Calm may share a hashed or converted version of your email address or phone number with advertising partners so they can target you with Calm ads on other websites and apps.
This analysis describes what Calm's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This practice means your contact information, which you provided to Calm for account purposes, may be used to track and target you with ads outside of Calm's own services.
Your email address or phone number may be converted into an advertising identifier and shared with third-party platforms, enabling cross-platform ad targeting based on your Calm account identity.
How other platforms handle this
We are part of the Match Group family of businesses. Match Group considers the safety and security of members a top priority. If you were banned from another Match Group service, your data can be shared with us to allow us to take necessary actions, including closing your account or preventing you f...
We may share your personal information with our affiliates, meaning entities that control, are controlled by, or are under common control with Consensys. We also share information with service providers who assist in operating our services, subject to confidentiality obligations.
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
Monitoring
Calm has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"Some of our advertising partners enable us to convert your email address or phone number into an identifier to show ads that are more relevant to you on other platforms.— Excerpt from Calm's Calm Privacy Policy
(1) REGULATORY LANDSCAPE: This practice implicates GDPR Article 6 (lawful basis) and Article 5 (purpose limitation), as using contact data provided for account creation to enable cross-platform ad targeting may not align with user expectations or the original collection purpose. Under CPRA, this activity may constitute 'sharing' personal information for cross-context behavioral advertising, triggering opt-out obligations. The FTC's enforcement posture on unfair or deceptive data practices is also relevant. Relevant enforcement authorities include data protection supervisory authorities in EU/EEA member states, the UK ICO, the California Privacy Protection Agency, and the FTC. (2) GOVERNANCE EXPOSURE: Medium-High. The conversion of contact identifiers for cross-platform targeting is a disclosed practice but one that engages purpose limitation principles under GDPR. The policy relies on legitimate interests as a legal basis for advertising personalization, which may face challenge under GDPR's balancing test, particularly given the sensitive lifestyle context of Calm's services. Under CPRA, this is likely classified as 'sharing' for cross-context behavioral advertising, requiring an opt-out mechanism, which the policy does provide. (3) JURISDICTION FLAGS: EU/EEA and UK users face the highest exposure; legitimate interest as a basis for this processing may require a documented balancing test. California residents are entitled to opt out of this 'sharing' practice. The Global Privacy Control signal must be honored for California users under CPRA. (4) CONTRACT AND VENDOR IMPLICATIONS: Advertising partners receiving hashed identifiers should be assessed under data processing agreements or controller-to-controller agreements as appropriate. Procurement teams should verify that partner agreements reflect the disclosed purposes and include appropriate restrictions on onward data use. (5) COMPLIANCE CONSIDERATIONS: Compliance teams should verify that the opt-out mechanism at calm.com/optout and the Cookie Preferences Manager effectively prevent email or phone identifier sharing with advertising partners when activated. Consent mechanisms for EU/UK users should be evaluated to confirm whether consent (rather than legitimate interest) is obtained for this specific processing activity.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
ConductAtlas detected a major restructuring of Meta’s privacy policy that removed detailed consumer rights disclosures and relocated them to separate documents.
Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do right now.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This practice means your contact information, which you provided to Calm for account purposes, may be used to track and target you with ads outside of Calm's own services.
Your email address or phone number may be converted into an advertising identifier and shared with third-party platforms, enabling cross-platform ad targeting based on your Calm account identity.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Calm.