If someone sends you a Calendly booking link and you use it to schedule a meeting, Calendly collects your personal information even if you have never signed up for Calendly yourself.
This analysis describes what Calendly's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Most people assume they only share data with services they have actively signed up for; this provision means Calendly may have your data simply because a colleague or business contact uses the platform.
Interpretive note: The exact verbatim language describing invitee data collection was not fully reproduced in the truncated document; the summary is based on standard Calendly privacy notice provisions and contextual signals in the document.
Any person who books a meeting through a Calendly link, including your name, email address, and meeting details, has their data collected and processed by Calendly regardless of whether they have a Calendly account or have agreed to its terms.
How other platforms handle this
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
If we collect health information from these integrations (such as heart rate), we will not sell or use it for advertising or other similar purposes; we do not disclose it to third parties without your prior consent; and we will only use it for the specific purposes described in this Policy.
We collect your personal data when you use our Services, create a new eBay account, provide us with information via a web form, add or update information in your eBay account, participate in online community discussions or otherwise interact with us.
Monitoring
Calendly has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"Invitees are individuals who schedule meetings with Calendly users. Calendly collects information from and about invitees when they interact with a Calendly user's scheduling page, even if the invitee does not have a Calendly account. This information includes contact details provided by the invitee, scheduling and calendar information, and other details submitted through the booking process.— Excerpt from Calendly's Calendly Privacy Notice
REGULATORY LANDSCAPE: This provision directly engages GDPR Articles 13 and 14, which require data controllers to provide transparency notices to data subjects at the point of collection, including where data is not collected directly from the subject. The relevant enforcement authority is the applicable EU supervisory authority. Under CCPA/CPRA, invitees who are California residents may qualify as consumers whose data is subject to deletion and opt-out rights. The adequacy of Calendly's notice to invitees as a lawful basis mechanism under GDPR's legitimate interests ground may require evaluation by affected organizations. GOVERNANCE EXPOSURE: High. Organizations using Calendly to schedule meetings with clients, patients, or employees may themselves be acting as data controllers in respect of those individuals' data, and their reliance on Calendly as a processor raises questions about whether their own privacy notices and data subject rights procedures cover this processing activity. JURISDICTION FLAGS: EU/EEA and UK jurisdictions create heightened exposure given GDPR and UK GDPR transparency requirements. California residents have CPRA rights that extend to data collected through invitee interactions. Illinois organizations should assess whether any sensitive data categories are implicated through meeting content. CONTRACT AND VENDOR IMPLICATIONS: Procurement teams and legal counsel should confirm whether a Data Processing Agreement exists with Calendly covering invitee data, and whether the DPA's scope and sub-processor provisions are adequate. Organizations in regulated industries such as healthcare or financial services should assess whether meeting booking data constitutes regulated personal information subject to additional protections. COMPLIANCE CONSIDERATIONS: Organizations should update their own privacy notices to disclose Calendly's collection of invitee data. Consent mechanisms or legitimate interest assessments may need to be documented for EU/EEA contexts. Data mapping exercises should include Calendly as a data processor for both user and invitee data flows.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Most people assume they only share data with services they have actively signed up for; this provision means Calendly may have your data simply because a colleague or business contact uses the platform.
Any person who books a meeting through a Calendly link, including your name, email address, and meeting details, has their data collected and processed by Calendly regardless of whether they have a Calendly account or have agreed to its terms.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Calendly.