Effective: January 1st, 2024
If you are visually impaired, have another disability, or seek support in other languages, you may access this Privacy Policy by emailing us at help@headspace.com.
As part of our company values, especially putting members first, we at Headspace are committed to protecting and respecting your privacy in connection with your use of our content and products via our websites, including www.headspace.com (“Websites”), our applications, including the Headspace mobile app (“Apps”), or other delivery methods (Websites, Apps, and other delivery methods are collectively referred to as our “Products”). Headspace may deliver coaching services, psychotherapy services (i.e. therapy), and psychiatry services (collectively the “Services”) using the Products or via other delivery methods, as applicable. Headspace provides the Services through its affiliated medical providers and partners, including Ginger.io of California Medical P.C. (“Ginger Medical”) or third party medical providers (Ginger Medical and these third party medical providers will be collectively referred to as our “Care Providers”). Throughout this Privacy Policy, we will collectively refer to all of our Products and Services as our “Platform.” This Privacy Policy covers the “personal information,” meaning information about an identified or identifiable individual that is collected through our Product or Services.
Depending on how you interact with us, the following may also apply to you:
Please read the following carefully to understand our practices regarding your personal information. We also encourage you to review our end-user terms and conditions here.
This Privacy Policy is provided in a layered format. We provided summaries for each section, but we encourage you to read each section in detail.
1. | Collection of personal information | We may collect your personal information through our Platform, or when you otherwise share your information with us. Our collection may require your input or can be automatically collected while you engage with us. |
2. | Use of personal information | We primarily use your personal information for our Products and Websites to function and to deliver you the Services. We also may use your personal information for other purposes like communicating to you about your interest in our Platform, processing payments, complying with legal obligations, or to develop new features or improvements. |
3. | Sharing of personal information | We may share your personal information with certain third-party service providers to help make our Platform function. We may also share personal information as directed by you, to provide you with opportunities we think may interest you, or as legally required, such as to comply with a court order. |
4. | Data security and retention | The security of your personal information is of utmost importance to us. We retain your personal information for as long as necessary, and we maintain appropriate safeguards to protect it. |
5. | Your privacy rights | We want you to have choice in how your personal information is used. We provide you rights to request actions regarding your personal information including deletion, no matter where you reside. Further rights may be provided for your specific jurisdiction, which are outlined in Section 10. |
6. | Children's Privacy | Our Platform is generally intended for adults, except in limited circumstances depending on your offering. |
7. | Cookies | When you visit our Websites, we may collect certain information from you automatically through cookies and other tracking technologies. You can decide what cookies are deployed using the cookies settings on our Websites. |
8. | Changes | We may change this Privacy Policy to reflect new services, changes in our data practices, or to comply with relevant laws. |
9. | Contact us | You may contact us for comments, questions, or to exercise your privacy rights in various ways including emailing help@headspace.com |
10. | Supplemental notices | This section provides additional information specific to certain jurisdictions. Please note, that our Platform is operated in the United States where your personal information will be primarily processed and stored. |
We may collect or process the following personal information about you from what you provide us directly, we receive from others, and personal information we may automatically collect when you interact with our Platform.
(a) Information you provide to us
(b) Information from others
In certain circumstances, we may collect personal information about you from others. This may include the following:
(c) Information we automatically collect
Our Products and Websites may collect information from you automatically during your use which may include:
(d) Aggregated, anonymous, and de-identified data We may create or collect aggregated, anonymous, or de-identified data from personal information by removing, masking, or otherwise altering data components that make the data personally identifiable, or potentially personally identifiable to you (“De-Identified Data”). De-Identified Data is not personal information and not subject to this Privacy Policy.
We may use your personal information in the following ways:
The security of your personal information is important to us. We follow generally accepted standards, practices, and procedures to protect the personal information submitted to us, both during transmission and once it is received. We maintain appropriate technical, administrative and physical safeguards to help protect the security of your personal information against unauthorized access, destruction, loss, alteration, disclosure or misuse.
No security can be fully guaranteed, though. If you have an account with us and you suspect unauthorized use of your account or its credentials, you should contact us immediately using the contact information in Section 9 below or contact our security team directly at security@headspace.com.
We will keep your personal information for as long as needed to perform our obligations to you, or for as long as legally permitted. The criteria used to determine our retention periods include: (i) the length of time we have an ongoing relationship with you; (ii) whether there is a legal obligation to which we are subject; and (iii) whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations). For example, we keep your account information, like your name, email address, and password, for as long as your account exists so that you may access it.
We believe that you should have control of your personal information. To that end we provide the following rights to make requests regarding your personal information. You may make these requests by contacting help@headspace.com or in some cases using features within the Platform:
Upon receiving your request, we may ask for additional information from you in order to verify the request or confirm how you would like to proceed. We endeavor to respond to a verifiable request without undue delay. If we require an extended amount of time, we will inform you using the email associated with your account or the email you used to make the request.
We do not charge a fee to process your verifiable request unless it is excessive, repetitive, or clearly unfounded. If we determine that your request requires a fee, we will tell you why and provide you with a cost estimate before completing your request.
Your rights are not absolute, and exceptions may apply. These exceptions can arise from different factors including our legal obligations, the rights of others, your or another’s safety, and our ability to bring or defend against legal claims. Additionally, we will not fulfill your request if you do not provide sufficient information to verify your identity or to verify that a third party making the request is authorized to act as your representative.
Some US jurisdictions provide residents with certain rights with respect to their personal information as defined under applicable law. These rights are subject to the specific laws of that jurisdiction and that certain other rights might apply. Please review our Supplemental Notices, including our Privacy Notice for EU and UK, our Privacy Notice for California, and our Privacy Notice for Virginia, Connecticut, Colorado, Utah, and Nevada for more information on rights and terms specific to your location or place of residence.
At Headspace, we are committed to protecting and respecting children’s privacy. Our Platform is generally intended for individuals at least 18 years old and we do not intentionally collect personal information from individuals under 18 years old. There are limited exceptions:
You also may notice some content in our Products that appears geared towards children. This content is only meant for you to share with your child under your supervision, and does not require or allow your child to create an account.
If you are a parent or guardian and you are aware that a child under age 13 has provided us with their personal information without parental consent, please contact us at help@headspace.com and we will take steps to remove that personal information from our servers.
This Privacy Policy is effective as of the date posted at the top. We may update this Privacy Policy from time to time to reflect Platform changes, make corrections, improve clarity, reflect changes in our privacy practices, or as required by applicable laws. When we may make a significant change, such as on how we use your personal information or your rights, we will notify you within the Platform or through another channel such as the email you supplied during account registration, in addition to posting the revised version on our Website. We encourage you to periodically check this Privacy Policy to stay informed about how we handle your personal information.
We want to hear from you if you have questions, concerns, or requests regarding this Privacy Policy. You can reach us by emailing help@headspace.com or calling 855.432.3822.
Depending on your jurisdiction, you have additional rights that apply to you under your jurisdiction's privacy laws. We provide the supplemental information in this section in our efforts to comply with those additional privacy laws and inform you about your rights. If you do not see your jurisdiction below please do not interpret that to mean that we do not respect your privacy and we encourage you to still contact us using the contact details above with your questions or concerns. Please note that Headspace is a US based company and your personal information will be stored within the US.
(a) Privacy Notice for EU and the UK
If you have any questions or concerns regarding our personal information collection, use, and sharing practices as described in this Privacy Policy you may reach us using emailing help@headspace.com. We will investigate the matter and resolve any issues, if we can. In the event that we are unable to resolve your issues, you may be able to invoke binding arbitration, under certain conditions and as permitted by the EU-U.S. DPF, its UK Extension, or the Swiss-U.S. DPF, by contacting our U.S.-based third party dispute resolution provider (free of charge) at https://go.adr.org/eu-us_dpf_annexi.html. Headspace is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).
Headspace is mindful of its responsibility and potential liability for onward transfers of personal data to third parties where Headspace deems such transfers necessary and those transfers are subject to the applicable EU-U.S. DPF, its UK Extension, or the Swiss-U.S. DPF.
Legal basis. Headspace relies on one or more legal bases to process your personal information under applicable law, including:
Legitimate business interests. We may collect, process, and maintain personal information to pursue the legitimate business interests outlined below. To determine these legitimate interests, we balance our legitimate interests against the legitimate interests and rights of you and others, and only process personal information in accordance with those interests where they are not overridden by your data-protection interests or fundamental rights and freedoms.
Our legitimate interests generally include:
Privacy rights. Individuals in the EU and UK have privacy rights under the GDPR and the UK equivalent. We will work to respond to your verified request within a month’s time unless we request an extension. Section 5 above generally covers these privacy rights but EU and UK residents also have the following:
Exceptions may still apply as described in Section 5.
Representatives: Individuals and the data protection supervisory authorities in the EU/EEA and individuals and the data protection supervisory authority (“ICO”) in the UK may also contact our data protection representatives according to Article 27 GDPR:
EU: DP-Dock GmbH, Attn.: Headspace, Inc., Ballindamm 39, 20095 Hamburg, Germany
UK: DP Data Protection Services UK Ltd., Attn.: Headspace, Inc., 16 Great Queen Street, Covent Garden, London, WC2B 5AH, United Kingdom
www.dp-dock.com
headspace@gdpr-rep.com
Our data protection officer can be reached at privacy@headspace.com.
(b) Privacy Notice for California
CATEGORY | COLLECTED | “SOLD” / “SHARED” |
A. Identifiers.
Name, alias, mailing address, unique personal identifier, online identifier, IP address, email (personal and/or work), account name, telephone number, password, account credentials, National Provider Identifier (NPI), driver’s license / government ID number (if provided for identity verification), or other similar identifiers |
Yes |
Yes
email, online identifier, personal unique identifier, IP address |
B. Personal information categories listed in the California Customer
Records statute (Cal. Civ. Code § 1798.80(e)).
Name, signature, mailing address, telephone number, driver’s license / government ID number (if provided for identity verification), payment card number, employment, employment history, bank account information, medical information, and health insurance information |
Yes |
Yes
|
C. Protected classification characteristics under California or
federal law.
Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status |
Yes | No |
D. Commercial information.
Payment history, balances, Products or Services purchased or considered |
Yes |
Yes
Products or Services purchased or considered |
E. Biometric information.
Sleep, health, or exercise data |
Yes | No |
F. Internet or other similar network activity.
Browsing history, search history, information on how you interact with our website |
Yes |
Yes
Browsing history, information on how you interact with our website |
G. Geolocation data.
Approximate location based on information like IP address |
Yes | No |
H. Sensory data.
Audio recordings, voicemails, photographs |
Yes | No |
I. Professional or employment-related information.
Employer, job title or role, work contact information |
Yes | No |
J. Non-public education information (per the Family Educational
Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part
99)).
Student identification number |
Yes | No |
K. Inferences drawn from other personal information.
Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes |
Yes | No |
L. Sensitive personal information.
Password, health information, payment information, racial and/or ethnic origin, information concerning your sexual orientation, and gender identity |
Yes | No |
Please note that because of the overlapping nature of certain categories identified above, some of the personal information we collect may be reasonably classified under multiple categories. Please also note that some of this personal information, especially in regards to the Products and Services, may be covered by federal laws like HIPAA.
Use of personal information. We may use your personal information in the following ways:
Use of sensitive personal information. We use sensitive personal information for the same purposes listed above except for personalizing ads.
Retention. We will keep your personal information for as long as needed to perform our obligations to you, or for as long as legally permitted. The criteria used to determine our retention periods include: (i) the length of time we have an ongoing relationship with you; (ii) whether there is a legal obligation to which we are subject; and (iii) whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations). For example, we keep your account information, like your name, email address, and password, for as long as your account exists so that you may access it.
Your California privacy rights. The CCPA provides California residents with rights to receive certain disclosures regarding the collection, use, and disclosure of personal information and sensitive personal information. These disclosures are provided in Sections 1-3 and the chart in Section 10(b) above. If you are a California resident, you have the following rights under California law in relation to your personal information, subject to certain exceptions. We will respond to your verifiable request within 45 days.
Notice of right to Opt-Out.
As mentioned above, if you are a resident of California, Headspace “sells” and “shares” personal information under the CCPA’s broader definition of “sale” or “share.” California law provides you a right to opt-out of such “sales” and “shares.”. You may exercise this right by following this link and, if you are an Apps user, by going to the My Data page here or within your mobile app settings. The opt-out link is also available our Website’s pages by clicking on the Your Privacy Choices link.(c) Privacy Notice for Virginia, Connecticut, Colorado, Utah, and Nevada
Collection of personal information. Headspace may collect the personal information described in Section 1 and as categorized in the table within Section 10(b) above. Please note that some of this personal information will be considered sensitive under your state’s legal definition which can vary across different states. The personal information we may collect depending on how you use our Platform includes mental or physical health information, racial or ethnic origin, and information about sexual orientation or gender identity.
Use of personal information. Headspace may collect, use, or disclose personal information about US state residents for purposes listed in Section 2 of our Privacy Policy. We use sensitive personal information for the same purposes except for personalizing ads.
Disclosure of personal information. We may disclose your personal information to the categories of service providers and third parties identified in Section 3 of this Privacy Policy, and in ways that are described in that section.
Your privacy rights. We generally provide the privacy rights described in Section 5 above to you regardless of your location. Your state may afford you additional privacy rights as noted below. To exercise your right, see the contact information in Section 9 or follow the instructions below for specific state rights. We will respond to your verifiable request within the time limit afforded under applicable law. Exceptions may still apply as described in Section 5.