Does Calendly have SOC 2?
Yes — Calendly has SOC 2 Type II, verified against their published documentation.
As of June 10, 2026. Source: vendor documentation ↗. A SOC 3 report is also listed. Documentation shared via Calendly's Whistic profile.
What SOC 2 actually tells you
SOC 2 is an attestation (not a certification) issued by a CPA firm against the AICPA Trust Services Criteria. A Type I report evaluates control design at a point in time; a Type II report tests whether controls operated effectively over a period, typically 6–12 months — which is why security reviews usually require Type II.
The existence of a report is the start of diligence, not the end: scope matters (which products and criteria were covered), and so do the exceptions noted inside the report.
Watch this vendor
Get notified if Calendly's posture changes.