IN THIS ARTICLE:
Where is your data stored?
Calendly user and invitee data is hosted in United States data centers provided by Amazon Web Services (“AWS”) and Google (select back-ups). We also have signed Data Processing Addendums (DPAs) with subprocessors of our data.
Infrastructure Compliance
The Calendly application is hosted on Amazon Web Services via the Heroku platform. Heroku’s physical infrastructure is hosted and managed within Amazon’s secure data centers and utilize the Amazon Web Service (AWS) technology. Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards. Amazon’s data center operations have been accredited under:
- ISO 27001
- SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II)
- PCI Level 1
- FISMA Moderate
- Sarbanes-Oxley (SOX)
Data Encryption
- All connections from the browser to the Calendly platform are encrypted in transit using TLS SHA-256 with RSA Encryption.
- All data is encrypted at rest.
- Calendly user passwords are stored as salted password hashes.
- User passwords for the iCloud Calendar integration are stored using salted encryption.
International Data Transfers
We take data privacy and protection very seriously, including the transfer of personal data from the EU to the US.
Calendly has incorporated the Standard Contractual Clauses into its Data Processing Agreements as its transfer mechanism. Additionally, all of Calendly's data subprocessors have signed Data Processing Addendums (DPAs) with Calendly.
Calendly is monitoring the legal challenges to the Privacy Shield framework but is continuing to explore whether it will certify to it. In the meantime, the Standard Contractual Clauses ensure that adequate safeguards are in place for any onward transfers of personal data to Calendly.