This Privacy Policy explains how Calm Health (provided by Calm.com, Inc.) and our subsidiaries and affiliates (“Calm”, “Calm Health”, “we”, “our”, or “us”) collect, use, and disclose information about you when you access or use our Calm Health websites, mobile applications, and other online products and service (collectively, the “Services”), and when you contact our customer service team, engage with us on social media, or otherwise interact with us. Please note that to the extent we collect, use, or disclose certain consumer health-related information about you, our Consumer Health Privacy Policy, which is a supplement to this Privacy Policy, may also apply.

If you are based in the United States and use our Services, we may collect or receive certain personal information and other data about you that is regulated by certain health information laws, including the Health Insurance Portability and Accountability Act (“HIPAA”).

If Calm Health is being made available to you by your health insurer, healthcare provider, or other HIPAA covered entity, the Services may be subject to that other entity’s HIPAA Notice of Privacy Practices, which describes how the covered entity uses and discloses your medical information. To review the covered entity’s Notice of Privacy Practices, please contact the covered entity.

Additional information for residents of California, Colorado, Connecticut, Nevada, Utah, and Virginia can be found at the end of this Privacy Policy.

We may change this Privacy Policy from time to time. If we make changes, we will revise the date at the top of the policy and, in some cases, we may provide you with additional notice.

Collection of Information

Information You Provide to Us

We collect information when you register for an account, participate in interactive features (like answering screening questionnaires or viewing recorded content), fill out a form or a survey, make a purchase, communicate with us via social media sites, request customer support, or otherwise interact with us. The information you provide may include:

Information We Collect When You Use the Services

When you use the Services or interact with us, we collect the following information about you:

Information We Create or Generate When You Use the Services

When you use the Services, we infer or generate the following information about you:

Information We Collect from Other Sources

We may also obtain information about you from other sources, including:

Use of Information

We use the information we collect to:

Disclosures of Information

We disclose information about you as follows and as otherwise described in this Privacy Policy or at the time of collection:

We also disclose aggregated or other information not subject to obligations under the data protection laws of your jurisdiction with third parties.

Advertising and Analytics Services Provided by Others

We allow others to provide analytics services and serve advertisements on our behalf across the web and other online services. These entities use cookies, web beacons, device identifiers, and other technologies to collect information about your use of the Services and other websites and online services, including your IP address, device identifiers, web browser, mobile network information, pages viewed, time spent on pages or in apps, links clicked, and conversion information. Calm and others may use this information to, among other things, analyze and track data, determine the popularity of certain content, deliver advertising and content targeted to your interests, and better understand your online activity. Some of our advertising partners enable us to convert your email address or phone number into an identifier to show ads that are more relevant to you on other platforms.

You can disable cookies used for advertising purposes by visiting calmhealth.com/optout. Or, for more information about interest-based ads, including to use ad industry tools to opt out of having your web browsing information used for behavioral advertising purposes, please visit www.aboutads.info/choices (if you are in the EU, please visit www.youronlinechoices.eu/). Your mobile device should also include a feature that allows you to opt out of having certain information collected through apps used for behavioral advertising purposes.

If you provide your phone number to set up multi-factor authentication on your account, we will not share it with third parties for marketing or promotional purposes.

Data Transfer

Calm is based in the United States and has operations there and in other countries. As a result, we and our service providers process information in countries which may not provide equivalent levels of data protection as your home jurisdiction. Where required by law, we provide adequate protection for the transfer of personal data in accordance with applicable law, such as by obtaining your consent, relying on the European Commission’s adequacy decisions, or executing Standard Contractual Clauses. Where relevant, you may request a copy of these Standard Contractual Clauses by emailing us at [email protected].

Privacy Rights

You may update certain account information (such as your password, name and email address) by logging into your account, contacting us through our Help Center, or emailing us at [email protected].

Regardless of your location, but subject to certain limits and conditions provided under law, you have the right to request to:

Calm Health is designed to align with the data minimization standards outlined in HIPAA, including the principle of minimum necessary.

If you request to delete your information, please note that we retain certain information when required or permitted by law.

Also, please note that where Calm Health is made available to you through your relationship with a health plan, provider network, or other HIPAA covered entity, your rights may be administered by the covered entity, rather than by Calm Health. In such cases, Calm Health may direct your privacy rights requests to the covered entity for evaluation and execution, and we may be required by law, contract, or other restrictions to refrain from honoring requests sent directly to Calm Health.

Exercising Your Rights

You can exercise these rights by emailing us at [email protected] or by submitting the request on our website at calm.com/contact (click on the box that says “Submit a Request” and type your request into the pop-up window). Upon receiving your request, we may ask for additional information from you in order to verify the request or confirm how you would like to proceed. We endeavor to respond to a verifiable request without undue delay. If we require an extended amount of time, we will inform you using the email associated with your account or the email you used to make the request.

You can opt out of use of data collected via the Services for targeted advertising, and related “sales” and “sharing,” by visiting calmhealth.com/optout. Please note that our processing of the signal may be limited to the specific browser or device that you are using. You may need to renew your opt-out if you use a different browser or device to access the Services.

Some US jurisdictions provide residents with certain rights with respect to their personal information as defined under applicable law. These rights are subject to the specific laws of that jurisdiction and that certain other rights might apply. Please review our Supplemental Notices section below.

Verification

Where appropriate under applicable law, such as with respect to requests to know, correct, or delete, we may verify your request by asking you to provide information that matches information we have on file.

You may designate an authorized agent to exercise any of the rights set out in this Privacy Policy on your behalf. Authorized agents should submit requests through the same channels, but we may require proof that the person is authorized to act on your behalf and may also still ask you to verify your identity with us directly.

Appeals

If we deny your request, you may appeal our decision by emailing [email protected]. If you are in the U.S. and have concerns about the result of the appeal, you may contact the attorney general in the state where you reside.

Other Choices

Promotional Communications

You may opt out of receiving promotional emails from Calm Health by following the instructions in those emails or by logging into your account and managing your contact preferences. If you opt out, we may still send you non-promotional emails, such as those about your account or our ongoing business relations.

Mobile Push Notifications/Alerts

With your consent, we send promotional and other push notifications to your mobile device. You can deactivate these messages at any time by changing the notification settings on your mobile device.

Communications Containing Protected Health Information

We may offer you the ability to opt into more personalized emails from Calm Health, including emails that contain Protected Health Information. If such communications are offered to you, you will be able to change your preferences regarding PHI emails at any time.

Supplemental Notices

Depending on your jurisdiction, additional laws may apply to our collection, use, and disclosure of your personal information. We provide the supplemental information in this section in our efforts to comply with those additional privacy laws and inform you about your rights.

Information for California Residents

This section provides additional disclosures required by the California Consumer Privacy Act, as amended.

Please see the chart below for a list of the personal information we have collected about California consumers in the last twelve (12) months, along with our business and commercial processing purposes and categories of third parties to whom this information may be disclosed. For more details about the personal information we collect, including the categories of sources, please see the Collection of Information section above. We will respond to your verifiable request to exercise your rights within forty-five (45) days after receipt and we reserve the right to extend the response time by an additional forty-five (45) days when reasonably necessary and provided consumer notification of the extension is made within the first forty-five (45) days. Any personal information we collect from you to verify your identity in connection with your request will be used solely for the purposes of verification.

Calm Health does not sell your personal information to third parties for payment. However, as with many online companies, Calm Health partners with third parties to manage our advertising on other platforms. For that purpose, we may disclose limited personal information to third parties for our cross-context behavioral and targeted advertising purposes and this activity may fall under broader concepts of “selling” and/or “sharing” under the CCPA.

Categories of personal information we collect

Identifiers, such as your name, phone number, email address, social media handle, and unique identifiers (like IP address) tied to your browser or device.

Characteristics of protected classifications under state or federal law, such as gender and age.

Commercial information, such as your payment information and Calm product or service purchases.

Approximate geolocation data.

Internet or other electronic network activity,
such as browsing behavior and information about your usage and interactions with the Services.

Audio, electronic, visual, or similar information, such as profile photo or personal information you may provide during customer support calls and call recordings.

Professional, employment, and education information, such as information we collect from employers with self-funded health plans.

Health Information, which may  include information covered by HIPAA or considered sensitive under some state privacy laws.

