Default Share Image

Headspace Privacy Policy

Effective: January 1st, 2024

If you are visually impaired, have another disability, or seek support in other languages, you may access this Privacy Policy by emailing us at help@headspace.com.

As part of our company values, especially putting members first, we at Headspace are committed to protecting and respecting your privacy in connection with your use of our content and products via our websites, including www.headspace.com (“Websites”), our applications, including the Headspace mobile app (“Apps”), or other delivery methods (Websites, Apps, and other delivery methods are collectively referred to as our “Products”). Headspace may deliver coaching services, psychotherapy services (i.e. therapy), and psychiatry services (collectively the “Services”) using the Products or via other delivery methods, as applicable. Headspace provides the Services through its affiliated medical providers and partners, including Ginger.io of California Medical P.C. (“Ginger Medical”) or third party medical providers (Ginger Medical and these third party medical providers will be collectively referred to as our “Care Providers”). Throughout this Privacy Policy, we will collectively refer to all of our Products and Services as our “Platform.” This Privacy Policy covers the “personal information,” meaning information about an identified or identifiable individual that is collected through our Product or Services.

Depending on how you interact with us, the following may also apply to you:

  • Our Services are delivered by our Care Providers. For those Care Providers in the US, they are classified as covered entities under the Health Insurance Portability and Accountability Act (HIPAA). Headspace is subject to HIPAA as our Care Providers’ business associate. Our Care Providers may provide you an additional privacy notice during enrollment which we encourage you to review. For example, if you receive Services from Ginger Medical, you can access their Notice of Privacy Practices here. If you are outside the US and use our international Care Providers, you may still receive an additional privacy notice from them as relevant to the applicable law in your area.
  • Some components or features of our Platform may include additional privacy notices, such as an optional feature that uses your personal information in a unique way. Similarly, you may have been given access to our Product or Services in a manner that includes additional terms or privacy notices such as from your employer. The language of those terms and privacy notices supplement this Privacy Policy unless there is a conflict, in which case those additional terms and privacy notices will apply.
  • You may follow links contained in our Platform or provided to you by other users to third-party websites or products not operated by us. This Privacy Policy does not apply to third-party websites or products. We strongly suggest you review their privacy policies to understand how your personal information is used and stored by those third parties.
  • Similar to the above point, you may use single sign-on (SSO) features to access our Platform, such as through your social media accounts or through your employer. That use may be subject to your SSO provider’s terms and privacy policies, and we encourage you to review them prior to using those features.
  • This privacy policy does not apply to Headspace employees or applicants to Headspace. Applicants can learn about how we use their personal information by reading our Applicant Privacy Notice here, and employees will be provided further details as part of onboarding.

Please read the following carefully to understand our practices regarding your personal information. We also encourage you to review our end-user terms and conditions here.

Table of Contents

This Privacy Policy is provided in a layered format. We provided summaries for each section, but we encourage you to read each section in detail.

1. Collection of personal information We may collect your personal information through our Platform, or when you otherwise share your information with us. Our collection may require your input or can be automatically collected while you engage with us.
2. Use of personal information We primarily use your personal information for our Products and Websites to function and to deliver you the Services. We also may use your personal information for other purposes like communicating to you about your interest in our Platform, processing payments, complying with legal obligations, or to develop new features or improvements.
3. Sharing of personal information We may share your personal information with certain third-party service providers to help make our Platform function. We may also share personal information as directed by you, to provide you with opportunities we think may interest you, or as legally required, such as to comply with a court order.
4. Data security and retention The security of your personal information is of utmost importance to us. We retain your personal information for as long as necessary, and we maintain appropriate safeguards to protect it.
5. Your privacy rights We want you to have choice in how your personal information is used. We provide you rights to request actions regarding your personal information including deletion, no matter where you reside. Further rights may be provided for your specific jurisdiction, which are outlined in Section 10.
6. Children's Privacy Our Platform is generally intended for adults, except in limited circumstances depending on your offering.
7. Cookies When you visit our Websites, we may collect certain information from you automatically through cookies and other tracking technologies. You can decide what cookies are deployed using the cookies settings on our Websites.
8. Changes We may change this Privacy Policy to reflect new services, changes in our data practices, or to comply with relevant laws.
9. Contact us You may contact us for comments, questions, or to exercise your privacy rights in various ways including emailing help@headspace.com
10. Supplemental notices This section provides additional information specific to certain jurisdictions. Please note, that our Platform is operated in the United States where your personal information will be primarily processed and stored.

