This Privacy Policy explains how Calm Health (provided by Calm.com, Inc.) and our subsidiaries and affiliates (“Calm”, “Calm Health”, “we”, or “us”) collect, use, and disclose information about you when you access or use our Calm Health websites, mobile applications, and other mediums (collectively, the “Services”), and when you contact our customer service team, engage with us on social media, or otherwise interact with us. Please note that certain of the Services may be subject to a separate privacy policy. You will know this if those Services link to a different notice rather than this policy.

If you are based in the United States and use our Services, we may collect or receive certain personal information and other data about you that is regulated by certain health information laws, including the Health Insurance Portability and Accountability Act (“HIPAA”).

If Calm Health is being made available to you by your health insurer, healthcare provider, or other HIPAA covered entity, the Services may be subject to that other entity’s HIPAA Notice of Privacy Practices, which describes how the covered entity uses and discloses your medical information. To review the covered entity’s Notice of Privacy Practices, please contact the covered entity.

Additional information for California residents, as well as for individuals in the EEA, UK, and Switzerland can be found at the end of this Privacy Policy.

We may change this Privacy Policy from time to time. If we make changes, we will revise the date at the top of the policy and, in some cases, we may provide you with additional notice.

Collection of Information

Information You Provide to Us

We collect information when you register for an account, participate in interactive features (like answering screening questionnaires or viewing recorded content), fill out a form or a survey, make a purchase, communicate with us via social media sites, request customer support, or otherwise interact with us. The information you provide may include:

Information We Collect When You Use the Services

When you use the Services, we collect the following information about you:

Information We Create or Generate When You Use the Services

When you use the Services, we generate the following information about you:

Information We Collect from Other Sources

We may also obtain information about you from other sources, including:

Use of Information

We use the information we collect to:

Disclosures of Information

We disclose information about you as follows and as otherwise described in this Privacy Policy or at the time of collection:

We also disclose aggregated or other information not subject to obligations under the data protection laws of your jurisdiction with third parties.

Advertising and Analytics Services Provided by Others

We allow others to provide analytics services and serve advertisements on our behalf across the web and other online services. These entities use cookies, web beacons, device identifiers, and other technologies to collect information about your use of the Services and other websites and online services, including your IP address, device identifiers, web browser, mobile network information, pages viewed, time spent on pages or in apps, links clicked, and conversion information. Calm and others may use this information to, among other things, analyze and track data, determine the popularity of certain content, deliver advertising and content targeted to your interests, and better understand your online activity. Some of our advertising partners enable us to convert your email address or phone number into an identifier to show ads that are more relevant to you on other platforms.

Depending on where you are located, you can disable cookies used for advertising purposes by visiting calmhealth.com/optout or through our preferences Cookie Preferences Manager. Or, for more information about interest-based ads, including to use ad industry tools to opt out of having your web browsing information used for behavioral advertising purposes, please visit www.aboutads.info/choices (if you are in the EU, please visit www.youronlinechoices.eu/). Your mobile device should also include a feature that allows you to opt out of having certain information collected through apps used for behavioral advertising purposes.

Data Transfer

Calm is based in the United States and has operations there and in other countries. As a result, we and our service providers process information in countries which may not provide equivalent levels of data protection as your home jurisdiction. Where required by law, we provide adequate protection for the transfer of personal data in accordance with applicable law, such as by obtaining your consent, relying on the European Commission’s adequacy decisions, or executing Standard Contractual Clauses. Where relevant, you may request a copy of these Standard Contractual Clauses by emailing us at support@calmhealth.com.

Privacy Rights

You may update certain account information (such as your password, name and email address) by logging into your account, contacting us through our Help Center, or emailing us at support@calmhealth.com.

Regardless of your location, but subject to certain limits and conditions provided under law, you have the right to request to:

Where relevant, you also have the right to limit sensitive personal data processing or opt out of profiling for decisions that produce legal or similarly significant effects. However, Calm does not currently engage in processing that gives rise to those opt-out rights. Calm Health is designed to align with the data minimization standards outlined in HIPAA, including the principle of minimum necessary.

If you request to delete your information, please note that we retain certain information when required or permitted by law.

Also, please note that where Calm Health is made available to you through your relationship with a health plan, provider network, or other HIPAA covered entity, your rights may be administered by the covered entity, rather than by Calm Health. In such cases, Calm Health may direct your privacy rights requests to the covered entity for evaluation and execution, and we may be required by law, contract, or other restrictions to refrain from honoring requests sent directly to Calm Health.

Exercising Your Rights

You can exercise these rights by emailing us at support@calmhealth.com or by submitting the request on our website at calm.com/contact (click on the box that says “Ask a question” and type your request into the pop-up window). We will not provide discriminatory treatment against anyone that exercises any of their rights. 

You can opt out of use of data collected via the Services for targeted advertising, and related “sales” and “sharing,” by using our Cookie Preferences Manager to disable ad trackers on our website or adjusting your mobile device settings to limit ad tracking via the mobile app. You can also opt out by visiting our websites with a recognized universal choice signal enabled (such as the Global Privacy Control). Please note that, depending on which opt-out preference signal you use, our processing of the signal may be limited to the specific browser or device that you are using. You may need to renew your opt-out if you use a different browser or device to access the Services.

Verification

We may verify your request by asking you to provide information that matches information we have on file. You may designate an authorized agent to exercise any of the rights set out in this Privacy Policy on your behalf.

Authorized agents should submit requests through the same channels, but we may require proof that the person is authorized to act on your behalf and may also still ask you to verify your identity with us directly.

Appeals

If we deny your request, you may appeal our decision by emailing support@calmhealth.com. If you are in the U.S. and have concerns about the result of the appeal, you may contact the attorney general in the state where you reside.

Other Choices

Promotional Communications

You may opt out of receiving promotional emails from Calm by following the instructions in those emails or by logging into your account and managing your contact preferences. If you opt out, we may still send you non-promotional emails, such as those about your account or our ongoing business relations.

Mobile Push Notifications/Alerts

With your consent, we send promotional and other push notifications to your mobile device. You can deactivate these messages at any time by changing the notification settings on your mobile device.

Communications Containing Protected Health Information

We may offer you the ability to opt into more personalized emails from Calm Health, including emails that contain Protected Health Information. If such communications are offered to you, you will be able to change your preferences regarding PHI emails at any time.

Information for California Residents

This section provides additional disclosures required by the California Consumer Privacy Act, as amended.

Please see the chart below for a list of the personal information we have collected about California consumers in the last twelve (12) months, along with our business and commercial processing purposes and categories of third parties to whom this information may be disclosed. For more details about the personal information we collect, including the categories of sources, please see the Collection of Information section above.

Categories of personal information we collect

Identifiers, such as your name, phone number, email address, social media handle, and unique identifiers (like IP address) tied to your browser or device.

Characteristics of protected classifications under state or federal law, such as gender and age.

Commercial information, such as your payment information and Calm product or service purchases.

Approximate geolocation data.

Internet or other electronic network activity,
such as browsing behavior and information about your usage and interactions with the Services.

Audio, electronic, visual, or similar information, such as profile photo or personal information you may provide during customer support calls and call recordings.

Professional, employment, and education information, such as information we collect from employers with self-funded health plans.

Health Information, which may  include information covered by HIPAA or considered sensitive under some state privacy laws.

Other personal information you provide, including opinions, preferences, goals, and previous meditation experience and other personal information contained in product reviews, surveys, or communications.

Inferences drawn from the above, such as product interests and purchasing insights.

Business or commercial purposes for which we may use your information

Perform or provide the services, such as to maintain accounts, provide customer service, process orders and transactions, and verify customer information.

Improve and maintain the Services, such as by improving the Services and developing new products and services.

Debug, such as to identify and repair errors and other functionality issues.

Communicate with you about marketing and other relationship or transactional messages.

Analyze usage, such as by monitoring trends and activities in connection with use of the Services.

Personalize your online experience, such as by tailoring the content and ads you see on the Services and on other platforms based on your preferences, interests, and browsing behavior.

Legal reasons, such as to help detect and protect against security incidents, or other malicious, deceptive, fraudulent, or illegal activity.

Parties to whom information may be disclosed

Companies that provide services to us, such as those that assist us with customer support, subscription and order fulfillment, advertising measurement, communications and surveys, data analytics, fraud prevention, cloud storage, bug fix management and logging, and payment processing.

Companies that we provide services to, such as health plans, provider networks, and other entities who may contract with us to offer Calm Health on their behalf.

Companies that are providing core healthcare activities, including treatment, payment, and healthcare operations.

Third parties with whom you consent to sharing your information, such as with social media services or academic researchers.  

Government entities or other third parties for legal reasons, such as to comply with law or for other legal reasons as described in our Disclosure section.

California and Colorado consumers have the rights described above under the Privacy Rights section. We “share” and “sell” identifiers and electronic network activity with our advertising partners (including social media platforms) so our advertising partners can show ads that are targeted to your interests on other platforms. To opt out, you can use our cookie preferences tool to disable ad trackers on our website and can adjust your mobile device settings to limit ad tracking via the mobile app. We do not knowingly “sell” or “share” personal data about consumers under the age of 16.

Notice of Financial Incentives: We offer various financial incentives. For example, we may provide incentives to customers who participate in a survey or provide testimonials. When you participate in a financial incentive, we collect personal information from you, such as identifiers (like your name and email address) and information about your experiences using the Services. You can opt into a financial incentive by following the sign-up or participation instructions provided, and, for any ongoing benefits, you can opt out at any time, such as by following the unsubscribe instructions in the applicable program’s terms or by contacting us. In some cases, we may provide additional terms and conditions for a financial incentive, which we will provide to you when you sign up.

The value of your personal information is reasonably related to the value of the offer or discount presented to you.We retain personal data for no longer than is necessary for the purposes for which it is processed, unless applicable law requires storage for a longer period of time.

Information for Individuals in EEA, Switzerland, and UK

The sections below apply to you if you use the Services while in the European Economic Area, Switzerland, or the United Kingdom (collectively, “Europe”). Calm.com, Inc. is the data controller for personal data governed by this Privacy Policy.

Data Retention

We retain personal data for no longer than is necessary for the purposes for which it is processed, unless applicable law requires storage for a longer period of time.

Data Subject Requests

Subject to certain limits and conditions provided under law, in addition to the rights described under the Privacy Rights section above, you have the right to:

If you would like to exercise any of these rights and can't do so directly via the Services or your device, you may contact us as indicated below.

Contact Us

If you have any questions about this Privacy Policy, please contact Calm Health by email at support@calmhealth.com.

If you are in Europe, you may also contact our representative at: