// Trust & Security Report
Cal.com, Inc.
Scheduling and meeting booking software with customizable workflows, video conferencing, and automation. Notable sub-products: Cal.com (managed cloud service), Cal.diy (open-source community edition), Cal.ai (AI phone agent for automated scheduling).
Certifications held
5
Maturity
Enterprise
Trains on your data
Unknown
Trust center
Yes
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on cal.com“Cal.com's SOC 2 Type II certification is audited by an independent third party, proving our controls work as intended. Cal.com undergoes an independent external audit every year to maintain our SOC 2 Type II certification.”
Verify on cal.com“Cal.com's privacy-by-design scheduling software meets ISO 27001 standards. HIPAA, ISO 27001, SOC 2 Compliant Scheduling App.”
Verify on cal.com“Cal.com offers a HIPAA compliant Enterprise plan that includes a signed Business Associate Agreement (BAA) and features designed to protect PHI, such as encrypted data storage, access logging, and customizable intake workflows.”
Verify on cal.com“Cal.com's privacy-by-design scheduling software meets GDPR standards. Cal.com offers a Europe option (Cal.eu) that ensures scheduling data stays within Europe, adhering to GDPR regulations.”
Verify on cal.com“Cal.com's data protection rights are covered by the CCPA. Cal.com engages a limited number of third-party service providers to support the delivery of our services, all bound by confidentiality and data protection obligations consistent with applicable privacy laws.”
// Privacy & AI training
Trains on customer data
Not stated
Data processing agreement
Offered
Data region
Dual availability: US-based default, EU-based option (Cal.eu) available for GDPR compliance with data stored and processed within EU borders.
No public evidence found that Cal.com trains its core scheduling engine on customer data. Cal.ai (AI phone agent) is a separate opt-in product; no specific claims found about training practices for that service.
// Security controls
Encryption
Data encrypted in transit and at rest with continuous monitoring and vulnerability management
cal.comPenetration Testing
Annual third-party penetration testing of web application; regular internal penetration tests
cal.comAccess Logging
Encrypted access logs with role-based access control (RBAC) and audit trails for enterprise plans
cal.comContinuous Monitoring
Automated continuous monitoring and Vanta-based compliance monitoring year-round with external auditor verification annually
cal.com// Products & data scope
data: Unlimited event types, calendar syncing, workflow automation, basic video conferencing (Cal Video), Stripe payment integration
Most feature-rich free tier among competing scheduling tools; no credit card required; unlimited for individuals
data: Round-robin scheduling, shared team availability, team workflows, advanced reporting
Designed for small business teams and distributed sales/support groups
data: Org-wide admin controls, centralized management, sub-team structure, advanced access control
For mid-size to large companies requiring enterprise governance without full enterprise pricing
data: HIPAA BAA, priority support, dedicated database, 99.9% SLA (99.99% option), white-labeling, SSO (SAML), SCIM provisioning, domain enforcement, custom data residency
Compliant for regulated industries (healthcare, finance). Includes custom domain support via own SMTP (upcoming feature). Most HIPAA-friendly option.
data: Automated phone calls for meeting scheduling, AI-powered booking agent
Separate product; add-on to main platform; reduces booking friction through voice automation
data: Full scheduling engine, app store framework, booking infrastructure; MIT-licensed
100% MIT-licensed; no proprietary features; designed for personal/hobbyist self-hosting; not recommended for production; community-maintained
// At a glance
Pricing model
Freemium: Free tier (unlimited for individuals) + Team ($16/user/month) + Organization ($37/user/month) + Enterprise (custom). Cal.diy is free and open source (MIT).
Self-hostable
Yes
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Cal.com, Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-06. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
cal.com