What are the institutional and regulatory implications of this document?

REGULATORY LANDSCAPE: The notice expressly engages GDPR and UK GDPR (citing lawful bases including legitimate interests and consent), CCPA and CPRA (providing California-specific rights including opt-out of sale and sharing), and references Standard Contractual Clauses for international data transfers from the EU/EEA/UK. The primary enforcement authorities are the Irish Data Protection Commission or relevant EU supervisory authority for GDPR matters, the UK Information Commissioner's Office for…

How does Calendly's Calendly Privacy Notice affect users?

The notice establishes that personal data collection occurs both when users create Calendly accounts and when non-account holders book meetings through Calendly links, with calendar event titles and participant information processed as part of platform operations. Data sharing with third-party analytics and advertising vendors is authorized under the notice's terms. Residents of California, the EU, and UK can exercise data subject rights by submitting requests through calendly.com/legal/privacy…

How often is Calendly's Calendly Privacy Notice updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when Calendly updates this document?

Yes. Monitor subscribers ($19/month) can add Calendly to their watchlist and receive same-day email alerts whenever this document or any other Calendly document changes.

CA-D-000563

Calendly Privacy Notice

Calendly

Last change detected May 5, 2026 Privacy policy

SHA-256: ec5dd0a9ead408e891f… 1 version captured 0 changes documented

Create free account

Track 1 platform and get the weekly governance digest. No credit card required.

View original document at Calendly ↗

This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology

7 Total

1 High severity

5 Medium severity

1 Low severity

Summary

Calendly's Privacy Notice establishes the data collection, processing, and sharing practices for its scheduling platform, covering personal information collected from account holders and non-account holders who interact with Calendly scheduling links. The notice authorizes collection of names, email addresses, calendar event details, device data, and payment information, with provisions for sharing this information with third-party analytics and advertising partners. For California, EU, and UK residents, the notice describes rights to access, delete, or opt out of certain data uses through Calendly's privacy rights portal.

Technical / Legal Breakdown

This document is Calendly's Privacy Notice, governing the collection, use, storage, and sharing of personal data for users of Calendly's scheduling platform, with stated legal bases including consent, legitimate interests, and contractual necessity depending on jurisdiction. The notice asserts that Calendly collects a broad range of data types including contact information, calendar content, device and usage data, payment information, and inferred data from integrations with third-party services, and the terms authorize sharing this data with service providers, business partners, advertising networks, and affiliated entities. Notably, the notice draws a distinction between 'users' (account holders who create scheduling pages) and 'invitees' (recipients of scheduling links who may not have a Calendly account), meaning individuals who have never signed up for Calendly may have their personal data collected when they book a meeting through a Calendly-hosted link; this has operational implications for consent and transparency obligations that may not be fully resolved by the notice alone. The notice references compliance with GDPR, UK GDPR, CCPA/CPRA, and other regional frameworks, and identifies Standard Contractual Clauses as a cross-border data transfer mechanism; California residents and EU/EEA/UK residents are granted specific enumerated rights. Material compliance considerations include the adequacy of consent mechanisms for invitees who are not direct customers of Calendly, the scope of data sharing with advertising and analytics vendors, and the retention and deletion practices described in general terms without specific timeframes for most data categories.

Institutional Analysis

Institutional analysis available with Compliance

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Compliance.

Start Compliance free trial

High — 1 provision

Invitee Data Collection Without Account Creation Compare →

If someone sends you a Calendly booking link and you use it to schedule a meeting, Calendly collects your personal information even if you have never signed up for Calendly yourself.

Added May 10, 2026 Standard Seen across 284 platforms

Medium — 5 provisions

Data Sharing with Advertising and Analytics Partners Compare →

Calendly shares your data with outside advertising and analytics companies, which may track your behavior across websites using cookies and similar tools.

Added May 10, 2026 Standard Seen across 252 platforms
Calendar Content Processing Compare →

When you link your calendar to Calendly, the service reads your calendar event titles, descriptions, and attendee lists to identify when you are free or busy.

Added May 10, 2026 Standard Seen across 284 platforms
International Data Transfers via Standard Contractual Clauses Compare →

If you are in the EU, UK, or Switzerland, Calendly transfers your personal data to the United States using a legal framework called Standard Contractual Clauses, which are pre-approved contract terms meant to protect your data during the transfer.

Added May 10, 2026 Standard Seen across 284 platforms
Data Retention Without Specific Timeframes Compare →

Calendly keeps your personal data for as long as it considers necessary for its services and legal obligations, without committing to specific deletion timelines for most data categories.

Added May 10, 2026 Standard Seen across 284 platforms
Legitimate Interests as Lawful Basis for Processing Compare →

For some data processing activities, Calendly relies on its own business interests as the legal justification rather than asking for your consent or being required by contract.

Added May 10, 2026 Standard Seen across 284 platforms

Low — 1 provision

California Resident Privacy Rights (CCPA/CPRA) Compare →

California residents have five specific privacy rights under California law: to know what data Calendly holds, to delete it, to stop Calendly from selling or sharing it, to correct it, and to limit use of sensitive data.

Added May 10, 2026 Standard Seen across 284 platforms

Monitoring

Calendly has updated this document before.

Monitor includes same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Start Monitor free trial Or create a free account →

Compliance Governance Intelligence

Need provision-level monitoring and regulatory mapping?

Compliance includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.

Start Compliance free trial

Cross-platform context

See how other platforms handle Data Sharing with Business Customers (Hosts) and similar clauses.

Compare across platforms →