Effective May 05 , 2023
Calendly’s mission is to help you schedule better. To do so, we need personal information from you and the people scheduling time with you – there’s no way around it. But we don’t take this responsibility lightly. We recognize the importance of privacy and your rights, and we want you to feel confident about using our services and in your interactions with us. We want you to love Calendly as much as we do, but if you do not agree with this policy then please do not access or use the Website.
The sections below contain the information you may want to know about this topic. We’ve tried to make them as straightforward as possible, but we realize it’s a lot of information. If you still have any questions, please reach out to us via email.
This privacy notice (“Privacy Notice” or “Notice”) describes how Calendly, Inc. and its affiliate Interview Schedule, Inc. d/b/a Prelude (“Calendly”, “we”, or “us”) collect, use, and disclose your Personal Data. Throughout this document, we will use a few definitions to describe various products, roles and relevant terms:
“Website” means all of the text, data, information, software, graphics, photographs and more that we and our affiliates may make available to you, plus our websites (including the Calendly Help Center) and any services, extensions, plug-ins, software, or applications (including Calendly Click, Calendly for Chrome, Calendly for Firefox, and any Calendly applications) that we may provide to you
“Users” are the people who have created a Calendly account
“Invitees” are people who have scheduled a meeting with a User but may or may not have registered with Calendly. Invitees also include candidates in the context of the Prelude service.
“Viewer” is a person who visits the Website but may or may not be a User or Invitee.
“Personal Data” is any data relating to an identified or identifiable natural person that is processed by Calendly as described in this Privacy Notice when such information is protected as “personal data” or “personal information” or a similar term under applicable data protection laws.
This Privacy Notice applies to Personal Data Calendly collects when you visit or use our Website as described in the “Information We Collect” section of this Privacy Notice below. Calendly is the controller of that Personal Data. This Privacy Notice does not apply to Personal Data within Customer Data (as that term is defined in your agreement with Calendly), such as information a User collects about an Invitee when an Invitee books a meeting or interview using our services. We process Personal Data within Customer Data on our customers’ behalf as a processor or service provider. If you are an Invitee and have questions about how your data is processed by our customers or wish to exercise your rights with respect to that data, you must reach out to the User who collected your information. If you contact us about Personal Data within Customer Data and are able to identify the company or User with whom you have interacted, we will promptly notify the relevant customer who collected your data of your inquiry.
Information We Collect.
We collect information about you directly from you and automatically through your use of our Website. To help you protect yourself and your information, we encourage you to provide and collect only that information that is necessary for using our Website. For example, to schedule a meeting, the only information that is necessary is names, email addresses, date, and time. Please note that if you choose not to share certain Personal Data with us, or refuse certain contact permissions, we might not be able to provide certain parts of the Services.
Information You Provide.
Calendly collects the following information, either directly from Users, Invitees, or Viewers, or through third parties regarding Users, Invitees, or Viewers.
Calendar Availability. A User may connect their calendar with Calendly. Our calendar integration only checks the duration and free/busy status of the events in your calendar so that we don’t book you when you’re busy. We never store details about the appointments in your connected calendar, such as who you are meeting with, their email address, or the meeting title. Although connecting your calendar to our services makes the scheduling process much more efficient, you are not required to connect your calendar to use our services. More information about access the Calendly app and extensions have to your connected calendar is available here. Calendly processes the calendar information on the User’s behalf as a processor or service provider. (For Prelude service Users only, the Prelude service works a bit differently. Calendly will have access to the duration, free/busy status of the events in your calendar, attendees, start time, and the title of these events. We need this information in order to understand which events are movable on a User’s calendar so interviews may be scheduled more seamlessly.)
Information Received from Third Parties. If you choose to connect your account to your account with a third-party service, we may receive or be granted access to information from such third-party service, including Personal Information. For example, if you use the Prelude service and enable applicant tracking systems integrations for the recruiting use case within Prelude, your ATS may send to Prelude certain Personal Information as determined by you. You can stop sharing your information from a third-party service with us by removing our access to that service. Calendly processes that information on the User’s behalf as a processor or service provider.
