If you are based in the United States and use our Services, we may collect or receive certain personal information and other data about you that is regulated by certain health information laws, including the Health Insurance Portability and Accountability Act (“HIPAA”).
If Calm Health is being made available to you by your health insurer, healthcare provider, or other HIPAA covered entity, the Services may be subject to that other entity’s HIPAA Notice of Privacy Practices, which describes how the covered entity uses and discloses your medical information. To review the covered entity’s Notice of Privacy Practices, please contact the covered entity.
We collect information when you register for an account, participate in interactive features (like answering screening questionnaires or viewing recorded content), fill out a form or a survey, communicate with us via social media sites, request customer support, or otherwise interact with us. The information you provide may include your name, email address, password, street address, payment information, goals, previous experience with mental health, answers to questions about your current mental health, feedback and survey responses, and other information about you included within your interactions with us or otherwise provided via the Services.
When you use the Services, we collect the following information about you:
Usage Information: the sessions you use, videos you view, content you listen to, screens or features you access, and other similar types of usage information.
Log Information: the web browser you use, app version, access times and dates, pages viewed, your IP address, and the page you visited before navigating to our websites.
Device Information: information about the computer or mobile device you use to access the Services, including the hardware model, operating system and version, device identifiers set by your device operating system, and mobile network information (like your connection type, carrier and region).
Communications: on some occasions, we may record chat messages, phone or video calls with your consent, such as when you utilize our chat-bot or provide us with feedback or market research.
When you use the Services, we generate the following information about you:
User ID: a user ID and associate it with your account.
Derived Information: information about you based on other information we have collected. For example, like most platforms, we use your IP address to derive the approximate location of your device. We make educated guesses about your gender and age. We also use information we collect about you to help determine the likelihood of you continuing to use the Services in the future.
We may obtain information about you from other sources. If access to Calm Health is being provided to you by your insurance company, healthcare provider, or other sponsor we may receive health information from them. We may also receive transaction information from third-party app stores you use to install our app. Additionally, if you create or log into your account through a social media service account, we will have access to some information from that account, such as your name and other account information, in accordance with your data sharing settings on that social media service. Finally, we may obtain information about you from publicly available sources, marketing and advertising partners, consumer research platforms, and/or business contact databases.
Some of this information is collected via cookies and web beacons. Please see our Cookie Notice for more details.
We use the information we collect to:
Provide and maintain the Services, including debugging to identify and repair errors;
Improve the Services, including by developing new products and services;
Process transactions and fulfill orders;
Send you transactional or relationship messages, such as receipts, account notifications, customer service responses, and other administrative messages;
Communicate with you about products, services, and events offered by Calm and others, request feedback, and send news, gifts, or other information we think will be of interest to you (see the "Your Choices" section below for information on how to opt out of marketing messages);
Monitor and analyze trends, usage, and activities in connection with the Services;
Detect, investigate, and prevent fraudulent transactions and other illegal activities and protect the rights and property of Calm and others, including to enforce our agreements and policies;
Comply with the law, such as by processing transactional records for tax filings and other compliance activities;
Create anonymous or aggregated data that no longer can be reasonably used to identify you;
Personalize your online experience and the advertisements you see on other platforms based on your preferences, interests, and browsing behavior
Facilitate contests, sweepstakes, and promotions; and
Facilitate treatment, payment, and healthcare operations of HIPAA covered entities and their business associates.
With companies and contractors that perform services for us, including email service providers, payment processors, fraud prevention vendors, analytics providers, advertising partners, and other service providers;
In response to a request for information if we believe disclosure is in accordance with, or required by, applicable law or legal process, including court order, subpoena, or other lawful requests by public authorities to meet national security or law enforcement requirements;
If we believe your actions are inconsistent with our user agreements or policies, if we believe you have violated the law, or to protect the rights, property, and safety of Calm or others;
In connection with, or during negotiations of, any merger, sale of company assets, financing, restructuring, or acquisition of all or a portion of our business by another company, including in connection with any bankruptcy or similar proceeding;
Between and among Calm and our current and future parents, affiliates, subsidiaries, and other companies under common control and ownership;
With the HIPAA covered entities that sponsored your access to Calm Health (e.g., your insurance company or healthcare provider) and their business associates.
With other HIPAA covered entities that are involved in treatment, payment, and healthcare operations as permitted by HIPAA.
With your consent or at your direction. For instance, you may choose to share information in your Calm Health account by inviting others into your care team.
We also disclose aggregated or other information not subject to obligations under the data protection laws of your jurisdiction with third parties.
You can disable cookies used for advertising purposes through our cookie preferences manager. You can opt out of Google Analytics receiving your data by downloading and enabling the Google Analytics Opt Out Add-On for your browser. For more information about interest-based ads, including to use ad industry tools to opt out of having your web browsing information used for behavioral advertising purposes, please visit www.aboutads.info/choices. Your mobile device should also include a feature that allows you to opt out of having certain information collected through apps used for behavioral advertising purposes.
You may update certain account information (such as your password, name and email address) by logging into your account, contacting us through our Help Center, or emailing us at email@example.com.
Regardless of your location but subject to certain limits and conditions provided under law, we provide you with have the right to request to:
know more about the information we have about you;
access information we have about you;
correct information we have about you;
opt out of targeted advertising or “sharing;” and
delete the information we have about you.
If you request to delete your information, please note that we retain certain information when required or permitted by law or contract. We also retain cached or archived copies of information about you.
Also, please note that where Calm Health is made available to you through your relationship with a health plan, provider network, or other HIPAA covered entity, your rights may be administered by the covered entity, rather than by Calm Health. In such cases, Calm Health may direct your privacy rights requests to the covered entity for evaluation and execution, and we may be required by law, contract, or other restrictions to refrain from honoring requests sent directly to Calm Health.
You can exercise these rights by emailing us at firstname.lastname@example.org or by submitting the request on our website at calm.com/contact (click on the box that says “Ask a question” and type your request into the pop-up window). We will not provide discriminatory treatment against anyone that exercises any of their rights. You can opt out of use of data collected via the Services for targeted advertising, and related “sales” and “sharing,” by using our cookie preferences tool to disable ad trackers on our website or adjusting your mobile device settings to limit ad tracking via the mobile app. You can also opt out by visiting our websites with a recognized universal choice signal enabled (such as the Global Privacy Control). Please note that, depending on which opt-out preference signal you use and whether you are logged into your account with us, our processing of the signal may be limited to the specific browser or device that you are using. You may need to renew your opt-out if you use a different browser or device to access the Services.
We may verify your request by asking you to provide information that matches information we have on file.
If we deny your request, you may appeal our decision by emailing email@example.com. If you have concerns about the result of the appeal, you may contact the attorney general in the state where you reside.
You may opt out of receiving promotional emails from Calm Health by following the instructions in those emails or by logging into your account. If you opt out, we may still send you non-promotional emails, such as those about your account or our ongoing business relations.
With your consent, we send promotional and other push notifications to your mobile device. You can deactivate these messages at any time by changing the notification settings on your mobile device.
We may offer you the ability to opt into more personalized emails from Calm Health, including emails that contain Protected Health Information. If such communications are offered to you, you will be able to change your preferences regarding PHI emails at any time.
This section provides additional disclosures required by the California Consumer Privacy Act, as amended (or “CCPA”) and the Colorado Privacy Act.
Please see the chart below for a list of the personal information we have collected about California and Colorado consumers in the last twelve (12) months, along with our business and commercial processing purposes and categories of third parties to whom this information may be disclosed. For more details about the personal information we collect, including the categories of sources, please see the Collection of Information section above.
Categories of personal information we collect
Identifiers, such as your name, phone number, email address, social media handle, and unique identifiers (like IP address) tied to your browser or device.
Characteristics of protected classifications under state or federal law, such as gender and age.
Commercial information, such as your payment information and Calm product or service purchases.
Approximate geolocation data.
Internet or other electronic network activity, such as browsing behavior and information about your usage and interactions with the Services.
Audio, electronic, visual, or similar information, such as profile photo or personal information you may provide during customer support calls and call recordings.
Professional, employment, and education information, such as information we collect from employers with self-funded health plans.
Health Information, which may include information covered by HIPAA or considered sensitive under some state privacy laws.
Other personal information you provide, including opinions, preferences, goals, and previous meditation experience and other personal information contained in product reviews, surveys, or communications.
Inferences drawn from the above, such as product interests and purchasing insights.
Business or commercial purposes for which we may use your information
Perform or provide the services, such as to maintain accounts, provide customer service, process orders and transactions, and verify customer information.
Improve and maintain the Services, such as by improving the Services and developing new products and services.
Debug, such as to identify and repair errors and other functionality issues.
Communicate with you about marketing and other relationship or transactional messages.
Analyze usage, such as by monitoring trends and activities in connection with use of the Services.
Personalize your online experience, such as by tailoring the content and ads you see on the Services and on other platforms based on your preferences, interests, and browsing behavior.
Legal reasons, such as to help detect and protect against security incidents, or other malicious, deceptive, fraudulent, or illegal activity.
Parties to whom information may be disclosed
Companies that provide services to us, such as those that assist us with customer support, subscription and order fulfillment, advertising measurement, communications and surveys, data analytics, fraud prevention, cloud storage, bug fix management and logging, and payment processing.
Companies that we provide services to, such as health plans, provider networks, and other entities who may contract with us to offer Calm Health on their behalf.
Companies that are providing core healthcare activities, including treatment, payment, and healthcare operations.
Third parties with whom you consent to sharing your information, such as with social media services or academic researchers.
Government entities or other third parties for legal reasons, such as to comply with law or for other legal reasons as described in our Disclosure section.
California and Colorado consumers have the rights described above under the Privacy Rights section. We “share” and “sell” identifiers and electronic network activity with our advertising partners (including social media platforms) so our advertising partners can show ads that are targeted to your interests on other platforms. To opt out, you can use our cookie preferences tool to disable ad trackers on our website and can adjust your mobile device settings to limit ad tracking via the mobile app. We do not knowingly “sell” or “share” personal data about consumers under the age of 16.
Notice of Financial Incentives: We offer various financial incentives. For example, we may provide incentives to customers who participate in a survey or provide testimonials. When you participate in a financial incentive, we collect personal information from you, such as identifiers (like your name and email address) and information about your experiences using the Services. You can opt into a financial incentive by following the sign-up or participation instructions provided, and, for any ongoing benefits, you can opt-out at any time, such as by following the unsubscribe instructions in the applicable program’s terms or by contacting us. In some cases, we may provide additional terms and conditions for a financial incentive, which we will provide to you when you sign up. The value of your personal information is reasonably related to the value of the offer or discount presented to you.We retain personal information for no longer than is necessary for the purposes for which it is processed, unless applicable law requires storage for a longer period of time.