Calm may share a hashed or converted version of your email address or phone number with advertising partners so they can target you with Calm ads on other websites and apps.
This analysis describes what Calm's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This practice means your contact information, which you provided to Calm for account purposes, may be used to track and target you with ads outside of Calm's own services.
Your email address or phone number may be converted into an advertising identifier and shared with third-party platforms, enabling cross-platform ad targeting based on your Calm account identity.
How other platforms handle this
We use the information we have to deliver our Products, including to personalize features and content (including your For You feed, Stories, and ads) and make suggestions for you (such as groups or events you may be interested in or topics you may want to follow) on and off our Products.
Mistral AI is authorized to process the Personal Data as Controller for the purposes of: Automated moderation, including abuse monitoring on our APIs (except, in this last case, when zero data retention has been activated), to enforce the Agreement.
Egnyte is a data controller with respect to personal data it collects from visitors to its website and through its marketing activities. Egnyte acts as a data processor with respect to the content and data that customers store within the Egnyte platform. In that capacity, Egnyte processes data on be...
Monitoring
Calm has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"Some of our advertising partners enable us to convert your email address or phone number into an identifier to show ads that are more relevant to you on other platforms.— Excerpt from Calm's Calm Privacy Policy
(1) REGULATORY LANDSCAPE: This practice implicates GDPR Article 6 (lawful basis) and Article 5 (purpose limitation), as using contact data provided for account creation to enable cross-platform ad targeting may not align with user expectations or the original collection purpose. Under CPRA, this activity may constitute 'sharing' personal information for cross-context behavioral advertising, triggering opt-out obligations. The FTC's enforcement posture on unfair or deceptive data practices is also relevant. Relevant enforcement authorities include data protection supervisory authorities in EU/EEA member states, the UK ICO, the California Privacy Protection Agency, and the FTC. (2) GOVERNANCE EXPOSURE: Medium-High. The conversion of contact identifiers for cross-platform targeting is a disclosed practice but one that engages purpose limitation principles under GDPR. The policy relies on legitimate interests as a legal basis for advertising personalization, which may face challenge under GDPR's balancing test, particularly given the sensitive lifestyle context of Calm's services. Under CPRA, this is likely classified as 'sharing' for cross-context behavioral advertising, requiring an opt-out mechanism, which the policy does provide. (3) JURISDICTION FLAGS: EU/EEA and UK users face the highest exposure; legitimate interest as a basis for this processing may require a documented balancing test. California residents are entitled to opt out of this 'sharing' practice. The Global Privacy Control signal must be honored for California users under CPRA. (4) CONTRACT AND VENDOR IMPLICATIONS: Advertising partners receiving hashed identifiers should be assessed under data processing agreements or controller-to-controller agreements as appropriate. Procurement teams should verify that partner agreements reflect the disclosed purposes and include appropriate restrictions on onward data use. (5) COMPLIANCE CONSIDERATIONS: Compliance teams should verify that the opt-out mechanism at calm.com/optout and the Cookie Preferences Manager effectively prevent email or phone identifier sharing with advertising partners when activated. Consent mechanisms for EU/UK users should be evaluated to confirm whether consent (rather than legitimate interest) is obtained for this specific processing activity.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
We read the privacy policies and terms of service of 38 AI platforms. Here is what they say about training, retention, arbitration, and liability.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This practice means your contact information, which you provided to Calm for account purposes, may be used to track and target you with ads outside of Calm's own services.
Your email address or phone number may be converted into an advertising identifier and shared with third-party platforms, enabling cross-platform ad targeting based on your Calm account identity.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Calm.