Account and Billing Information. Users provide Calendly with certain information, including name, email address, username, and password, when you set up your account. If you purchase a premium version of Calendly, our third party payment processors will collect and store your billing address and credit card information. We store the last four digits of your credit card number, card type, and the expiration date. (For Prelude service Users only, the payment and billing information will be processed as established in the services agreement between Calendly and your organization.)
Marketing Information. Users, Invitees, or Viewers interested in Calendly’s services may contact us through forms made available on the Website and voluntarily give information such as name, work email, phone number, company, and role. Users, Invitees, or Viewers interested in our newsletter may also submit their name and email addresses to join our mailing list. We also receive other similar information provided by you if you participate in an event hosted by Calendly or its partners (such as webinars) and in your interactions with our social media accounts.
Information Collected Automatically From You.
Log & Device Data. When you use Calendly, our servers automatically record certain information (“log data”), including information that your browser sends whenever you visit our Website. This log data may include the web address you came from or are going to, your device model, operating system, browser type, unique device identifier, IP address, mobile network carrier, and time zone or approximate location. Whether we collect some or all of this information often depends on what type of device you’re using and its settings. For example, different types of information are available depending on whether you’re using a Mac or PC, or an iPhone or an Android phone. To learn more about what information your device makes available to us, please check the policies of your device manufacturer or software provider.
Usage Data. When you use our scheduling platform either as a User or an Invitee, we collect certain information about how you use the platform. For example, we collect information on the meeting types our Users use most often, and how many meetings are scheduled each day. We aggregate this information and use it to help us monitor and improve the Services, such as to determine which features are most popular amongst our Users, and which features could be added or improved.
Third-Party Tools. Subject to your consent, opt-out preferences, or other appropriate legal basis where legally required, we use third-party Service Providers such as Google Analytics to provide certain analytics and Viewer interactions services to Calendly in connection with our operation of our Website, including the collection and tracking of certain data and information regarding the characteristics and activities of visitors to Calendly. You may opt-out of relevant cookies using opt-out features on their respective websites.
How We Use Your Information.
We may use information that we collect about you, including Personal Data, to:
Provide the Calendly Website Service. We will use your information to provide our Website to you, including to facilitate scheduling; create and manage your account; respond to your inquiries; prevent or address service errors, security, or technical issues; analyze and monitor usage; prevent spam, fraud and abuse on the Website; and for other customer service and support purposes. We use the payment information you provide to us in order to alert you of past, current, and upcoming charges, to allow us to present the billing history to you on your billing page on the Website, and to perform internal financial processes, such as looking at the status of a credit card charge. In the event of a credit card dispute, we also share account information with your bank to verify the legitimacy of a charge. For EU / UK purposes, our legal bases for processing are performance of a contract and legitimate interests.
Understand and improve our products. We will perform research and analysis about your use of, or interest in, our products, services, or content, or products, services or content offered by others. We do this to help make our products better and to develop new products. For EU /UK purposes, our legal basis for processing is legitimate interests.
Communicate with you.
Service-related communications. We may send you service and administrative emails to ensure the service is working properly. We will also email you regarding your calendar appointments. These messages are considered part of the service and you may not opt out of these messages. For EU/UK purposes, our legal basis for processing is performance of a contract.
Promotional. Subject to your opt-out preference and subscription, we may send you emails about new product features or other news about Calendly or on topics we think would be relevant to you. You may opt out of receiving these communications at any time. Visit the ‘Your Rights and Choices’ section below. For Calendly Invitees, please be assured that we do not use the email addresses that you enter to schedule a meeting with a Calendly User to send any type of direct marketing. However, you may receive marketing communications if you have used the same email address to sign up for them previously or to manage your account as a Calendly User. For EU/UK purposes, our legal basis for processing is consent.
Responding to your requests. We will also use your information to respond to your questions or comments. For EU/UK purposes, our legal bases for processing are performance of a contract, legitimate interests and/or compliance with a legal obligation.
