If you are based in the United States and use our Services, we may collect or receive certain personal information and other data about you that is regulated by certain health information laws, including the Health Insurance Portability and Accountability Act (“HIPAA”).
If Calm Health is being made available to you by your health insurer, healthcare provider, or other HIPAA covered entity, the Services may be subject to that other entity’s HIPAA Notice of Privacy Practices, which describes how the covered entity uses and discloses your medical information. To review the covered entity’s Notice of Privacy Practices, please contact the covered entity.
We collect information when you register for an account, participate in interactive features (like answering screening questionnaires or viewing recorded content), fill out a form or a survey, make a purchase, communicate with us via social media sites, request customer support, or otherwise interact with us. The information you provide may include:
Personal details: your name, email address, linked social media details, and street address.
Payment details: payment information.
Views and opinions: feedback, survey responses, and other information included within your interactions with us or otherwise provided via the Services. Some users also provide information about how they are feeling in connection with providing feedback or other messages to us.
Employment information: we may also collect employment information.
Other Information You May Provide: password, language settings, goals, previous meditation experience, previous experience with mental health, answers to questions about your current mental health, sleep habits, and moods and reflections you provide during check-ins, and other information about you included within your interactions with us or otherwise provided via the Services.
When you use the Services, we collect the following information about you:
Usage Information: the sessions you use, videos you view, content you listen to, screens or features you access, and other similar types of usage information.
Transactional information: information about a purchase, such as product description, price, subscription or free trial expiration date, and time and date of the transaction.
Log Information: the web browser you use, app version, access times and dates, pages viewed, your IP address, and the page you visited before navigating to our websites.
Device Information: information about the computer or mobile device you use to access the Services, including the hardware model, operating system and version, device identifiers set by your device operating system, and mobile network information.
Communications: we may record our communications including chat messages, phone, or video calls, such as when you provide us with feedback or market research.
When you use the Services, we generate the following information about you:
User ID: a user ID and associate it with your account.
Derived Information: information about you based on other information we have collected. For example, like most platforms, we use your IP address to derive the approximate location of your device. We also use information we collect about you to help determine the likelihood of you continuing to use the Services in the future.
We may also obtain information about you from other sources, including:
Transaction information: details from third-parties you use to install our app or purchase a subscription.
Calendar information: details from third-party calendar services that you choose to integrate with our services.
Social media data: if you create or log into your Calm account through a social media service account, we will have access to information from that account, such as your name and other account information, in accordance with your data sharing settings on that social media service.
Third party health app data: with your permission, we may also receive data from your mobile device’s health app (like Apple HealthKit or Google Health Connect), including hours of sleep and sleep goals. However, we do not infer any health-related characteristics from this information and only process it consistent with the purpose for which it was originally provided.
Cookie data: we may collect information via cookies and web beacons. Please see our Cookie Notice for more details.
Information you make public: finally, we may obtain information you have made publicly available, including from websites and online services you use, consumer research platforms, and/or business contact databases.
We use the information we collect to:
Provide and maintain the Services, including debugging to identify and repair errors (the legal basis for this processing is the performance of the user agreement between you and Calm);
Improve the Services, including by developing new products and services (the legal basis for this processing is our legitimate interest in improving and developing new services, by exploring ways to further enhance our services and business);
Process transactions and fulfill orders (the legal basis for this processing is the performance of the user agreement between you and Calm);
Send you transactional or relationship messages, such as receipts, account notifications, customer service responses, and other administrative messages (the legal basis for this processing is our legitimate interest in providing relevant information about our services, including your purchases from us);
Communicate with you about products, services, and events offered by Calm and others, request feedback, and send news, gifts, or other information we think will be of interest to you (see the “Your Choices” section below for information on how to opt out of marketing messages) (The legal basis for this processing is our legitimate interest in providing information about products and services that may be of interest to you unless applicable law requires us to obtain your consent, in which case we will do so);
Monitor and analyze trends, usage, and activities in connection with the Services (the legal basis for this processing is our legitimate interest in improving our Services and understanding our users’ needs and expectations);
Detect, investigate, and prevent fraudulent transactions and other illegal activities and protect the rights and property of Calm and others, including to enforce our agreements and policies (the legal basis for this processing is our legitimate interest in preventing fraud and protecting and securing our assets, customers, employees and the public);
Comply with the law, such as by processing transactional records for tax filings and other compliance activities (the legal basis for this processing is compliance with our legal obligations under applicable law related to, for instance, taxation, and consumer protection law);
Create anonymous or aggregated data that no longer can be reasonably used to identify you (the legal basis for this processing is our legitimate interest in creating non-personally identifiable data to help improve our services, provide reports to third parties, and otherwise enhance and promote our business);
Personalize your online experience and the advertisements you see on other platforms based on your preferences, interests, and browsing behavior (the legal basis for this processing is our legitimate interest in improving your experience with the Services and serving advertisements more relevant to your interests, unless applicable law requires us to obtain your consent, in which case we will do so); and
Facilitate contests, sweepstakes, and promotions (the legal basis for this processing is our legitimate interest in conducting promotional activities that our users may voluntarily decide to participate in).