1. Collection of personal information

We may collect or process the following personal information about you from what you provide us directly, we receive from others, and personal information we may automatically collect when you interact with our Platform.

(a) Information you provide to us

  • Contact information and identifiers. When you use our Platform, we may ask you to provide certain contact information, including your first and last name and email address. We may also collect your social media identification number if you choose to access the Products via a social media account.
  • Account Information. If you decide to set up an account with us, we may ask you to provide certain additional contact information including, for example, your first and last name, e-mail address (personal and/or work), telephone number, mailing address, employer or company name, job title, student identification number, emergency contact information, as well as password and other authentication-related information. For individuals who participate in special subscriptions and features, including group plans, we may collect additional personal information, for example, home address and names and emails of household members for example, the names and emails of household members.
  • Health information. We will collect the information you provide about your health and wellness as you use our Products or engage with the Services. You may provide this information through the Products, such as through survey responses about your current mental or physical health status, setting your health or wellness goals, or in other inputs that relate to your health or wellbeing. You may also provide this type of information through the Services, such as talking with your coach or therapist about your current health needs or during treatment. We understand that this information is very sensitive so we handle it with care, including treating this health information as protected health information under HIPAA where applicable.
  • Profile and demographic information. Through your account in our Product, you may have the opportunity to provide additional information about yourself, such as your age, race and ethnicity, sexual orientation, preferred pronouns, gender or gender identity, sex at birth, marital status, and details about your health and medical history.
  • Payment information. If you sign up for a paid product or service from us, you may be required to provide your payment card or bank account information. Please note that Headspace does not directly process payment card information, and instead relies upon third party payment processors to do so on our behalf. Please note that third party terms may apply to these payment services. Personal information collected for these purposes includes card number, type, expiration date, and billing address, and certain anonymized, limited and/or truncated versions of this information may be provided to Headspace.
  • Survey information. We may present you with surveys for Product functionality, to provide you the Services, to provide you with information about our Products and Services that we think may be of interest to you, or for research purposes. These surveys may give you the opportunity to describe certain things about you, your use of the Platform, or feedback on future improvements.
  • Communication information. When you send or respond to emails, messages, chats, or other communications from Headspace, we may collect your email address, name, and any other personal information you choose to include in the body content of your communications. In addition, when you interact with certain features of our Products, we may collect the content of those communications.
  • Support information. When you submit a support request or otherwise engage with our support team, we collect the information you provide as part of that interaction. We also utilize live chat and/or chatbot technology, which allow you to communicate directly with our automated customer service system and/or customer service representatives via a chat window about our Products and Services. Text entered into this form prior to submission may be collected, retained, and used by Headspace for our business purposes, including by our customer service and other personnel and service providers.

(b) Information from others

In certain circumstances, we may collect personal information about you from others. This may include the following:

  • If you receive access to Headspace through your employer, health plan, or another party that sponsors your access (your “Benefit Sponsor”), we collect your name and email address and other information that your Benefit Sponsor submits to us to facilitate your enrollment in our Products and Services.
  • We may collect the name, email address, content engagement, and preferences of individuals that our users identify through our sharing and referral features. We use this data for the sole purpose of sharing content and referring individuals to join the Products.
  • We may collect personal information from parents or guardians for operating accounts for their dependants aged 13-17 where supported.
  • If you choose to have your account verified to confirm your eligibility for a select subscription offering, we may allow a third party platform to access the specific personal information you provide in order to perform the verification. Any failure to provide sufficient information or any response Headspace considers abnormal may result in Headspace refusing (or being unable) to verify your eligibility.

(c) Information we automatically collect

Our Products and Websites may collect information from you automatically during your use which may include:

  • Browser and device data, such as IP address, device identifier, device type, operating system and Internet browser type, screen resolution, operating system name and version, device manufacturer and model, language, plug-ins, add-ons, and the language version of the Websites and Products you are visiting.
  • Usage data, such as time spent on the Products and Websites including pages visited, links clicked, approximate location, language preferences, performance of features, patterns of use, and the pages that led or referred you to our Products and Websites.

(d) Aggregated, anonymous, and de-identified data We may create or collect aggregated, anonymous, or de-identified data from personal information by removing, masking, or otherwise altering data components that make the data personally identifiable, or potentially personally identifiable to you (“De-Identified Data”). De-Identified Data is not personal information and not subject to this Privacy Policy.

2. Use of personal information

We may use your personal information in the following ways:

  • To provide our Platform, including the delivery of content and interactive features;
  • To communicate with you regarding our Platform including updates or changes;
  • To provide you support, answer your questions or requests for information, or handle your complaints;
  • To process payment, manage your orders, and account for applicable sales taxes;
  • To inform your Benefit Sponsor, if you have one, about your registration and other information as described in Section 3 below;
  • To fulfill our obligations under any agreements that we may have with you;
  • To maintain and improve the quality of our Platform, including to perform research and development, understand user trends, and, in a limited way, understand the effectiveness of our marketing and advertising such as recording a sales conversion;
  • To provide you with information about new Products and Services, promotions, and other opportunities that we believe may be of interest to you, whether offered by us or third-party partners, and to personalize, measure, and improve such offers;
  • To personalize the advertisements you receive about our Platform through third-party platforms, on other websites and apps;
  • To protect ourselves, you and others such as by taking actions to prevent fraud and other unlawful or unauthorized activity, and creating and maintaining a trusted, secure, and reliable online environment; and
  • To comply with our legal obligations including meeting regulatory compliance obligations, responding to subpoenas, court orders or other legal processes; and
  • to establish or exercise our legal rights or defense against legal claims.

3. Sharing of personal information

We may disclose your personal information with the following categories of third parties:

  • Our service providers. In some circumstances we may need to disclose your personal information to a third party so that they can provide a service on our behalf, such as to help deliver Products or Services that you have requested. These service providers may include services such as analytics, payment processing, advertising and marketing, website hosting, customer and technical support, and other services. Our service providers have access to your personal information only to perform these tasks on our behalf, based on our instructions and are contractually obligated to maintain the confidentiality and security of your personal information, and to not disclose or use your personal information for any other purpose inconsistent with this Privacy Policy and applicable law.
  • Your integrations. You may connect your account through supported integrations with third parties and we will share your personal information with those third parties. If you do connect an integration, that third party’s terms and privacy policy may apply to the personal information shared as a result and we encourage you to review those before setting up the integration. For example, if you are on iOS, you may connect our Products to Apple’s Health Kit. If you do, iOS Privacy Policy and Terms of Use apply, and can be reviewed at www.apple.com/legal/privacy.
  • Community Activity. If you engage with other Platform users using our community features, we will share some information about you such as your name associated with your comment on a forum or other information you choose to share with other users.
  • Your Benefit Sponsor. In limited cases, we may provide certain personal information to your Benefit Sponsor, including your name, email address, your registration date, and the date on which you last used our Platform. Generally, we restrict this sharing to not include specific details of your in-app activity or any details about your use of Services, like therapy. This restriction may not apply where sharing some of your activity is necessary for your treatment, payment, or healthcare operations such as if your Benefit Sponsor is your other healthcare provider, health insurance provider, or health plan.
  • Third party business partners. In limited cases, we may provide certain personal information to third party businesses with which we have a joint promotional relationship, bundled subscription offer, or other trusted partnership. This type of sharing will most often be consistent with your notice, consent, direction, and/or reasonable expectations in light of the circumstances in which you provided the personal information.
  • Third party advertising platforms. We work with third party platforms who provide us with analytics and advertising services. This includes helping us understand how users interact with our Platform serving advertisements on our behalf to those who may be interested, and measuring the performance of those advertisements.
  • Compliance and harm prevention. If we are under a duty to disclose or share your personal information in order to comply with any legal obligation, such as to comply with a subpoena, bankruptcy proceeding, similar legal process, or in order to enforce our agreements with you; or to protect the rights, property, or safety of Headspace, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction. We may also disclose personal information where we believe that doing so would be in accordance with or required by any applicable law, regulation or legal process.
  • Affiliates and business transfer. We may share your personal information with any member of our business group, which includes our subsidiaries and our affiliates including Ginger Medical and its medical professional corporation affiliates for any of the purposes described in this Privacy Policy. If Headspace, including any of our subsidiaries, brands, or affiliates, is involved in a merger, acquisition, asset sale, or other corporate combination, your personal information may be transferred to the acquiring or surviving entity. If such transfer results in a material change to the use of your personal information, we will provide notice before your personal information is transferred or becomes subject to a different privacy policy.

4. Data security and retention

The security of your personal information is important to us. We follow generally accepted standards, practices, and procedures to protect the personal information submitted to us, both during transmission and once it is received. We maintain appropriate technical, administrative and physical safeguards to help protect the security of your personal information against unauthorized access, destruction, loss, alteration, disclosure or misuse.

No security can be fully guaranteed, though. If you have an account with us and you suspect unauthorized use of your account or its credentials, you should contact us immediately using the contact information in Section 9 below or contact our security team directly at security@headspace.com.

We will keep your personal information for as long as needed to perform our obligations to you, or for as long as legally permitted. The criteria used to determine our retention periods include: (i) the length of time we have an ongoing relationship with you; (ii) whether there is a legal obligation to which we are subject; and (iii) whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations). For example, we keep your account information, like your name, email address, and password, for as long as your account exists so that you may access it.

5. Your privacy rights

We believe that you should have control of your personal information. To that end we provide the following rights to make requests regarding your personal information. You may make these requests by contacting help@headspace.com or in some cases using features within the Platform:

  • Access. You have the right to know what personal information we collect about you and how we use it. This Privacy Policy serves to inform you about that collection and use. If we have personal information about you, you may also request a copy of that information.
  • Correction. You have the right to request the correction of your inaccurate personal information.
  • Portability. You may request an export of your personal information in a structured and machine readable format such as a .csv or .pdf. Where feasible, we can send that export to a third party you identify.
  • Deletion. You have the right to request, under certain circumstances, the deletion of your personal information that we collect.
  • Restriction. You have the right to request that Headspace restrict the use of your personal information in certain circumstances. Please note that in some cases we may not be able to place a restriction due to the use being necessary for Product functionality or delivery of the Services.
  • No retaliation or discrimination. You have the right not to receive discriminatory or retaliatory treatment for making a request.

Upon receiving your request, we may ask for additional information from you in order to verify the request or confirm how you would like to proceed. We endeavor to respond to a verifiable request without undue delay. If we require an extended amount of time, we will inform you using the email associated with your account or the email you used to make the request.

We do not charge a fee to process your verifiable request unless it is excessive, repetitive, or clearly unfounded. If we determine that your request requires a fee, we will tell you why and provide you with a cost estimate before completing your request.

Your rights are not absolute, and exceptions may apply. These exceptions can arise from different factors including our legal obligations, the rights of others, your or another’s safety, and our ability to bring or defend against legal claims. Additionally, we will not fulfill your request if you do not provide sufficient information to verify your identity or to verify that a third party making the request is authorized to act as your representative.

Some US jurisdictions provide residents with certain rights with respect to their personal information as defined under applicable law. These rights are subject to the specific laws of that jurisdiction and that certain other rights might apply. Please review our Supplemental Notices, including our Privacy Notice for EU and UK, our Privacy Notice for California, and our Privacy Notice for Virginia, Connecticut, Colorado, Utah, and Nevada for more information on rights and terms specific to your location or place of residence.

6. Children’s privacy

At Headspace, we are committed to protecting and respecting children’s privacy. Our Platform is generally intended for individuals at least 18 years old and we do not intentionally collect personal information from individuals under 18 years old. There are limited exceptions:

  • If you are in the US and participate in our Headspace for Teens offering or through certain Benefit Sponsors’ offerings, you may register an account as long as you are at least 13 years old.
  • If you are a US user 13 to 17 years old who may have joined as noted above, you may enroll in the Services with verifiable parent or guardian consent.
  • If you are a parent under our employee assistance program (EAP), you may refer your child of at least 6 years old to our Care Providers for in-person care but cannot create an account for them.

