What are the institutional and regulatory implications of this document?

REGULATORY LANDSCAPE: The notice expressly engages GDPR and UK GDPR (citing lawful bases including legitimate interests and consent), CCPA and CPRA (providing California-specific rights including opt-out of sale and sharing), and references Standard Contractual Clauses for international data transfers from the EU/EEA/UK. The primary enforcement authorities are the Irish Data Protection Commission or relevant EU supervisory authority for GDPR matters, the UK Information Commissioner's Office for…

How does Calendly's Calendly Privacy Notice affect users?

Calendly's privacy notice affects both registered users and people who simply click a scheduling link sent by someone else, meaning your name, email, and meeting details can be collected and shared with third-party analytics and advertising vendors even if you never created an account. The notice also discloses that calendar content, including event titles and participant information, is processed to enable scheduling features, which may expose sensitive professional or personal information to …

How often is Calendly's Calendly Privacy Notice updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when Calendly updates this document?

Yes. Watcher subscribers ($9.99/month) can add Calendly to their watchlist and receive same-day email alerts whenever this document or any other Calendly document changes.

CA-D-000563

Calendly Privacy Notice

Calendly

Last change detected May 5, 2026 Privacy policy

SHA-256: ec5dd0a9ead408e891f… 1 version captured 0 changes documented

Create free account

Track 1 platform and get the weekly governance digest. No credit card required.

View original document at Calendly ↗

This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology

7 Total

1 High severity

5 Medium severity

1 Low severity

Summary

Calendly's Privacy Notice explains how the scheduling platform collects and uses your personal information, including your name, email address, calendar event details, device data, and payment information. Critically, even if you have never created a Calendly account, your personal data may be collected when you book a meeting through someone else's Calendly link, and that data may be shared with third-party advertising and analytics partners. If you are a California resident or located in the EU or UK, you have specific rights to access, delete, or opt out of certain uses of your data, which you can exercise through Calendly's privacy rights portal.

Technical / Legal Breakdown

This document is Calendly's Privacy Notice, governing the collection, use, storage, and sharing of personal data for users of Calendly's scheduling platform, with stated legal bases including consent, legitimate interests, and contractual necessity depending on jurisdiction. The notice asserts that Calendly collects a broad range of data types including contact information, calendar content, device and usage data, payment information, and inferred data from integrations with third-party services, and the terms authorize sharing this data with service providers, business partners, advertising networks, and affiliated entities. Notably, the notice draws a distinction between 'users' (account holders who create scheduling pages) and 'invitees' (recipients of scheduling links who may not have a Calendly account), meaning individuals who have never signed up for Calendly may have their personal data collected when they book a meeting through a Calendly-hosted link; this has operational implications for consent and transparency obligations that may not be fully resolved by the notice alone. The notice references compliance with GDPR, UK GDPR, CCPA/CPRA, and other regional frameworks, and identifies Standard Contractual Clauses as a cross-border data transfer mechanism; California residents and EU/EEA/UK residents are granted specific enumerated rights. Material compliance considerations include the adequacy of consent mechanisms for invitees who are not direct customers of Calendly, the scope of data sharing with advertising and analytics vendors, and the retention and deletion practices described in general terms without specific timeframes for most data categories.

Institutional Analysis

Institutional analysis available with Professional

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Professional.

Start Professional free trial

High — 1 provision

Invitee Data Collection Without Account Creation Compare →

If someone sends you a Calendly booking link and you use it to schedule a meeting, Calendly collects your personal information even if you have never signed up for Calendly yourself.

Added May 10, 2026 Standard Seen across 251 platforms

Medium — 5 provisions

Data Sharing with Advertising and Analytics Partners Compare →

Calendly shares your data with outside advertising and analytics companies, which may track your behavior across websites using cookies and similar tools.

Added May 10, 2026 Standard Seen across 246 platforms
Calendar Content Processing

When you link your calendar to Calendly, the service reads your calendar event titles, descriptions, and attendee lists to identify when you are free or busy.

Added May 10, 2026 Rare
International Data Transfers via Standard Contractual Clauses Compare →

If you are in the EU, UK, or Switzerland, Calendly transfers your personal data to the United States using a legal framework called Standard Contractual Clauses, which are pre-approved contract terms meant to protect your data during the transfer.

Added May 10, 2026 Standard Seen across 246 platforms
Data Retention Without Specific Timeframes Compare →

Calendly keeps your personal data for as long as it considers necessary for its services and legal obligations, without committing to specific deletion timelines for most data categories.

Added May 10, 2026 Standard Seen across 223 platforms
Legitimate Interests as Lawful Basis for Processing

For some data processing activities, Calendly relies on its own business interests as the legal justification rather than asking for your consent or being required by contract.

Added May 10, 2026 Rare

Low — 1 provision

California Resident Privacy Rights (CCPA/CPRA) Compare →

California residents have five specific privacy rights under California law: to know what data Calendly holds, to delete it, to stop Calendly from selling or sharing it, to correct it, and to limit use of sensitive data.

Added May 10, 2026 Standard Seen across 262 platforms

Monitoring

Calendly has updated this document before.

Watcher includes same-day alerts, structured change summaries, and monitoring for up to 10 platforms.

Start Watcher free trial Or create a free account →

Professional Governance Intelligence

Need provision-level monitoring and regulatory mapping?

Professional includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.

Start Professional free trial

Cross-platform context

See how other platforms handle Data Sharing with Business Customers (Hosts) and similar clauses.

Compare across platforms →