Calendly
Certifications & attestations
| Certification | Status | Source | Last verified |
|---|---|---|---|
| SOC 2 Type II A SOC 3 report is also listed. Documentation shared via Calendly's Whistic profile. | Verified | vendor source ↗ | June 10, 2026 |
| ISO 27001 Listed under certifications and frameworks on Calendly's security page. | Verified | vendor source ↗ | June 10, 2026 |
| CSA STAR Level 1 Self-assessment. | Verified | vendor source ↗ | June 10, 2026 |
→ Direct answer: Does Calendly have SOC 2?
Subprocessors
Subprocessor extraction for Calendly is pending.
Hosting & data residency
- InfrastructureAmazon Web Services
- Data residencynot yet recorded
Trust documents & links
- Trust centerhttps://public-profile.whistic.com/761120cf-454b-4c02-9483-f079882608a0
- Security pagehttps://calendly.com/security
- DPAnot yet recorded
- Status pagehttps://www.calendlystatus.com
Security incidents & disclosures
No incidents on record in the public sources we track, as of June 10, 2026. Absence of a record is not a guarantee — see methodology.
Change history
2026-06-10
Vendor added to StackPosture — initial snapshot from published trust documentation. Verification pass pending.
2026-06-10
Verification pass: SOC 2 Type II (plus SOC 3), ISO 27001, and CSA STAR Level 1 confirmed against Calendly's security page. Whistic trust profile added; PCI compliance is via payment processor Chargebee, not Calendly itself.