Do I need to disclose Calendly in my privacy policy?

Yes. Because Calendly collects personal data from your website visitors, you must disclose this in your privacy policy. Under GDPR, CCPA, and similar regulations, you're required to transparently inform users about all data collection tools. This includes identifying Calendly as a third-party processor and explaining what data it collects.

What personal data does Calendly collect from my visitors?

Calendly collects names, email addresses, meeting details (such as appointment times and descriptions), and IP addresses from visitors who use your booking widget. If your form requests additional information, Calendly will also collect those custom fields. This data is necessary to create and manage the scheduled appointments.

Does Calendly use cookies that require a consent banner?

Based on available documentation, Calendly does not rely on non-essential cookies for core functionality. However, you should verify current cookie practices directly with Calendly and review your own site's cookie use. If your site uses other tracking technologies, a cookie consent banner may still be required under GDPR and CCPA.

Who processes my data in Calendly and where is it stored?

Calendly LLC, a United States-based company, acts as your data processor. Data collected through Calendly's scheduling widget is transferred to and processed in the United States. If your users are in the EU, you should ensure appropriate data transfer agreements (like Standard Contractual Clauses) are in place and disclose US data transfers in your privacy policy.

Scheduling

Privacy policy clauses for Calendly

Calendly is a scheduling and meeting booking widget that allows website visitors to book appointments directly through your site. Websites use Calendly to streamline scheduling, reduce back-and-forth communication, and automatically manage calendar availability.

Scan my site free →Copy sample clause ↓

Free scan · No signup · Results in 60 seconds

What data Calendly collects

Your privacy policy must disclose each of the following data types when you use Calendly.

Name

Meeting details

IP address

When does Calendly trigger privacy obligations?

Installation Triggers Immediate Obligations

The moment you embed Calendly on your website or link to it from your app, you begin collecting name, email, IP address, and meeting details from visitors who book. This triggers GDPR obligations immediately if you have any EU residents as users—regardless of where your company is based (GDPR Article 4(11) establishes territorial scope based on data subject location, not processor location).

GDPR applies if: You process data of EU residents. Calendly LLC (US-based) becomes your data processor; you are the controller. You must have a Data Processing Agreement (DPA) in place before data flows (GDPR Article 28(3)).

CCPA applies if: You operate a for-profit business in California and collect personal information from California residents. Calendly's collection of name, email, and IP address triggers CCPA Section 1798.100 rights (access, deletion, opt-out of sale). You must disclose what data Calendly collects in your privacy policy.

Privacy policy clauses for Calendly

What data Calendly collects

When does Calendly trigger privacy obligations?

Installation Triggers Immediate Obligations

Where data goes

Common compliance pitfalls

1. Missing or Outdated DPA

2. Vague Consent Language or Missing Data Type Disclosure

3. Assuming Calendly Handles Consent for You

Sample privacy policy clause

What regulators look for

Key Audit Priorities

Frequently asked questions

Do I need to disclose Calendly in my privacy policy?

What personal data does Calendly collect from my visitors?

Does Calendly use cookies that require a consent banner?

Who processes my data in Calendly and where is it stored?

Don't ship without Bandit.