This Privacy Policy explains how Calm Health (provided by Calm.com, Inc.) and our subsidiaries and affiliates (“Calm”, “Calm Health”, “we”, “our”, or “us”) collect, use, and disclose information about you when you access or use our Calm Health websites, mobile applications, and other online products and service (collectively, the “Services”), and when you contact our customer service team, engage with us on social media, or otherwise interact with us. Please note that to the extent we collect, use, or disclose certain consumer health-related information about you, our Consumer Health Privacy Policy, which is a supplement to this Privacy Policy, may also apply.
If you are based in the United States and use our Services, we may collect or receive certain personal information and other data about you that is regulated by certain health information laws, including the Health Insurance Portability and Accountability Act (“HIPAA”).
If Calm Health is being made available to you by your health insurer, healthcare provider, or other HIPAA covered entity, the Services may be subject to that other entity’s HIPAA Notice of Privacy Practices, which describes how the covered entity uses and discloses your medical information. To review the covered entity’s Notice of Privacy Practices, please contact the covered entity.
Additional information for residents of California, Colorado, Connecticut, Nevada, Utah, and Virginia can be found at the end of this Privacy Policy.
We may change this Privacy Policy from time to time. If we make changes, we will revise the date at the top of the policy and, in some cases, we may provide you with additional notice.
We collect information when you register for an account, participate in interactive features (like answering screening questionnaires or viewing recorded content), fill out a form or a survey, make a purchase, communicate with us via social media sites, request customer support, or otherwise interact with us. The information you provide may include:
Personal details: your name, email address, phone number, linked social media details, and street address.
Demographic information: your age and gender.
Health information: information about your health and wellness as you use or engage with our Services. You may provide this information through the Services, such as through survey responses about your current mental or physical health status, setting your health or wellness goals, or Calm Health content you choose to view, which may include content related to reproductive concerns, sexual orientation, and condition-specific experiences. Please see the Calm Health Consumer Health Data Privacy Policy for more information regarding the collection, use, and disclosure of consumer health information.
Views and opinions: feedback, survey responses, and other information included within your interactions with us or otherwise provided via the Services. Some users also provide information about how they are feeling in connection with providing feedback or other messages to us.
Other information you may provide: password, language settings, goals, answers to questions about your current mental health, sleep habits, and moods.
When you use the Services or interact with us, we collect the following information about you:
Usage information: the sessions you use, videos you view, content you listen to, screens or features you access, and other similar types of usage information.
Transactional information: information about a purchase, such as product description, price, subscription or free trial expiration date, and time and date of the transaction.
Log information: the web browser you use, app version, access times and dates, pages viewed, your IP address, and the page you visited before navigating to our websites.
Device information: information about the computer or mobile device you use to access the Services, including the hardware model, operating system and version, device identifiers set by your device operating system, and mobile network information.
Communications: we may record our communications including chat messages, phone, or video calls, such as when you provide us with feedback or market research.
When you use the Services, we infer or generate the following information about you:
User ID: a user ID, which we associate with your account.
Derived information: information about you based on other information we have collected. For example, like most platforms, we use your IP address to derive the approximate location of your device. We also use information we collect about you to help determine the likelihood of you continuing to use the Services in the future.
We may also obtain information about you from other sources, including:
Transaction information: details from third parties you use to install our app or purchase a subscription.
Calendar information: details from third-party calendar services that you choose to integrate with our services.
Social media data: if you create or log into your Calm Health account through a social media service account, we will have access to information from that account, such as your name and other account information, in accordance with your data sharing settings on that social media service.
Third party health app data: with your permission, we may also receive data from your mobile device’s health app (like Apple HealthKit or Google Health Connect), including hours of sleep and sleep goals. However, we do not infer any health-related characteristics from this information and only process it consistent with the purpose for which it was originally provided.
Benefit sponsor: if you receive access to Calm Health through your employer, health plan, or another party that sponsors your access, we collect your name and email address and other information, which may include health information, that is submitted to us to facilitate your enrollment in our Services.
Cookie data: we may collect information via cookies and web beacons.