Administrative. We may contact you to inform you about changes in your services, our service offering and other important service-related notices, such as changes to the Notice or about security or fraud notices. For EU/UK purposes, our legal bases for processing are performance of a contract, legitimate interests, and/or compliance with a legal obligation.
Legal Compliance. We may use your information to comply with applicable legal or regulatory obligations, including complying with requests from law enforcement or other governmental authorities, or in legal proceedings involving Calendly. For EU/UK purposes, our legal basis for processing is compliance with a legal obligation.
Other. We also may use your information to manage our business or perform functions as otherwise described to you at the time of collection subject to your consent where legally required. For EU/UK purposes, our legal basis for processing is consent.
With Whom We May Share Your Information.
We may share information we collect about you, including Personal Data, in the following ways:
With third-party Service Providers, agents, contractors, or government entities. We use other companies, agents, or contractors (“Service Providers”) to perform services on our behalf or to assist us with providing services and communicating with you. We may engage Service Providers to process credit card transactions or other payment methods. We may also engage Service Providers to provide services such as monitoring and developing Calendly services; aiding in communications, infrastructure, and IT services; customer service; debt collection; analyzing and enhancing data. These Service Providers may have access to your Personal Data or other information to provide these functions. In addition, some of the above-listed types of information that we request may be collected by third-party Service Providers on our behalf. Microsoft is one of Calendly’s Service Providers. You may review Microsoft’s Privacy statement here.
We may share information with Service Providers and government entities for legal, security, and safety purposes. This includes sharing information to enforce policies or contracts, address security breaches, and assist in the investigation of fraud, security issues, or other concerns.
We require Service Providers to agree to take reasonable steps to keep the Personal Data that we provide to them secure. We do not authorize them to use or disclose your Personal Data except in connection with providing their services. You may find the list of Calendly’s Service Providers who are also platform subprocessors here.
Affiliates. We may disclose information to current or future affiliates or subsidiaries for purposes consistent with this Privacy Notice.
Authorized Agents. If you are using Calendly as a paid member of an organization or using your organization’s email domain (thereby representing yourself as a member of the organization), we may share your email address, plan information, and data within your account with an authorized agent of your company upon your company’s request for them to administer the account for the company.
Reorganization Event. We may, as a result of a sale, merger, consolidation, change in control, transfer of assets, reorganization, or liquidation of our company (a "Reorganization Event"), transfer or assign your Personal Data to parties involved in the Reorganization Event. You acknowledge that such transfers may occur and are permitted by and subject to this Privacy Notice.
Your Rights and Choices.
Depending on your relationship with Calendly, you may exercise your rights and choices in the following ways:
E-mail. As described above, if you do not wish to receive promotional emails from us, you may opt out at any time by following the opt-out link contained in the email itself. Please note that it may take up to ten (10) days to process your request. Please also note that if you opt out of receiving marketing communications from us, we may continue to send to you service-related emails which are not available for opt-out. If you do not wish to receive any service-related emails from us, you have the option to delete your account.
Cookies. You may also refrain from providing or may withdraw your consent for Cookies via your browser settings. Your browser’s help function should contain instructions on how to set your computer to accept all Cookies, to notify you when a Cookie is issued, or to not receive Cookies at any time. Please keep in mind that certain Cookies are required to authenticate Users as well as perform some actions within Calendly (such as to pay for an event as an Invitee via Calendly), so to use the Website, some strictly necessary Cookies are required. You may also manage the use of targeting, performance, and functional cookies on this website by clicking the Cookie Settings link located on the footer of this page.
Third-party analytics services. Some of the Service Providers we use provide the ability to opt-out.
Google Analytics. You may opt out of Google Analytics’ services using the Opt-Out feature on their website. The Google Analytics service is provided by Google Inc. You can opt-out from Google Analytics service from using your information by installing the Google Analytics Opt-out Browser tool: https://tools.google.com/dlpage/gaoptout. For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: https://policies.google.com/privacy.
Facebook Pixel. You may opt out of Facebook Pixel’s services using their opt-out feature: https://facebook.com/help/568137493302217. For more information on the privacy practices of Facebook, please visit their Data Policy: https://facebook.com/about/privacy
Additional Rights. Depending on where you live, you may have the following rights, subject to any applicable exemptions or limitations:
The right to know and access your Personal Data, such as the categories of Personal Data we have collected, the sources of Personal Data, the purposes of collection, and how we used, disclosed, sold, or shared Personal Data;
The right to correct inaccurate Personal Data that we maintain about you;
The right to delete your Personal Data under specific circumstances;
The right to opt out of the sale or sharing of your Personal Data, as such terms are defined by applicable laws;
The right to object or opt out of certain types of processing, such as targeted advertising, direct marketing, and certain types of profiling and automated decision-making;
The right to request the restriction of processing of your Personal Data;
The right to data portability, which means requesting a copy of your Personal Data in an accessible format;
The right to withdraw your consent under certain circumstances; and
The right to lodge a complaint with the relevant data protection supervisory authority. Where applicable, you can find contact information for your data protection supervisory authority on the European Data Protection Board’s website, https://edpb.europa.eu/about-edpb/about-edpb/members_en, or through other publicly available sources.
To the extent any of the above rights are applicable, you may exercise your rights by contacting us via email. We will take steps to verify your identity before processing certain requests. We will not fulfill your request unless you have provided sufficient information for us to reasonably verify you are the individual about whom we collected Personal Data. If you have an Account with us, we will use our existing Account authentication practices to verify your identity. If you do not have an Account with us, we may request additional information about you to verify your identity. We will only use the Personal Data provided in the verification process to verify your identity or authority to make a request and to track and document request responses, unless you initially provided the information for another purpose.
You may be able to use an authorized agent to submit a rights request on your behalf. When we verify your agent’s request, we may verify both your and your agent’s identity and request a signed document from you that authorizes your agent to make the request on your behalf. To protect your Personal Data, we reserve the right to deny a request from an agent that does not submit proof that they have been authorized by you to act on their behalf.
Certain laws may give you a right to appeal any denials of your request to exercise your rights. If we deny your request and you would like to submit an appeal, please contact us via email.
Note on Third-Party Links.
Our Website may contain links to third-party websites and applications. Subject to your opt-out or consent preferences, we may also use third-party advertisers, ad networks, and other advertising, marketing, and promotional companies, to serve advertisements on our Website. Any access to and use of such linked websites and applications is not governed by this Notice but instead is governed by the privacy policies of those third parties. We do not endorse these parties, their content, or any products and services they offer, and we are not responsible for the information practices of such third-party websites or applications.
Security and Storage of Information.
Given the nature of communications and information processing technology, there is no guarantee that Personal Data will be absolutely safe from access, alteration, or destruction by a breach of any of our physical, technical, and managerial safeguards. However, Calendly takes the security of your Personal Data very seriously. We work hard to protect the Personal Data that you provide from loss, misuse, unauthorized access, or disclosure and we have taken reasonable steps to help protect the Personal Data we collect. We have obtained industry recognized certifications and audits such as the ISO/IEC 27001, which affirm our commitment to our security program (certification not applicable to the Prelude service). More information on Calendly security and storage practices is available here.
You should also take steps to protect against unauthorized access to your device and account by, among other things, choosing a unique and complex password that nobody else knows or can easily guess and keeping your log-in and password private. We are not responsible for any lost, stolen, or compromised passwords or for any activity on your account via unauthorized password activity.
We retain the Personal Data we collect for so long as is reasonably necessary to fulfill the purposes for which the data was collected, to perform our contractual and legal obligations (including any exemptions or exceptions contemplated by law), and for any applicable statute of limitations periods for the purposes of bringing and defending claims.
Users Outside the USA.
Our application and database servers are located here in the United States.
If you are an individual located in the European Economic Area, the United Kingdom, Canada or another jurisdiction outside of the United States with laws and regulations governing Personal Data collection, use, and disclosure that differ from United States laws, please be aware that information we collect (including through the use of methods such as Cookies and other web technologies) will be processed and stored in the United States or in other countries where we or our third-party Service Providers have operations. By submitting your Personal Data to Calendly and using Calendly, you expressly consent to have your Personal Data transferred to, processed, and stored in the United States or another jurisdiction which may not offer the same level of privacy protection as those in the country where you reside or are a citizen. (For a list of applicable jurisdictions, you may check our subprocessors list.)
In connection with the operation of its Website, Calendly may transfer your Personal Data to various locations, which may include locations both inside and outside of the European Economic Area. We rely on Standard Contractual Clauses and the UK Addendum to legally transfer Personal Data submitted relating to individuals in the European Economic Area, the United Kingdom and Switzerland.
Calendly has designated representatives in the European Economic Area and in the United Kingdom in accordance with the applicable requirements in the GDPR and UK GDPR. If you are located in these jurisdictions, you can contact our representatives at any time with any questions you may have about data protection. Their contact details are found in the “Contacting Us” section below.
Additional California Resident Privacy Disclosures.
Under the California Consumer Privacy Act of 2018 and any subsequent amendments including the California Privacy Rights Act of 2020 (collectively, “CCPA”), California residents are entitled to the following additional disclosures about our data processing. These disclosures apply solely to Users, Viewers, and Invitees who live in the State of California (“California Residents”). All terms used in this section have the same meaning as when used in the CCPA. California Residents may also review our Notice at Collection for our Website here.
In the preceding 12 months, we have collected the categories of Personal Data: identifiers, personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)); commercial information; and internet or other similar network activity. The purposes for which we have collected Personal Data and the sources of that information are described above in the Information we Collect and the How We Use Your Information sections above.
In the preceding 12 months, we have disclosed Personal Data for a business purpose as detailed in the With Whom We May Share Your Information section above.
We do not knowingly sell the Personal Data of minors under 16.
Response to Requests.
For an explanation of the rights you may have as a California resident, please see the Your Rights and Choices section above. We will attempt to respond to California Resident requests in as timely a fashion as possible. In the event of delays over 45 days, we will inform you of the reason and extension period in writing. If you have an account with us, we may deliver our written response to that account. Any disclosures we provide will only cover the 12-month period preceding the verifiable receipt of a California Resident’s request. The response we provide will explain the reasons we cannot comply with a request, if applicable. We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before fulfilling your request.
Shine the Light.
This Privacy Notice describes how we may share your information, including for marketing purposes. California residents are entitled to request and obtain from us once per calendar year information about any of your Personal Data shared with third parties for their own direct marketing purposes, including the categories of information and the names and addresses of those businesses with which we have shared such information. To request this information and for any other questions about our privacy practices and compliance with California law, please contact us via email.
Changes to this Notice.
This Notice is current as of the Effective Date set forth above. This Notice may change if there is a material change to the way information is handled at Calendly, or to clarify our Notice or adjust clerical errors. If any changes are made, we’ll post them on this page, so please be sure to check back periodically. If you continue to use Calendly after those changes are in effect, you agree to the revised Notice.
This notice was updated on:
January 2023 – to improve flow, include required information to comply with newer requirements (e.g., CPRA), add clarification on scope, correct mailing and email addresses and expand on GDPR-specific information (e.g., clarity on the legal bases Calendly uses to process information).
March 2023 – to include EU and UK representative contact information.
May 2023 - to clarify terms, integrate processing details around the Prelude service in the notice, add reference to the ISO/IEC 27001 certification, and update Calendly’s entity information.
If you have any questions or comments about this Notice or anything related to privacy, please contact us via email.
You may also write to us at:
Attn: Privacy Department
115 E Main St., Ste A1B
Buford, GA 30518
For EEA Residents - please contact our EU Representative via email. Alternatively, they can be reached by post (DPO Centre Europe, BERLIN: Friedrichstrabe 88, Excellent Business Centre, Berlin, 10117, Germany or (+49 304 0817 3000). You can also contact them here.
For UK Residents: Please contact our UK Representative via email. Alternatively, they can be reached by post (The DPO Centre Ltd, 50 Liverpool Street, London, EC2M 7PY) or (+44 (0) 203 797 6340). You can also contact them here.