Facilitate treatment, payment, and healthcare operations of HIPAA covered entities and their business associates (the legal basis for this processing is the performance of the user agreement between Calm and the covered entities we service).
With companies and contractors that perform services for us, including email service providers, payment processors, fraud prevention vendors, analytics providers, advertising partners, and other service providers;
To accountants, auditors, lawyers, and other outside professional advisors to Calm, subject to appropriate contractual obligations of confidentiality;
If we believe disclosure is in accordance with, or required by, applicable law or legal process, including court order, subpoena, or other lawful requests by public authorities to meet national security or law enforcement requirements;
If we believe your actions are inconsistent with our user agreements or policies, if we believe you have violated the law, where necessary for the purposes of prevention, investigation, detection or prosecution of criminal offenses or the execution of criminal penalties, or to protect the rights, property, and safety of Calm or others, or if it is necessary for the establishment, exercise or defense of legal claims;
In connection with any merger, sale of company assets, financing or acquisition of all or a portion of our business by another company;
Between and among Calm and our current and future parents, affiliates, subsidiaries, and other companies under common control and ownership;
If your Calm subscription has been provided to you by someone else, like your employer or a family member who invited you to use one of their dependent subscriptions, we may inform them that you have signed up for the subscription they offered you;
If your Calm subscription was obtained through a third-party promotion, such as bundled with a third-party service or offered through a promotional code distributed by that third party, we may inform them that you redeemed the offer;
With the HIPAA covered entities that sponsored your access to Calm Health (e.g., your insurance company or healthcare provider) and their business associates.
With other HIPAA covered entities that are involved in treatment, payment, and healthcare operations as permitted by HIPAA.
With your consent or at your direction. With your consent or at your direction. For instance, you may choose to share actions you’ve taken through the Services using “share”or similar features or by linking your Calm account with third-party services.
We also disclose aggregated or other information not subject to obligations under the data protection laws of your jurisdiction with third parties.
Depending on where you are located, you can disable cookies used for advertising purposes by visiting calmhealth.com/optout or through our preferences Cookie Preferences Manager. Or, for more information about interest-based ads, including to use ad industry tools to opt out of having your web browsing information used for behavioral advertising purposes, please visit www.aboutads.info/choices (if you are in the EU, please visit www.youronlinechoices.eu/). Your mobile device should also include a feature that allows you to opt out of having certain information collected through apps used for behavioral advertising purposes.
Calm is based in the United States and has operations there and in other countries. As a result, we and our service providers process information in countries which may not provide equivalent levels of data protection as your home jurisdiction. Where required by law, we provide adequate protection for the transfer of personal data in accordance with applicable law, such as by obtaining your consent, relying on the European Commission’s adequacy decisions, or executing Standard Contractual Clauses. Where relevant, you may request a copy of these Standard Contractual Clauses by emailing us at firstname.lastname@example.org.
You may update certain account information (such as your password, name and email address) by logging into your account, contacting us through our Help Center, or emailing us at email@example.com.
Regardless of your location, but subject to certain limits and conditions provided under law, you have the right to request to:
know more about the information we have about you;
access information we have about you (including in a portable format);
correct information we have about you;
opt out of “sales”, targeted advertising, or “sharing”; and
delete the information we have about you.
Where relevant, you also have the right to limit sensitive personal data processing or opt out of profiling for decisions that produce legal or similarly significant effects. However, Calm does not currently engage in processing that gives rise to those opt-out rights. Calm Health is designed to align with the data minimization standards outlined in HIPAA, including the principle of minimum necessary.
If you request to delete your information, please note that we retain certain information when required or permitted by law.
Also, please note that where Calm Health is made available to you through your relationship with a health plan, provider network, or other HIPAA covered entity, your rights may be administered by the covered entity, rather than by Calm Health. In such cases, Calm Health may direct your privacy rights requests to the covered entity for evaluation and execution, and we may be required by law, contract, or other restrictions to refrain from honoring requests sent directly to Calm Health.
You can exercise these rights by emailing us at firstname.lastname@example.org or by submitting the request on our website at calm.com/contact (click on the box that says “Ask a question” and type your request into the pop-up window). We will not provide discriminatory treatment against anyone that exercises any of their rights.
You can opt out of use of data collected via the Services for targeted advertising, and related “sales” and “sharing,” by using our Cookie Preferences Manager to disable ad trackers on our website or adjusting your mobile device settings to limit ad tracking via the mobile app. You can also opt out by visiting our websites with a recognized universal choice signal enabled (such as the Global Privacy Control). Please note that, depending on which opt-out preference signal you use, our processing of the signal may be limited to the specific browser or device that you are using. You may need to renew your opt-out if you use a different browser or device to access the Services.
Authorized agents should submit requests through the same channels, but we may require proof that the person is authorized to act on your behalf and may also still ask you to verify your identity with us directly.
If we deny your request, you may appeal our decision by emailing email@example.com. If you are in the U.S. and have concerns about the result of the appeal, you may contact the attorney general in the state where you reside.