Sensitive Personal Information, such as Calm Health content you choose to view, which may include content related to racial or ethnic origin, mental or physical health condition or diagnosis, sexual orientation.

Other personal information you provide, including opinions, preferences, goals, and previous meditation experience and other personal information contained in product reviews, surveys, or communications.

Inferences drawn from the above, such as product interests and purchasing insights.

Business or commercial purposes for which we may use your information

Perform or provide the services, such as to maintain accounts, provide customer service, process orders and transactions, and verify customer information.

Improve and maintain the Services, such as by improving the Services and developing new products and services.

Debug, such as to identify and repair errors and other functionality issues.

Communicate with you about marketing and other relationship or transactional messages.

Analyze usage, such as by monitoring trends and activities in connection with use of the Services.

Personalize your online experience, such as by tailoring the content and ads you see on the Services and on other platforms based on your preferences, interests, and browsing behavior.

Legal reasons, such as to help detect and protect against security incidents, or other malicious, deceptive, fraudulent, or illegal activity.

Parties to whom information may be disclosed

Companies that provide services to us, such as those that assist us with customer support, subscription and order fulfillment, advertising measurement, communications and surveys, data analytics, fraud prevention, cloud storage, bug fix management and logging, and payment processing.

Companies that we provide services to, such as health plans, provider networks, and other entities who may contract with us to offer Calm Health on their behalf.

Companies that are providing core healthcare activities, including treatment, payment, and healthcare operations.

Third parties with whom you consent to sharing your information, such as with social media services or academic researchers.  

Government entities or other third parties for legal reasons, such as to comply with law or for other legal reasons as described in our Disclosure section.

Notice of Financial Incentives: We offer various financial incentives. For example, we may provide incentives to customers who participate in a survey or provide testimonials. When you participate in a financial incentive, we collect personal information from you, such as identifiers (like your name and email address) and information about your experiences using the Services. You can opt into a financial incentive by following the sign-up or participation instructions provided, and, for any ongoing benefits, you can opt out at any time, such as by following the unsubscribe instructions in the applicable program’s terms or by contacting us. In some cases, we may provide additional terms and conditions for a financial incentive, which we will provide to you when you sign up. 

The value of your personal information is reasonably related to the value of the offer or discount presented to you. We retain personal data for no longer than is necessary for the purposes for which it is processed, unless applicable law requires storage for a longer period of time.

Information for Colorado, Connecticut, Nevada, Utah, and Virginia Residents

We include this section for residents of other US states with privacy laws that may impact them. These privacy laws include the Colorado Privacy Act, the Connecticut Data Privacy Act, the Nevada Consumer Health Data Privacy Act, the Utah Consumer Privacy Act, and the Virginia Consumer Data Privacy Act. This section is intended to comply with these laws by supplementing the information provided elsewhere in the Privacy Policy.

Collection of personal information. Calm Health may collect the personal information described in the Collection of Information section above. Please note that some of this personal information will be considered sensitive under your state’s legal definition which can vary across different states. The personal information we may collect depending on the conditions you share with us and the Calm Health content you choose to view, which may include content related to mental or physical health information, and information about sexual orientation or gender identity.

Use of personal information. Calm Health may collect, use, or disclose personal information about US state residents for purposes listed in the Collection of Information section of our Privacy Policy.

Disclosure of personal information. We may disclose your personal information to the categories of service providers and third parties identified in the Disclosure of Information section of this Privacy Policy, and in ways that are described in that section.

Connecticut Residents. Connecticut requires consumers to opt-in to process sensitive personal information; we will seek your consent before we collect or process any such information. Please see the Calm Health Consumer Health Privacy Policy for more information regarding the collection, use, and disclosure of health and other sensitive personal information.

Your privacy rights. We generally provide the privacy rights described in the Privacy Rights section above to you regardless of your location. Your state may afford you additional privacy rights as noted below. To exercise your right, see the contact information in the Exercising Your Rights section above or follow the instructions below for specific state rights. We will respond to your verifiable request within the time limit afforded under applicable law. Exceptions may still apply as described in the Exercising Your Rights section above.

Contact Us

If you have any questions about this Privacy Policy, please contact Calm Health by email at [email protected].