Is calendly.com legit?
Calendly.com appears to be a mostly safe platform for scheduling, backed by strong technical infrastructure and a long-standing domain. However, users should be aware of a moderate number of external scripts, hidden content, and particularly, the notable amount of negative user feedback on Trustpilot.
SaaS average: 81/100 · based on 62 sites
Checked: April 12, 2026 at 10:21 PM UTC · Refresh
Is calendly.com a scam? Here's what we found.
The site uses modern TLS 1.3 encryption and enforces HTTPS via HSTS, suggesting a good baseline for secure communication. While no threats were detected by Google Web Risk, the high number of external scripts introduces a larger potential attack surface that users should be mindful of.
With over 13 years of domain history and clear WHOIS records through a prominent registrar, Calendly.com shows a strong and transparent digital identity that has matured over time.
Despite its high global traffic rank and clean DNS blacklist status, the significantly low Trustpilot score indicates a substantial number of customer experience issues that prospective users should investigate further before committing.
The site provides clear contact information, legal pages, and a strong social media presence, which are good signs. However, the presence of numerous hidden content elements could be a red flag for potential obfuscation or deceptive practices.
The site clearly provides both privacy policy and terms of service pages, indicating a commitment to legal and user agreement compliance, which is expected for a platform handling personal scheduling information.
The robust DNS configuration, including DNSSEC and comprehensive email authentication (SPF, DMARC), along with a fast page load time via Cloudflare, points to a well-maintained and reliable technical foundation.
Signals Detected
This is one of the most visited websites globally
Site uses structured data identifying itself as: Organization, WebSite
Site has custom branding and social media metadata
robots.txt has 17 directives and references a sitemap
crt.sh returned status 429
Site enforces HTTPS via HSTS
Web server: cloudflare
No threats detected by Google Web Risk
Domain created 2013-02-26T19:50:41Z (13 years, 3 months ago)
Registered through GoDaddy.com, LLC
Expires in 319 days
DNSSEC status from WHOIS
Valid certificate, expires in 86 days
Certificate issued by Google Trust Services
Connection uses TLS 1.3
Resolves to: 2a06:98c1:3107::ac40:9251, 2606:4700:4402::6812:29af, 104.18.41.175, 172.64.146.81
Mail servers: aspmx.l.google.com., alt2.aspmx.l.google.com., alt1.aspmx.l.google.com., aspmx3.googlemail.com., aspmx2.googlemail.com.
Domain has SPF email authentication configured
Domain has DMARC email authentication configured
DNS providers: roan.ns.cloudflare.com., hope.ns.cloudflare.com.
Excessive number of external scripts — may indicate malicious injection
Excessive hidden content found — may indicate cloaking or deceptive content
Trustpilot rating: 2.9/5 based on 465 reviews
Not found on any DNS blacklists
Website is live and responding
Website appears to have contact information
Website has both privacy policy and terms of service pages
Website links to multiple social media platforms
No sitemap found — common for smaller sites
Could not query Wayback Machine
Fast page load
Embed This Badge
Stay Safe Online
Good habits to protect yourself, no matter the scan result.
Never reuse passwords across sites.
Add a second layer of security to your accounts.
Always verify unfamiliar stores before entering payment info.