You may opt out of receiving promotional emails from Calm by following the instructions in those emails or by logging into your account and managing your contact preferences. If you opt out, we may still send you non-promotional emails, such as those about your account or our ongoing business relations.
With your consent, we send promotional and other push notifications to your mobile device. You can deactivate these messages at any time by changing the notification settings on your mobile device.
We may offer you the ability to opt into more personalized emails from Calm Health, including emails that contain Protected Health Information. If such communications are offered to you, you will be able to change your preferences regarding PHI emails at any time.
This section provides additional disclosures required by the California Consumer Privacy Act, as amended.
Please see the chart below for a list of the personal information we have collected about California consumers in the last twelve (12) months, along with our business and commercial processing purposes and categories of third parties to whom this information may be disclosed. For more details about the personal information we collect, including the categories of sources, please see the Collection of Information section above.
Categories of personal information we collect
Identifiers, such as your name, phone number, email address, social media handle, and unique identifiers (like IP address) tied to your browser or device.
Characteristics of protected classifications under state or federal law, such as gender and age.
Commercial information, such as your payment information and Calm product or service purchases.
Approximate geolocation data.
Internet or other electronic network activity, such as browsing behavior and information about your usage and interactions with the Services.
Audio, electronic, visual, or similar information, such as profile photo or personal information you may provide during customer support calls and call recordings.
Professional, employment, and education information, such as information we collect from employers with self-funded health plans.
Health Information, which may include information covered by HIPAA or considered sensitive under some state privacy laws.
Other personal information you provide, including opinions, preferences, goals, and previous meditation experience and other personal information contained in product reviews, surveys, or communications.
Inferences drawn from the above, such as product interests and purchasing insights.
Business or commercial purposes for which we may use your information
Perform or provide the services, such as to maintain accounts, provide customer service, process orders and transactions, and verify customer information.
Improve and maintain the Services, such as by improving the Services and developing new products and services.
Debug, such as to identify and repair errors and other functionality issues.
Communicate with you about marketing and other relationship or transactional messages.
Analyze usage, such as by monitoring trends and activities in connection with use of the Services.
Personalize your online experience, such as by tailoring the content and ads you see on the Services and on other platforms based on your preferences, interests, and browsing behavior.
Legal reasons, such as to help detect and protect against security incidents, or other malicious, deceptive, fraudulent, or illegal activity.
Parties to whom information may be disclosed
Companies that provide services to us, such as those that assist us with customer support, subscription and order fulfillment, advertising measurement, communications and surveys, data analytics, fraud prevention, cloud storage, bug fix management and logging, and payment processing.
Companies that we provide services to, such as health plans, provider networks, and other entities who may contract with us to offer Calm Health on their behalf.
Companies that are providing core healthcare activities, including treatment, payment, and healthcare operations.
Third parties with whom you consent to sharing your information, such as with social media services or academic researchers.
Government entities or other third parties for legal reasons, such as to comply with law or for other legal reasons as described in our Disclosure section.
California and Colorado consumers have the rights described above under the Privacy Rights section. We “share” and “sell” identifiers and electronic network activity with our advertising partners (including social media platforms) so our advertising partners can show ads that are targeted to your interests on other platforms. To opt out, you can use our cookie preferences tool to disable ad trackers on our website and can adjust your mobile device settings to limit ad tracking via the mobile app. We do not knowingly “sell” or “share” personal data about consumers under the age of 16.
Notice of Financial Incentives: We offer various financial incentives. For example, we may provide incentives to customers who participate in a survey or provide testimonials. When you participate in a financial incentive, we collect personal information from you, such as identifiers (like your name and email address) and information about your experiences using the Services. You can opt into a financial incentive by following the sign-up or participation instructions provided, and, for any ongoing benefits, you can opt out at any time, such as by following the unsubscribe instructions in the applicable program’s terms or by contacting us. In some cases, we may provide additional terms and conditions for a financial incentive, which we will provide to you when you sign up.
The value of your personal information is reasonably related to the value of the offer or discount presented to you.We retain personal data for no longer than is necessary for the purposes for which it is processed, unless applicable law requires storage for a longer period of time.
We retain personal data for no longer than is necessary for the purposes for which it is processed, unless applicable law requires storage for a longer period of time.
Subject to certain limits and conditions provided under law, in addition to the rights described under the Privacy Rights section above, you have the right to:
Object to certain processing (like receiving direct marketing), or request that we restrict processing in certain circumstances (like to retain but not further process pending resolution of a claim).
Withdraw any consent you have provided.
Request that Calm transfer certain data to another data controller.
File a complaint regarding our data protection practices with a supervisory authority.
File a complaint regarding our data protection practices with a supervisory authority.
Please see this directory for contact details: https://edpb.europa.eu/about-edpb/board/members_en.
If you are in Switzerland, please visit this FDPIC site for contact details: https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact.html.
If you are in the United Kingdom, please see this site for contact details: https://ico.org.uk/global/contact-us/.
If you would like to exercise any of these rights and can't do so directly via the Services or your device, you may contact us as indicated below.
If you are in Europe, you may also contact our representative at: