Data retention policy
Calendly retains data until a customer cancels their account at which time the data is deleted or if a customer puts in a data deletion request at which time the requested data would be deleted from Calendly's systems.
Data archiving and removal policy
Calendly removes Customer Data in accordance with industry standard best practices as well as any applicable local, state, or federal privacy laws and any extraterritorial privacy laws globally.
Data storage policy
Calendly stores Customer Data in accordance with industry standard best practices in an environment that is vetted by the Calendly Security team and approved by the Calendly Security Committee. Calendly stores Customer Data in AWS and GCP and encrypts the data at rest using AES-256 and in transit using TLS 1.2 or above using non-deprecated cipher suites.
App/service has sub-processors
yes
Guidelines for sub-processors