Information you make public: finally, we may obtain information you have made publicly available, including from websites and online services you use, consumer research platforms, and/or business contact databases.
We use the information we collect to:
Provide and maintain the Services, including debugging to identify and repair errors (the legal basis for this processing is the performance of the user agreement between you and Calm);
Improve the Services, including by developing new products and services (the legal basis for this processing is our legitimate interest in improving and developing new services, by exploring ways to further enhance our services and business);
Process transactions and fulfill orders (the legal basis for this processing is the performance of the user agreement between you and Calm);
Send you transactional or relationship messages, such as receipts, account notifications, customer service responses, and other administrative messages (the legal basis for this processing is our legitimate interest in providing relevant information about our services, including your purchases from us);
Communicate with you about products, services, and events offered by Calm and others, request feedback, and send news, gifts, or other information we think will be of interest to you (see the “Other Choices” section below for information on how to opt out of marketing messages) (The legal basis for this processing is our legitimate interest in providing information about products and services that may be of interest to you unless applicable law requires us to obtain your consent, in which case we will do so);
Monitor and analyze trends, usage, and activities in connection with the Services (the legal basis for this processing is our legitimate interest in improving our Services and understanding our users’ needs and expectations);
Detect, investigate, and prevent fraudulent transactions and other illegal activities and protect the rights and property of Calm and others, including to enforce our agreements and policies (the legal basis for this processing is our legitimate interest in preventing fraud and protecting and securing our assets, customers, employees and the public);
Comply with the law, such as by processing transactional records for tax filings and other compliance activities (the legal basis for this processing is compliance with our legal obligations under applicable law related to, for instance, taxation, and consumer protection law);
Create anonymous or aggregated data that no longer can be reasonably used to identify you (the legal basis for this processing is our legitimate interest in creating non-personally identifiable data to help improve our services, provide reports to third parties, and otherwise enhance and promote our business);
Personalize your online experience and the advertisements you see on other platforms based on your preferences, interests, and browsing behavior (the legal basis for this processing is our legitimate interest in improving your experience with the Services and serving advertisements more relevant to your interests, unless applicable law requires us to obtain your consent, in which case we will do so);
Facilitate contests, sweepstakes, and promotions (the legal basis for this processing is our legitimate interest in conducting promotional activities that our users may voluntarily decide to participate in); and
Facilitate treatment, payment, and healthcare operations of HIPAA covered entities and their business associates (the legal basis for this processing is the performance of the user agreement between Calm and the covered entities we service).
We disclose information about you as follows and as otherwise described in this Privacy Policy or at the time of collection:
With companies and contractors that perform services for us, including email service providers, payment processors, fraud prevention vendors, analytics providers, advertising partners, and other service providers;
To accountants, auditors, lawyers, and other outside professional advisors to Calm, subject to appropriate contractual obligations of confidentiality;
If we believe disclosure is in accordance with, or required by, applicable law or legal process, including court order, subpoena, or other lawful requests by public authorities to meet national security or law enforcement requirements;
If we believe your actions are inconsistent with our user agreements or policies, if we believe you have violated the law, where necessary for the purposes of prevention, investigation, detection or prosecution of criminal offenses or the execution of criminal penalties, or to protect the rights, property, and safety of Calm or others, or if it is necessary for the establishment, exercise or defense of legal claims;
In connection with any merger, sale of company assets, financing or acquisition of all or a portion of our business by another company;
Between and among Calm and our current and future parents, affiliates, subsidiaries, and other companies under common control and ownership;
If your Calm Health subscription has been provided to you by someone else, like your employer or a family member who invited you to use one of their dependent subscriptions, we may inform them that you have signed up for the subscription they offered you;
If your Calm Health subscription was obtained through a third-party promotion, such as bundled with a third-party service or offered through a promotional code distributed by that third party, we may inform them that you redeemed the offer;
With the HIPAA covered entities that sponsored your access to Calm Health (e.g., your insurance company or healthcare provider) and their business associates;
With other HIPAA covered entities that are involved in treatment, payment, and healthcare operations as permitted by HIPAA; and
With your consent or at your direction. For instance, you may choose to share actions you’ve taken through the Services using “share” or similar features or by linking your Calm account with third-party services.
We also disclose aggregated or other information not subject to obligations under the data protection laws of your jurisdiction with third parties.
We allow others to provide analytics services and serve advertisements on our behalf across the web and other online services. These entities use cookies, web beacons, device identifiers, and other technologies to collect information about your use of the Services and other websites and online services, including your IP address, device identifiers, web browser, mobile network information, pages viewed, time spent on pages or in apps, links clicked, and conversion information. Calm and others may use this information to, among other things, analyze and track data, determine the popularity of certain content, deliver advertising and content targeted to your interests, and better understand your online activity. Some of our advertising partners enable us to convert your email address or phone number into an identifier to show ads that are more relevant to you on other platforms.
You can disable cookies used for advertising purposes by visiting calmhealth.com/optout. Or, for more information about interest-based ads, including to use ad industry tools to opt out of having your web browsing information used for behavioral advertising purposes, please visit www.aboutads.info/choices (if you are in the EU, please visit www.youronlinechoices.eu/). Your mobile device should also include a feature that allows you to opt out of having certain information collected through apps used for behavioral advertising purposes.
If you provide your phone number to set up multi-factor authentication on your account, we will not share it with third parties for marketing or promotional purposes.
Calm is based in the United States and has operations there and in other countries. As a result, we and our service providers process information in countries which may not provide equivalent levels of data protection as your home jurisdiction. Where required by law, we provide adequate protection for the transfer of personal data in accordance with applicable law, such as by obtaining your consent, relying on the European Commission’s adequacy decisions, or executing Standard Contractual Clauses. Where relevant, you may request a copy of these Standard Contractual Clauses by emailing us at support@calmhealth.com.
You may update certain account information (such as your password, name and email address) by logging into your account, contacting us through our Help Center, or emailing us at support@calmhealth.com.
Regardless of your location, but subject to certain limits and conditions provided under law, you have the right to request to:
know more about the information we have about you;
access information we have about you (including in a portable format);
correct information we have about you;
opt out of “sales”, targeted advertising, or “sharing”;
delete the information we have about you; and
where relevant, you also have the right to limit the use or disclosure of your sensitive personal information to only the uses necessary for us to provide services to you or opt out of profiling for decisions that produce legal or similarly significant effects.
Calm Health is designed to align with the data minimization standards outlined in HIPAA, including the principle of minimum necessary.
If you request to delete your information, please note that we retain certain information when required or permitted by law.
Also, please note that where Calm Health is made available to you through your relationship with a health plan, provider network, or other HIPAA covered entity, your rights may be administered by the covered entity, rather than by Calm Health. In such cases, Calm Health may direct your privacy rights requests to the covered entity for evaluation and execution, and we may be required by law, contract, or other restrictions to refrain from honoring requests sent directly to Calm Health.
You can exercise these rights by emailing us at support@calmhealth.com or by submitting the request on our website at calm.com/contact (click on the box that says “Submit a Request” and type your request into the pop-up window). Upon receiving your request, we may ask for additional information from you in order to verify the request or confirm how you would like to proceed. We endeavor to respond to a verifiable request without undue delay. If we require an extended amount of time, we will inform you using the email associated with your account or the email you used to make the request.
You can opt out of use of data collected via the Services for targeted advertising, and related “sales” and “sharing,” by visiting calmhealth.com/optout. Please note that our processing of the signal may be limited to the specific browser or device that you are using. You may need to renew your opt-out if you use a different browser or device to access the Services.
Some US jurisdictions provide residents with certain rights with respect to their personal information as defined under applicable law. These rights are subject to the specific laws of that jurisdiction and that certain other rights might apply. Please review our Supplemental Notices section below.
Where appropriate under applicable law, such as with respect to requests to know, correct, or delete, we may verify your request by asking you to provide information that matches information we have on file.
You may designate an authorized agent to exercise any of the rights set out in this Privacy Policy on your behalf. Authorized agents should submit requests through the same channels, but we may require proof that the person is authorized to act on your behalf and may also still ask you to verify your identity with us directly.
If we deny your request, you may appeal our decision by emailing support@calmhealth.com. If you are in the U.S. and have concerns about the result of the appeal, you may contact the attorney general in the state where you reside.
You may opt out of receiving promotional emails from Calm Health by following the instructions in those emails or by logging into your account and managing your contact preferences. If you opt out, we may still send you non-promotional emails, such as those about your account or our ongoing business relations.
With your consent, we send promotional and other push notifications to your mobile device. You can deactivate these messages at any time by changing the notification settings on your mobile device.
We may offer you the ability to opt into more personalized emails from Calm Health, including emails that contain Protected Health Information. If such communications are offered to you, you will be able to change your preferences regarding PHI emails at any time.
Depending on your jurisdiction, additional laws may apply to our collection, use, and disclosure of your personal information. We provide the supplemental information in this section in our efforts to comply with those additional privacy laws and inform you about your rights.
This section provides additional disclosures required by the California Consumer Privacy Act, as amended.
Please see the chart below for a list of the personal information we have collected about California consumers in the last twelve (12) months, along with our business and commercial processing purposes and categories of third parties to whom this information may be disclosed. For more details about the personal information we collect, including the categories of sources, please see the Collection of Information section above. We will respond to your verifiable request to exercise your rights within forty-five (45) days after receipt and we reserve the right to extend the response time by an additional forty-five (45) days when reasonably necessary and provided consumer notification of the extension is made within the first forty-five (45) days. Any personal information we collect from you to verify your identity in connection with your request will be used solely for the purposes of verification.
Calm Health does not sell your personal information to third parties for payment. However, as with many online companies, Calm Health partners with third parties to manage our advertising on other platforms. For that purpose, we may disclose limited personal information to third parties for our cross-context behavioral and targeted advertising purposes and this activity may fall under broader concepts of “selling” and/or “sharing” under the CCPA.
Categories of personal information we collect
Identifiers, such as your name, phone number, email address, social media handle, and unique identifiers (like IP address) tied to your browser or device.
Characteristics of protected classifications under state or federal law, such as gender and age.
Commercial information, such as your payment information and Calm product or service purchases.
Approximate geolocation data.
Internet or other electronic network activity, such as browsing behavior and information about your usage and interactions with the Services.
Audio, electronic, visual, or similar information, such as profile photo or personal information you may provide during customer support calls and call recordings.
Professional, employment, and education information, such as information we collect from employers with self-funded health plans.
Health Information, which may include information covered by HIPAA or considered sensitive under some state privacy laws.
Sensitive Personal Information, such as Calm Health content you choose to view, which may include content related to racial or ethnic origin, mental or physical health condition or diagnosis, sexual orientation.
Other personal information you provide, including opinions, preferences, goals, and previous meditation experience and other personal information contained in product reviews, surveys, or communications.
Inferences drawn from the above, such as product interests and purchasing insights.
Business or commercial purposes for which we may use your information
Perform or provide the services, such as to maintain accounts, provide customer service, process orders and transactions, and verify customer information.
Improve and maintain the Services, such as by improving the Services and developing new products and services.
Debug, such as to identify and repair errors and other functionality issues.
Communicate with you about marketing and other relationship or transactional messages.
Analyze usage, such as by monitoring trends and activities in connection with use of the Services.
Personalize your online experience, such as by tailoring the content and ads you see on the Services and on other platforms based on your preferences, interests, and browsing behavior.
Legal reasons, such as to help detect and protect against security incidents, or other malicious, deceptive, fraudulent, or illegal activity.
Parties to whom information may be disclosed
Companies that provide services to us, such as those that assist us with customer support, subscription and order fulfillment, advertising measurement, communications and surveys, data analytics, fraud prevention, cloud storage, bug fix management and logging, and payment processing.
Companies that we provide services to, such as health plans, provider networks, and other entities who may contract with us to offer Calm Health on their behalf.
Companies that are providing core healthcare activities, including treatment, payment, and healthcare operations.
Third parties with whom you consent to sharing your information, such as with social media services or academic researchers.
Government entities or other third parties for legal reasons, such as to comply with law or for other legal reasons as described in our Disclosure section.
Notice of Financial Incentives: We offer various financial incentives. For example, we may provide incentives to customers who participate in a survey or provide testimonials. When you participate in a financial incentive, we collect personal information from you, such as identifiers (like your name and email address) and information about your experiences using the Services. You can opt into a financial incentive by following the sign-up or participation instructions provided, and, for any ongoing benefits, you can opt out at any time, such as by following the unsubscribe instructions in the applicable program’s terms or by contacting us. In some cases, we may provide additional terms and conditions for a financial incentive, which we will provide to you when you sign up.
The value of your personal information is reasonably related to the value of the offer or discount presented to you. We retain personal data for no longer than is necessary for the purposes for which it is processed, unless applicable law requires storage for a longer period of time.
We include this section for residents of other US states with privacy laws that may impact them. These privacy laws include the Colorado Privacy Act, the Connecticut Data Privacy Act, the Nevada Consumer Health Data Privacy Act, the Utah Consumer Privacy Act, and the Virginia Consumer Data Privacy Act. This section is intended to comply with these laws by supplementing the information provided elsewhere in the Privacy Policy.
Collection of personal information. Calm Health may collect the personal information described in the Collection of Information section above. Please note that some of this personal information will be considered sensitive under your state’s legal definition which can vary across different states. The personal information we may collect depending on the conditions you share with us and the Calm Health content you choose to view, which may include content related to mental or physical health information, and information about sexual orientation or gender identity.
Use of personal information. Calm Health may collect, use, or disclose personal information about US state residents for purposes listed in the Collection of Information section of our Privacy Policy.
Disclosure of personal information. We may disclose your personal information to the categories of service providers and third parties identified in the Disclosure of Information section of this Privacy Policy, and in ways that are described in that section.
Connecticut Residents. Connecticut requires consumers to opt-in to process sensitive personal information; we will seek your consent before we collect or process any such information. Please see the Calm Health Consumer Health Privacy Policy for more information regarding the collection, use, and disclosure of health and other sensitive personal information.
Your privacy rights. We generally provide the privacy rights described in the Privacy Rights section above to you regardless of your location. Your state may afford you additional privacy rights as noted below. To exercise your right, see the contact information in the Exercising Your Rights section above or follow the instructions below for specific state rights. We will respond to your verifiable request within the time limit afforded under applicable law. Exceptions may still apply as described in the Exercising Your Rights section above.
Residents of Colorado, Connecticut, Virginia, and Utah have the right to opt out of targeted advertising and sales. If you are a resident of these states, to opt out, you can visit calmhealth.com/optout to disable ad trackers on our website and can adjust your mobile device settings to limit ad tracking via the mobile app.
For users in Colorado, Connecticut, and Virginia, you may opt out of profiling in furtherance of decisions that produce legal or similarly significant effects. While you may still make this request, Calm Health does not currently use profiling in this manner.
Nevada provides its residents a limited right to opt out of the sale of personal information. We “share” and “sell” identifiers and electronic network activity with our advertising partners (including social media platforms) so our advertising partners can show ads that are targeted to your interests on other platforms; we will only “sell” or “share” your sensitive personal information with your consent. To opt out, you can visit calmhealth.com/optout to disable ad trackers on our website and can adjust your mobile device settings to limit ad tracking via the mobile app.
Colorado, Connecticut, and Nevada residents also have a right to withdraw or revoke their consent related to their consumer health data where we rely upon consent to collect, use, or disclose your consumer health data.
Users in Colorado and Connecticut have the right to designate an agent to exercise your rights on your behalf.
Residents in Connecticut also have the right to designate another person to serve as your authorized agent to act on your behalf and opt-out of processing for targeted advertising, the sale of your data, and profiling as listed above.
If you have any questions about this Privacy Policy, please contact Calm Health by email at support@calmhealth.com.