You also may notice some content in our Products that appears geared towards children. This content is only meant for you to share with your child under your supervision, and does not require or allow your child to create an account.

If you are a parent or guardian and you are aware that a child under age 13 has provided us with their personal information without parental consent, please contact us at help@headspace.com and we will take steps to remove that personal information from our servers.

7. Cookies

When you visit our Websites, we may collect information from you automatically through cookies including cookies provided by third parties. We use cookies and the information they collect for a variety of purposes including functionality, analyzing performance, security, personalizing Website content, and advertising. We will get your consent in order to use such trackers or provide you with the opportunity to opt-out of cookies, to the extent required by applicable law. You may use an opt-out preference signal, such as the Global Privacy Control (GPC), to opt-out of the sale/sharing of your personal information. For more information on the types of cookies we use and your choices regarding them, please review our Cookie Policy.

8. Changes

This Privacy Policy is effective as of the date posted at the top. We may update this Privacy Policy from time to time to reflect Platform changes, make corrections, improve clarity, reflect changes in our privacy practices, or as required by applicable laws. When we may make a significant change, such as on how we use your personal information or your rights, we will notify you within the Platform or through another channel such as the email you supplied during account registration, in addition to posting the revised version on our Website. We encourage you to periodically check this Privacy Policy to stay informed about how we handle your personal information.

9. Contact us

We want to hear from you if you have questions, concerns, or requests regarding this Privacy Policy. You can reach us by emailing help@headspace.com or calling 855.432.3822.

10. Supplemental notices

Depending on your jurisdiction, you have additional rights that apply to you under your jurisdiction's privacy laws. We provide the supplemental information in this section in our efforts to comply with those additional privacy laws and inform you about your rights. If you do not see your jurisdiction below please do not interpret that to mean that we do not respect your privacy and we encourage you to still contact us using the contact details above with your questions or concerns. Please note that Headspace is a US based company and your personal information will be stored within the US.

(a) Privacy Notice for EU and the UK



Data Transfers. This section is for individuals in the European Union (EU), the United Kingdom (UK), and Switzerland. Headspace operates as a data controller under the General Data Protection Regulation (GDPR) for the majority of the personal information detailed in section 1 and as a data processor for the limited personal information we may receive from your Benefit Sponsor.

Headspace complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Headspace has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Headspace has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

The following entities are included under Headspace’s DPF certification and adhere to the EU-U.S. DPF Principles, its UK Extension, and the Swiss-U.S. DPF Principles:

  • Headspace, Inc.
  • Ginger.io, Inc.
  • Ginger.io of California Medical P.C.

If you have any questions or concerns regarding our personal information collection, use, and sharing practices as described in this Privacy Policy you may reach us using emailing help@headspace.com. We will investigate the matter and resolve any issues, if we can. In the event that we are unable to resolve your issues, you may be able to invoke binding arbitration, under certain conditions and as permitted by the EU-U.S. DPF, its UK Extension, or the Swiss-U.S. DPF, by contacting our U.S.-based third party dispute resolution provider (free of charge) at https://go.adr.org/eu-us_dpf_annexi.html. Headspace is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).

Headspace is mindful of its responsibility and potential liability for onward transfers of personal data to third parties where Headspace deems such transfers necessary and those transfers are subject to the applicable EU-U.S. DPF, its UK Extension, or the Swiss-U.S. DPF.

Legal basis. Headspace relies on one or more legal bases to process your personal information under applicable law, including:

  • (i) with your consent, which you may withdraw at any time;
  • (ii) when the processing is necessary to perform our contractual obligations to you, like under our Terms;
  • (iii) when necessary to pursue our legitimate interests as further detailed below;
  • (iv) when necessary for our compliance with our legal obligations such as a request or order from courts, law enforcement or other government authorities.

Legitimate business interests. We may collect, process, and maintain personal information to pursue the legitimate business interests outlined below. To determine these legitimate interests, we balance our legitimate interests against the legitimate interests and rights of you and others, and only process personal information in accordance with those interests where they are not overridden by your data-protection interests or fundamental rights and freedoms.

Our legitimate interests generally include:

  • Providing you with our Platform, including functionality of features or Websites you interact with or so that we can provide you the Services.
  • Providing you with customer service and support, including to send you messages and provide user support, and to facilitate other communications that you request or are required to render our Products and Services to you. This may include providing you with information about new products and other opportunities we offer that we believe may be of interest to you based upon your interactions with us, and to personalize, measure, and improve such offers.
  • Maintaining and improving the quality of the Products and Services that we offer, including to customize our features to better fit your needs as a user, develop new sites and products, to perform internal analytics for new and existing products (such as our user accounts and related features) and to conduct research and development. This also includes sharing personal information with our trusted service providers that provide services on our behalf.
  • Protecting you and others, as well as, to create and maintain a trusted environment, such as to ensure compliance our agreements with you and other third parties, to ensure safe, secure, and reliable sites and products, and to detect and prevent wrongdoing and crime, assure compliance with our policies, and protect and defend our rights, interests, and property.
  • To provide, personalize, measure and improve our marketing, including to send you promotional messages and other information that may be of interest to you with your consent. We may also use personal information to understand our user base and the effectiveness of our marketing. This processing is done pursuant to our legitimate interest in undertaking marketing activities to offer products or services that may be of interest to you.
  • For risk management purposes, including compliance with our legal and regulatory obligations and for fraud detection, prevention and investigation, including “know your customer,” anti-money laundering, conflict and other necessary onboarding and ongoing client checks, due diligence and verification requirements, credit checks, credit risk analysis, compliance with sanctions procedures or rules, and tax reporting.
  • Complying with laws and regulations applicable to us, including any legal or regulatory guidance, codes, or opinions and to other legal process and law enforcement requirements, including any internal policy based on or reflecting legal or regulatory guidance, codes, or opinions. We may also respond to subpoenas, court orders, or legal process, and establish and exercise our legal rights or defenses against legal claims.

Privacy rights. Individuals in the EU and UK have privacy rights under the GDPR and the UK equivalent. We will work to respond to your verified request within a month’s time unless we request an extension. Section 5 above generally covers these privacy rights but EU and UK residents also have the following:

  • Right to object to processing - You may have the right to request that Headspace Health restrict the use of your personal data in certain circumstances.
  • Right not to be subject to automated decision making - You have the right not to be subject to a decision based solely on automated processing. Please know that we do not currently make decisions about you in this manner.
  • Right to lodge a complaint - You may also have the right to lodge a complaint about our data collection and processing actions with the appropriate supervisory authority. If you are in the EU, you can view the contact information for your data protection authority here. If you are in the UK, please visit this page. We ask that you contact us first to see if we can resolve your issue.

Exceptions may still apply as described in Section 5.


Representatives: Individuals and the data protection supervisory authorities in the EU/EEA and individuals and the data protection supervisory authority (“ICO”) in the UK may also contact our data protection representatives according to Article 27 GDPR:

EU: DP-Dock GmbH, Attn.: Headspace, Inc., Ballindamm 39, 20095 Hamburg, Germany

UK: DP Data Protection Services UK Ltd., Attn.: Headspace, Inc., 16 Great Queen Street, Covent Garden, London, WC2B 5AH, United Kingdom

www.dp-dock.com

headspace@gdpr-rep.com

Our data protection officer can be reached at privacy@headspace.com.

(b) Privacy Notice for California


We include this section for residents of California in order to comply with the California Consumer Privacy Act of 2018, and its amendment, the California Privacy Rights Act of 2020 (together, the “CCPA”). This section is intended to comply with the CCPA by supplementing the information provided elsewhere in the Privacy Policy.

Categories of personal information. The CCPA includes categories of personal information that businesses like us are required to tell you what of them we have collected from you. To comply with those requirements, we have provided the table below disclosing the categories of personal information we have collected through our Platform within the last twelve (12) months.

Headspace is not a data broker and does not sell your personal information to third parties for payment. However, as with many online companies, Headspace partners with third parties to manage our advertising on other platforms. For that purpose, we may disclose limited personal information to third parties for our cross-context behavioral and targeted advertising purposes and this activity may fall under broader concepts of “selling” and/or “sharing” under the CCPA. We have noted in the table below what categories we have “sold” and/or “shared” in the last twelve (12) months. Please review the section below the table about your privacy rights for more information on how to opt-out of this activity.

CATEGORY COLLECTED “SOLD” / “SHARED”
A. Identifiers.
Name, alias, mailing address, unique personal identifier, online identifier, IP address, email (personal and/or work), account name, telephone number, password, account credentials, National Provider Identifier (NPI), driver’s license / government ID number (if provided for identity verification), or other similar identifiers
Yes Yes
email, online identifier, personal unique identifier, IP address
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).
Name, signature, mailing address, telephone number, driver’s license / government ID number (if provided for identity verification), payment card number, employment, employment history, bank account information, medical information, and health insurance information
Yes Yes
email
C. Protected classification characteristics under California or federal law.
Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status
Yes No
D. Commercial information.
Payment history, balances, Products or Services purchased or considered
Yes Yes
Products or Services purchased or considered
E. Biometric information.
Sleep, health, or exercise data
Yes No
F. Internet or other similar network activity.
Browsing history, search history, information on how you interact with our website
Yes Yes
Browsing history, information on how you interact with our website
G. Geolocation data.
Approximate location based on information like IP address
Yes No
H. Sensory data.
Audio recordings, voicemails, photographs
Yes No
I. Professional or employment-related information.
Employer, job title or role, work contact information
Yes No
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).
Student identification number
Yes No
K. Inferences drawn from other personal information.
Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes
Yes No
L. Sensitive personal information.
Password, health information, payment information, racial and/or ethnic origin, information concerning your sexual orientation, and gender identity
Yes No

Please note that because of the overlapping nature of certain categories identified above, some of the personal information we collect may be reasonably classified under multiple categories. Please also note that some of this personal information, especially in regards to the Products and Services, may be covered by federal laws like HIPAA.

Use of personal information. We may use your personal information in the following ways:

  • To provide our Platform, including the delivery of content and interactive features;
  • To communicate with you regarding our Platform including updates or changes;
  • To provide you support, answer your questions or requests for information, or handle your complaints;
  • To process payment, manage your orders, and account for applicable sales taxes;
  • To inform your Benefit Sponsor, if you have one, about your registration and other information as described in Section 3 below;
  • To fulfill our obligations under any agreements that we may have with you;
  • To maintain and improve the quality of our Platform, including to perform research and development, understand user trends;
  • To provide you with information about new Products and Services, promotions, and other opportunities that we believe may be of interest to you, whether offered by us or third-party partners, and to personalize, measure, and improve such offers;
  • To personalize the advertisements you receive about our Platform through third-party platforms, on other websites and apps;
  • To protect ourselves, you and others such as by taking actions to prevent fraud and other unlawful or unauthorized activity, and creating and maintaining a trusted, secure, and reliable online environment; and
  • To comply with our legal obligations including meeting regulatory compliance obligations, responding to subpoenas, court orders or other legal processes; and
  • To establish or exercise our legal rights or defense against legal claims.

Use of sensitive personal information. We use sensitive personal information for the same purposes listed above except for personalizing ads.

Retention. We will keep your personal information for as long as needed to perform our obligations to you, or for as long as legally permitted. The criteria used to determine our retention periods include: (i) the length of time we have an ongoing relationship with you; (ii) whether there is a legal obligation to which we are subject; and (iii) whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations). For example, we keep your account information, like your name, email address, and password, for as long as your account exists so that you may access it.

Your California privacy rights. The CCPA provides California residents with rights to receive certain disclosures regarding the collection, use, and disclosure of personal information and sensitive personal information. These disclosures are provided in Sections 1-3 and the chart in Section 10(b) above. If you are a California resident, you have the following rights under California law in relation to your personal information, subject to certain exceptions. We will respond to your verifiable request within 45 days.

  • Right to know and access. You have the right to know what personal information we collect, use, disclose, and sell and/or share, as those terms are defined under applicable law. You may ask us to provide you a portable copy of this information up to two times in a rolling twelve-month period.
  • Right to delete. You have the right to request under certain circumstances that we, as well as our service providers and contractors, delete the personal information that we collect about you.
  • Right to correct inaccurate personal information. You have the right to request the correction of inaccurate personal information.
  • Right to non-discrimination. You have the right not to receive discriminatory treatment for the exercise of the privacy rights described above.
  • Right to opt out of sale and/or sharing. You have the right to opt-out of the sale and/or sharing of your personal information by a business. Please see our Notice of Right to Opt-Out below for more information.
  • Right to limit use and disclosure. You have the right to limit the use or disclosure of your sensitive personal information to only the uses necessary for us to provide goods or services to you. We will not use or disclose your sensitive personal information after you have exercised your right unless you subsequently provide consent for the use of your sensitive personal information for additional purposes.
  • Sharing with third parties for their own direct marketing purposes. Headspace does not disclose personal information to third parties for their own direct marketing purposes. However, California residents additionally have the right to request information regarding such practices under California’s “Shine the Light” law. If you are a California resident and would like to inquire further, please email help@headspace.com.

Notice of right to Opt-Out.

As mentioned above, if you are a resident of California, Headspace “sells” and “shares” personal information under the CCPA’s broader definition of “sale” or “share.” California law provides you a right to opt-out of such “sales” and “shares.”. You may exercise this right by following this link and, if you are an Apps user, by going to the My Data page here or within your mobile app settings. The opt-out link is also available our Website’s pages by clicking on the Your Privacy Choices privacyoptions29x14 link.

(c) Privacy Notice for Virginia, Connecticut, Colorado, Utah, and Nevada



We include this section for residents of other US states with privacy laws that may impact them. These privacy laws include the Virginia Consumer Data Privacy Act (“VCDPA”), the Connecticut Data Privacy Act (“CTDPA”), the Utah Consumer Privacy Act (“UCPA”), the Colorado Privacy Act (“CPA”), and the Nevada Privacy Law (“NPL”). This section is intended to comply with these laws by supplementing the information provided elsewhere in the Privacy Policy.

Collection of personal information. Headspace may collect the personal information described in Section 1 and as categorized in the table within Section 10(b) above. Please note that some of this personal information will be considered sensitive under your state’s legal definition which can vary across different states. The personal information we may collect depending on how you use our Platform includes mental or physical health information, racial or ethnic origin, and information about sexual orientation or gender identity.

Use of personal information. Headspace may collect, use, or disclose personal information about US state residents for purposes listed in Section 2 of our Privacy Policy. We use sensitive personal information for the same purposes except for personalizing ads.

Disclosure of personal information. We may disclose your personal information to the categories of service providers and third parties identified in Section 3 of this Privacy Policy, and in ways that are described in that section.

Your privacy rights. We generally provide the privacy rights described in Section 5 above to you regardless of your location. Your state may afford you additional privacy rights as noted below. To exercise your right, see the contact information in Section 9 or follow the instructions below for specific state rights. We will respond to your verifiable request within the time limit afforded under applicable law. Exceptions may still apply as described in Section 5.

  • Residents of Colorado, Connecticut, Virginia, and Utah have the right to opt out of targeted advertising and sales. If you are a resident of these states, you may opt out by following this link and, if you are an Apps user, by going to the My Data page here or within your mobile app settings.
  • For users in Colorado, Connecticut and Virginia, you may opt out of profiling in furtherance of decisions that produce legal or similarly significant effects. While you may still make this request, Headspace does not currently use profiling in this manner.
  • Nevada provides its residents a limited right to opt out of the sale of personal information. Please know that we do not trigger this requirement because we do not sell your personal information for payment.

Get some Headspace

  • Send a gift
  • Redeem a code
  • Student Plan
  • All articles
  • Subscribe
  • Headspace for Work
  • Admin portal login
  • Engineering blog

About Us

Support

My Headspace

Login
    • Terms & conditions
    • Privacy policy
    • Cookie policy
    • Sitemap
    • Your privacy choices
      Privacy Choices Icon
    • CA Privacy Notice

Get the app

  • © 2024 Headspace Inc.
  • Terms & conditions
  • Privacy policy
  • Cookie policy
  • Sitemap
  • Your privacy choices
    Privacy Choices Icon
  • CA Privacy Notice