passwords for the iCloud Calendar integration are stored using salted encryption.
Are you Privacy Shield certified?
We take data privacy and protection very seriously, including the transfer of personal data from the EU to the US.
Calendly has incorporated the Standard Contractual Clauses into its Data Processing Agreements as its transfer mechanism, an approved safeguard and a recognized alternative to Privacy Shield, and we are actively examining self-certification under Privacy Shield.
Additionally, our subprocessors of data are either Privacy Shield certified or have signed Data Processing Addendums (DPAs) with Calendly. For example, we store data in Amazon Web Services (“AWS”) and Google (select back-ups) which are both Privacy Shield certified.
Calendly is monitoring the legal challenges to the Privacy Shield framework but is continuing to explore whether it will certify to it. In the meantime, the Standard Contractual Clauses ensure that adequate safeguards are in place for any onward transfers of personal data to Calendly.